Logo

Privacy Policy


Privacy Policy


Article 1 (Purpose of Processing Personal Information)



The Company processes personal information for the following purposes. Personal information being processed shall not be used for purposes other than those stated below, and if the purpose of use is changed, the Company shall take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.


Membership Registration and Management

Personal information is processed for purposes such as confirming intent to register, identifying and authenticating users for membership-based services, maintaining and managing membership status, preventing fraudulent use of the Service, delivering notices and notifications, and handling user complaints.

Provision of Paid Services and Payment/Settlement

Personal information is processed for purposes such as providing quantum resources and development environments, processing payments for subscription plans and recharge-type Credit products, verifying identity for financial transactions, preventing payment fraud, and billing and settlement.

Service Usage Analysis and Technical Improvement

Personal information is processed for purposes such as efficient allocation of quantum computing resources, service stabilization, correction of algorithm execution errors, analysis of service usage records, and performance improvement and optimization of the platform.

Marketing and Advertising (Upon Optional Consent)

Personal information is processed for purposes such as developing new services (products), providing customized services, and delivering event and promotional information and participation opportunities.



Article 2 (Retention and Use Period of Personal Information)



① The Company processes and retains personal information within the period prescribed by applicable laws or the period agreed upon by the data subject at the time of collection.


② The retention and use periods for each category of personal information are as follows:


Membership Registration and Management: Until withdrawal from the Service


The Company does not operate a dormant account system and retains personal information until the Member withdraws.

If investigations or inquiries are ongoing due to violations of applicable laws, the information shall be retained until such investigations are completed.

If any rights or obligations arising from service use remain, the information shall be retained until settlement is completed.


Prevention of Fraudulent Use and Duplicate Free Benefit Claims: Six (6) months after withdrawal


To prevent abuse such as duplicate receipt of free Credits (Trial Credits) using the same email address, email identification information of withdrawn Members is retained for six (6) months.


Statistical Data for Service Improvement and Technical Research: Until the purpose is achieved


Work products created by Members (e.g., code, execution results) and service usage records may be anonymized so that individuals cannot be identified and retained and used for performance improvement, algorithm research, and statistical analysis.

Anonymized information may be retained regardless of the retention period specified in Item 1 of this Article.


Customer Support and Inquiry Records: Three (3) years


Records related to consumer complaints or dispute resolution are retained for three (3) years in accordance with the Act on Consumer Protection in Electronic Commerce, Etc.


Retention Required by Applicable Laws:


Records of contracts or withdrawal of subscription: Five (5) years (Act on Consumer Protection in Electronic Commerce, Etc.)

Records of payment and supply of goods or services: Five (5) years (Act on Consumer Protection in Electronic Commerce, Etc.)

Records of display and advertising: Six (6) months (Act on Consumer Protection in Electronic Commerce, Etc.)

Website access records (log data): Three (3) months (Protection of Communications Secrets Act)




Article 3 (Items of Personal Information Processed)



The Company processes the following categories of personal information:


Membership Registration and Management (Required)


Items collected: Email address (ID), password, last name, first name


Customer Support and Inquiry Handling


Items collected: Last name, first name, email address, inquiry details

(Used to provide accurate responses and verify identity during consultations)


Paid Service Payment and Usage Process


Payments are processed through PortOne Co., Ltd. and Toss Payments Co., Ltd., and the following information may be generated during the payment process:

Items collected: Payment method verification information, approval number, partial card number, billing key (for recurring payments), etc.

The Company does not directly collect or store sensitive payment information such as full credit card numbers.


Automatically Collected Information During Internet Service Use


Items collected: Service usage records, access logs, visit history, algorithm execution logs, and error logs


Marketing and Advertising (Optional Consent)


Items collected: Email address, last name, first name




Article 4 (Provision of Personal Information to Third Parties)



① The Company processes personal information only within the scope stated in Article 1 and provides personal information to third parties only with user consent or where permitted under Articles 17 and 18 of the Personal Information Protection Act.


② The Company does not currently provide users’ personal information to external third parties.


③ If third-party provision becomes necessary in the future to improve service convenience or quality, the Company will notify users in advance of the recipient, purpose, items provided, and retention period, and will obtain separate consent prior to provision.




Article 5 (Outsourcing of Personal Information Processing)



① The Company outsources certain personal information processing tasks as follows:


PortOne Co., Ltd.


Outsourced tasks: Payment-related processing

Retention period: Until Member withdrawal or termination of the outsourcing agreement


Toss Payments Co., Ltd.


Outsourced tasks: Credit card payment processing, issuance and management of recurring payment billing keys, prevention of payment fraud

Retention period: Until Member withdrawal or termination of the outsourcing agreement


Amazon Web Services, Inc. (AWS)


Outsourced tasks: Delivery of service notices and marketing emails (AWS SES)

Retention period: Until Member withdrawal or termination of the outsourcing agreement


② The Company independently builds and operates its core databases (including user account information), authentication systems (Keycloak), and infrastructure management solutions on its own controlled servers, and does not provide or outsource personal information processing to external cloud solution providers for these systems.


③ In entering into outsourcing agreements, the Company specifies matters such as prohibition of processing personal information beyond the outsourcing purpose, technical and administrative safeguards, supervision of contractors, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises contractors to ensure secure processing.


④ Any changes to outsourced tasks or contractors will be promptly disclosed through this Privacy Policy.



Article 6 (Procedures and Methods for Destruction of Personal Information)



① The Company shall destroy personal information without delay once the retention period expires or the processing purpose has been fulfilled.


② If personal information must be retained in accordance with applicable laws or internal policies despite expiration of the retention period or fulfillment of the purpose, such information shall be transferred to a separate database or stored in a different location.


③ Destruction procedures and methods are as follows:


Procedure: The Company selects personal information subject to destruction and destroys it upon approval by the Chief Privacy Officer.

Method: Electronic files are deleted using technical methods that prevent restoration, and paper documents are shredded or incinerated.



Article 7 (Rights and Obligations of Users and How to Exercise Them)



① Users may exercise their rights to access, correct, delete, or suspend processing of their personal information at any time.


② The Company restricts membership registration by children under the age of 14. If such a child is found to have used the Service or registered using another person’s personal information, the Company may suspend or delete the account.


③ Users may exercise their rights by submitting a written request or by email, and the Company shall take action without delay.


④ If a user requests correction or deletion of personal information, the Company shall not use or provide such information until correction or deletion is completed.


⑤ Rights may be exercised through a legal representative or an authorized agent, in which case a power of attorney in the prescribed form must be submitted.


⑥ Users shall not infringe upon their own or others’ personal information or privacy in violation of applicable laws.


⑦ Requests for access or suspension of processing may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act, and deletion may not be requested where retention is required by other laws.



Article 8 (Installation and Operation of Automatic Data Collection Devices)



① The Company uses cookies to store and retrieve user information in order to provide customized services.


② Cookies are small pieces of information sent by a web server and stored on users’ devices.


Purpose of Cookies: To analyze visit and usage patterns, verify secure connections, and provide optimized information and enhanced security

Cookie Management: Users may refuse cookie storage through browser settings. However, refusal may limit access to login-required services.



③ The Company uses authentication tokens and session technologies to maintain login status and verify access rights.


Operation and Deletion: Authentication data is invalidated and destroyed upon logout or browser closure.

Security: Sensitive information is processed in encrypted token form or stored in server-side sessions to minimize leakage risk.




Article 9 (Measures to Ensure the Security of Personal Information)



The Company implements the following measures to protect personal information from loss, theft, leakage, alteration, or damage:


Technical Measures


Authentication and encryption using Keycloak with one-way encrypted password storage

Firewall and system security monitoring

Regular data backups and antivirus protection


Administrative Measures


Independent infrastructure operation on Company-controlled on-premises servers

Minimum personnel access and regular security training


Physical Measures


Access control to the Company’s data center facilities



Article 10 (Chief Privacy Officer)


The Company designates the following person as the Chief Privacy Officer:


Name: Eunseong Kim

Department: Quantum Technology Research Institute

Position: Director

Contact: QuREKA@sdt.inc



Article 11 (Amendment of the Privacy Policy)



① This Privacy Policy shall take effect from its effective date.

② Any additions, deletions, or modifications shall be announced at least seven (7) days in advance through notices.

③ In the event of material changes affecting user rights, notice shall be given at least thirty (30) days in advance, and renewed consent may be obtained if necessary.