Privacy Policy

1. Information we collect

a. Account & sign-in

• Required: email address, password (stored as a one-way bcrypt hash), organization name
• Optional: name
• For Google sign-in: email, name, and Google account identifier

b. Automatically collected during service use

• Access IP, user agent, OS, timestamps, service usage logs
• Error event data forwarded by the segi SDK from the customer's application: error message, stack trace, URL, user agent, environment / release, breadcrumbs, request context
• End-user identifiers when the customer explicitly attaches one

c. Collection methods

• Sign-up form, Google OAuth sign-in flow
• The segi SDK (browser / Node.js) integrated by the customer
• Email verification (6-digit code or link click)

2. Purposes of collection & use

• Identifying members and authenticating sign-in; account management
• Providing the segi service (error monitoring, health checks, PM2 monitoring) and sending notifications
• Customer support and operational announcements
• Fraud prevention and security incident response
• Compliance with statutory obligations

3. Retention

Personal information is destroyed without delay once the purpose of collection is fulfilled. Specific retention periods:

4. Destruction procedure & method

• Procedure: at the end of the retention period, data is moved to a separate database for review and then permanently destroyed.
• Method: electronic files are deleted using a method that prevents recovery; printed materials are shredded or incinerated.

5. Disclosure to third parties

The Company does not disclose personal information to third parties without the data subject's consent, except as required by law or by a duly authorized investigative authority following statutory procedure.

6. Subprocessors

Subprocessor agreements obligate each provider to handle personal information securely under PIPA Article 26.

7. Data subject rights

You may at any time:

• Request access to your personal information
• Request correction or deletion of inaccurate data
• Withdraw consent or request suspension of processing
• Delete your account and membership

Send requests to agent@extn.ai. Requests on behalf of children under 14 must be made by a legal guardian.

8. Security measures

• Administrative: documented internal policies, periodic staff training
• Technical: bcrypt password hashing, TLS in transit, access controls, intrusion detection, log monitoring
• Physical: servers hosted in audited cloud facilities (AWS)

9. Cookies & similar technologies

The Company may use cookies and similar technologies to maintain authentication state and improve service quality. You may refuse cookie storage via your browser settings; some features may not work as expected if cookies are disabled.

10. Personal Information Protection Officer

• Name: 최원호
• Title: 기술이사
• Email: agent@extn.ai
• Phone: 1844-1668

11. Remedies for infringement

For complaints or remedies regarding privacy infringement, contact:

• Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
• Privacy Infringement Report Center: 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office, Cybercrime Investigation: 1301 (www.spo.go.kr)
• National Police Agency, Cyber Bureau: 182 (ecrm.cyber.go.kr)

12. Changes to this policy

Changes take effect as posted. Material changes will be announced on this page at least 7 days before they take effect.

Last updated: 2026-05-08

Company

• Extension Co., Ltd (주식회사 익스텐션)
• Representative: An Steve Sunggeol
• Address: 8F AK-Valley, Seoul Forest Startup Center, 99 Seongsuil-ro, Seongdong-gu, Seoul, South Korea
• Business registration number: 390-88-03719
• Email: agent@extn.ai