Privacy Policy

Article 1 (Personal Information Collected)

We collect the following information to provide our services:

• Required: Email address, social login identifier (Clerk integration)
• Auto-collected: IP address, device information (User-Agent), access timestamp
• Upload data: Source files uploaded by Makers (encrypted storage)
• Payment information: Payment processing is handled by third-party PGs; we do not store card numbers

Article 2 (Purpose of Collection)

• Account registration and identity verification
• Provision of xagt file creation, storage, and distribution services
• Transaction processing and settlements
• Intellectual property protection via download watermarking
• Service improvement and statistical analysis

Article 3 (Retention Period)

• Member information: up to 30 days after account deletion (up to 5 years as required by law)
• Transaction records: 5 years under e-commerce law
• Access logs: 3 months under communications privacy law

Article 4 (Third-Party Disclosure)

We do not share personal information with third parties without consent, except in the following cases:

• Clerk (authentication service): email, social login information
• Cloudflare (storage): uploaded files (encrypted)
• Upon request by law enforcement agencies as required by law

Article 5 (User Rights)

Users may request access, correction, deletion, or suspension of processing of their personal data at any time. Contact: [email protected]

Article 6 (International Data Transfers)

XGenTra Inc. is incorporated in the Republic of Korea but serves users globally. Personal data may be transferred to and processed in other countries, including the United States (Cloudflare R2, Clerk). These transfers are conducted under appropriate safeguards including standard contractual clauses where required by applicable law.

Article 7 (Cookies and Tracking Technologies)

We use the following types of cookies and similar technologies:

• Essential cookies: required for authentication and session management (Clerk)
• Analytics cookies: anonymized usage data to improve the Service (opt-out available)
• Preference cookies: store language and display preferences
• We do not use advertising or cross-site tracking cookies. You may disable non-essential cookies via your browser settings without affecting core functionality.

Article 8 (Data Security)

We implement industry-standard security measures including TLS/HTTPS encryption for all data in transit, AES-256 encryption for files stored on Cloudflare R2, and access controls limiting data access to authorized personnel. In the event of a data breach affecting your rights, we will notify you and relevant authorities within 72 hours as required by applicable law.

Article 9 (Children's Privacy)

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided personal information, we will delete such data immediately. Please contact [email protected] if you believe a child has submitted information to us.

Article 10 (Marketing Communications)

With your consent, we may send you emails about new features, promotions, and updates. You may unsubscribe at any time via the 'Unsubscribe' link in any marketing email or by contacting [email protected]. Transactional emails (purchase confirmations, security alerts) will continue regardless of marketing preferences.

Article 11 (Your Privacy Rights by Region)

Depending on your location, you may have the following rights:

• EEA / UK (GDPR): right of access, rectification, erasure, restriction, portability, and to object to processing
• California (CCPA/CPRA): right to know, delete, correct, opt-out of sale, and non-discrimination
• Republic of Korea (PIPA): right to access, correction, deletion, suspension of processing, and withdrawal of consent
• To exercise any of these rights, contact [email protected] within 30 days. Identity verification may be required.

Article 12 (Contact and Data Protection Officer)

For privacy-related inquiries or to exercise your rights, contact: [email protected]. Data Protection Officer: [email protected] | XGenTra Inc. Users in the EEA have the right to lodge a complaint with their local supervisory authority.