Common privacy criteria applied to ARC Group's website, products, and partner portal operations.
This English version is provided for convenience. The Korean version prevails in case of any conflict.
ARC Group (the "Company") values User personal data and complies with the Personal Information Protection Act and related laws. This Privacy Policy explains how the Company collects, uses, retains, and disposes of personal data for the website, Product Customer accounts, partner portal, inquiries, consultations, proposals, recruitment, and subscription operations.
The Company may collect the following categories of personal data while providing the Service. • Website inquiry / consultation: name, email, company name, phone, inquiry content, budget, services of interest • Product Customer signup / login: name, email, password, login history, workspace info, subscription status • Partner portal application / login: company name, contact name, email, additional requests, approval history, account permissions • Payment and subscription operations: payment status, subscription product, billing cycle, transaction identifier, payment events • Recruitment and proposals: name, email, phone, resume, portfolio, work history, application content • Automatically collected: IP, browser type, OS, device info, cookies, visit time, page usage logs, error logs
The Company may collect personal data through the following channels. • Website inquiry / consultation / quote / proposal / subscription form submissions • Product Customer signup, login, payment, and subscription management • Partner portal account applications, approvals, logins, and project operations • Email, customer support, contracts, and operational discussions • Logs and access records automatically generated during Service use
Personal data collected is used within the following scopes. • Responding to inquiries, conducting consultations, providing service proposals and quotes • Creating Product Customer accounts, login authentication, workspace connection, subscription state management • Reviewing partner portal applications, issuing accounts, supporting project / document / operational collaboration • Processing payments, recurring subscription operations, billing error checks, refunds and cancellations • Notice delivery, customer support, incident response, security monitoring, and Service stability • Service usage analytics, quality improvement, and operational policy planning • Compliance with laws, dispute response, and rights protection
The Company disposes of personal data without delay when the purpose of collection is achieved. However, certain data may be retained for the following periods. • Inquiry / consultation data: 1 year after handling • Product Customer accounts: retained for a defined period after withdrawal or service termination, per applicable law and internal standards • Partner portal applications / operations: 3 years after account or engagement termination • Payment and subscription data: up to 5 years per the Act on Consumer Protection in Electronic Commerce and related laws • Contracts, disputes, and complaints: 3 years after handling • Access logs and security records: a reasonable period for security and operational purposes
The Company does not, in principle, provide User personal data to outside parties. Exceptions may apply in the following cases. • When the User has given prior consent • When required by law • When linking with external services for payment, authentication, message delivery, or infrastructure operations within the scope necessary to provide the Service Where third-party provision is necessary, the Company reviews the recipient, items, purpose, and retention period under applicable law.
The Company may outsource certain functions to external services for smooth operations. • Payment processing and subscription operations • Cloud infrastructure and data storage • Email delivery and notifications • Security, log analysis, and operational monitoring When outsourcing occurs, the Company manages obligations such as personal data protection, security measures, restrictions on re-outsourcing, and incident response through contracts.
Some infrastructure, payment, email, analytics, or third-party integration services may operate via servers outside Korea. In such cases, the Company reviews transfers to ensure they are limited to what is necessary for the Service and applies the protective measures required by relevant laws.
Users may exercise the following rights over their personal data at any time. • Request to access personal data • Request to correct or delete personal data • Request to suspend processing of personal data • Withdraw consent and request account closure Rights may be exercised via email or through the Company's customer support channels. The Company will review and act without delay under applicable law. Some data subject to legal retention may not be deleted immediately.
The Company may use cookies and similar technologies to operate the Service and improve User convenience. • Maintaining login state • Usage analytics • Security and abnormal access detection • Service quality improvements Users may decline cookie storage in their browser settings, though some features may be limited.
Personal data is disposed of without delay when retention periods expire or processing purposes are achieved. • Electronic files: deleted by technical methods that prevent recovery • Printed material / documents: shredded or incinerated Where separate retention is required by law, data is stored separately for the required period and then disposed of.
The Company applies the following administrative, technical, and physical measures to protect personal data. • Minimum access permissions and account-level access management • Protection of passwords and authentication credentials • Log management and abnormal-activity monitoring • Data access controls and operational environment separation • Security patches, backups, and incident response procedures
The Service is generally provided for business use and adult Users. The Company does not intentionally collect personal data of children for whom separate consent is required by law.
For inquiries, access, correction, deletion requests, or complaints regarding personal data: • Company: ARC Group • Officer: Minsoo Ju • Title: CEO • Email: business@arcgroup.kr
This Privacy Policy may be amended in line with changes in laws, Service structure, or operational policies. We will provide prior or post notice on the website for material changes. • Effective date: April 13, 2026