Privacy Policy 개인정보 처리방침

This Privacy Policy ("Policy") describes how ABITRA Inc. ("ABITRA," "we," "us," or "our"), a United States corporation, collects, uses, discloses, and protects your personal information when you use the OneJikgu (원직구) service, including the website located at onejikgu.abitra.co, the OneJikgu mobile application for Android and iOS, and all related services (collectively, the "Service").

OneJikgu is a cross-border shopping agent platform designed for South Korean consumers. We act as a purchase agent, shipping agent, and intermediary to facilitate cross-border shopping from international e-commerce retailers. Our Service includes real-time translation, customs duty and shipping cost calculation, payment processing, and logistics coordination.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Policy. If you do not agree with this Policy, please do not use the Service.

This Policy applies to all users of the Service, regardless of location, and is designed to comply with applicable laws including but not limited to the Republic of Korea's Personal Information Protection Act (개인정보보호법, "PIPA") and applicable United States federal and state privacy laws.

Effective Date: February 4, 2026 | 시행일: 2026년 2월 4일

The data controller responsible for your personal information is:

ABITRA Inc. is responsible for determining the purposes and means of processing your personal information in connection with the Service. For any inquiries or requests regarding your personal information, please contact us using the details above.

We use the personal information we collect for the following purposes:

We process your personal information on the following legal bases, in accordance with the Korean Personal Information Protection Act (개인정보보호법, PIPA) and applicable United States law:

• Performance of a Contract (계약의 이행): Processing is necessary to fulfill our contractual obligations to you, including processing orders, coordinating shipments, facilitating customs clearance, and providing customer support in connection with the Service.
• Consent (동의): Where required by applicable law, we process your personal information based on your freely given, specific, informed, and unambiguous consent. This includes processing for marketing communications and certain uses of cookies and tracking technologies. Under PIPA, we obtain your consent for the collection, use, and provision of personal information to third parties as required. You may withdraw your consent at any time.
• Legal Obligations (법적 의무): Processing is necessary to comply with legal obligations to which ABITRA is subject, including Korean customs regulations, tax reporting requirements, consumer protection laws, and other applicable regulatory requirements.
• Legitimate Interests (정당한 이익): Processing is necessary for our legitimate interests, provided that such interests are not overridden by your rights and freedoms. Our legitimate interests include fraud prevention, Service security, improving our Service, and conducting business analytics. We carefully balance our interests against your rights in accordance with applicable law.

We do not sell your personal information to third parties. We may share your personal information with the following categories of recipients only as necessary to provide the Service and as described in this Policy:

As a cross-border shopping service operated by a United States corporation serving South Korean consumers, your personal information is necessarily transferred between the United States and the Republic of Korea, as well as to other countries where our service providers operate.

In accordance with Article 28-8 of the Korean Personal Information Protection Act (PIPA), we inform you of the following regarding cross-border transfers of personal information:

We implement appropriate safeguards to protect your personal information during international transfers, including encryption of data in transit using TLS/SSL protocols, contractual data protection obligations with our service providers, and access controls to limit data access to authorized personnel only.

Our third-party service providers (including Stripe, Supabase, and Google) may process your data in various jurisdictions. Each provider maintains their own data protection practices in compliance with applicable laws.

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by applicable law. The specific retention periods are as follows:

Upon expiration of the applicable retention period, or upon your valid request for deletion (subject to legal retention requirements), we will securely destroy or anonymize your personal information in accordance with our data destruction procedures. Electronic data will be permanently deleted using technical methods that render the information unrecoverable. Physical records, if any, will be shredded or incinerated.

Where certain data must be retained to comply with legal obligations (such as tax records or customs documentation), we will isolate such data and restrict processing to the minimum necessary for compliance purposes only, even if you have requested account deletion.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security) / SSL (Secure Sockets Layer) protocols.
• Encryption at Rest: Personal information stored in our databases is encrypted at rest using industry-standard encryption algorithms.
• Secure Payment Processing: Payment information is processed by Stripe, which is certified as a PCI DSS Level 1 service provider, the highest level of payment security certification.
• Access Controls: Access to personal information is restricted to authorized personnel who require access for legitimate business purposes. We implement role-based access controls and multi-factor authentication for administrative access.
• Authentication Security: User authentication is managed through Supabase with support for Google and Apple OAuth, reducing the risk associated with password management.
• Regular Security Reviews: We conduct periodic security assessments and reviews of our systems, processes, and third-party service providers to identify and address potential vulnerabilities.
• Incident Response: We maintain incident response procedures to promptly detect, respond to, and mitigate security incidents. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities in accordance with applicable law, including notification to the Korean Personal Information Protection Commission (PIPC) as required by PIPA.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining commercially reasonable safeguards appropriate to the sensitivity of the information.

We use cookies and similar tracking technologies to operate and improve the Service. The types of cookies we use include:

Under the Korean Personal Information Protection Act (PIPA) and applicable United States privacy laws, you have the following rights with respect to your personal information:

• Right of Access (열람권): You have the right to request access to the personal information we hold about you, including the categories of information collected, the purposes of processing, and the third parties to whom your information has been disclosed.
• Right to Correction (정정권): You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. Upon receiving a valid correction request, we will take reasonable steps to verify and update the information.
• Right to Deletion (삭제권): You have the right to request the deletion of your personal information, subject to exceptions for data that we are required or permitted to retain by applicable law (such as transaction records for tax and customs compliance).
• Right to Suspend Processing (처리정지권): You have the right to request that we suspend the processing of your personal information. Upon receiving a valid request, we will cease processing except where retention or processing is required by law.
• Right to Withdraw Consent (동의 철회권): Where processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
• Right to Data Portability (개인정보 이동권): You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another service provider where technically feasible.
• Right to Object (이의제기권): You have the right to object to the processing of your personal information where we process it based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
• Right to Lodge a Complaint (민원 제기권): You have the right to lodge a complaint with the Korean Personal Information Protection Commission (개인정보보호위원회, PIPC) or other relevant supervisory authority if you believe that the processing of your personal information violates applicable law.

To exercise any of these rights, please contact us at support@abitra.co. We will respond to your request within the timeframe prescribed by applicable law (generally within ten (10) days for PIPA-related requests). We may request additional information to verify your identity before processing your request.

You may also exercise your rights through a legally authorized representative. In such cases, we may require a valid power of attorney or other appropriate documentation.

The Service is not directed at, and is not intended for use by, individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18 years of age. Cross-border shopping through our Service requires the legal capacity to enter into contractual agreements, including purchase agreements and payment transactions.

If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete such information from our records. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us at support@abitra.co so that we can take appropriate action.

Our Service utilizes artificial intelligence and automated processing in the following ways:

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other operational reasons. When we make changes to this Policy:

• The updated Policy will be posted on our website at onejikgu.abitra.co/privacy with the revised "Last Updated" date.
• For material changes that significantly affect your rights or how we process your personal information, we will provide at least thirty (30) days' advance notice before the changes take effect.
• Notice of material changes will be provided via email to the address associated with your account and/or through a prominent notice within the Service (such as an in-app notification).
• Where required by applicable law (including PIPA), we will obtain your renewed consent for any material changes to the processing of your personal information.

We encourage you to review this Policy periodically to stay informed about how we protect your personal information. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Policy, to the extent permitted by applicable law.

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

For data protection inquiries specifically, including requests to exercise your rights under Section 11 of this Policy, please direct your correspondence to support@abitra.co with the subject line "Data Protection Inquiry" or "개인정보 보호 문의."

We will make every effort to respond to your inquiries within the timeframes prescribed by applicable law. For requests under the Korean Personal Information Protection Act (PIPA), we will respond within ten (10) days of receiving your request.