Keymate Privacy Policy
Nemo Studio (Representative: Wangjun Cha; Business Reg. No. 482-06-03410; Mail-Order Sales Reg. No. 2025-Changwon Seongsan-0574; Address: 774 Wonidae-ro, Seongsan-gu, Changwon-si, Gyeongsangnam-do, Republic of Korea; "the Company") values your privacy and adopts and publishes this Privacy Policy to comply with the Korean Personal Information Protection Act ("PIPA") and other applicable laws.
1. Personal data collected and methods of collection
The Company collects only the minimum information needed to provide the service.
| Category | Items collected | When and how collected |
|---|---|---|
| Auto-generated identifier | Firebase anonymous-auth UID | Generated automatically on first app launch |
| Service usage logs | App launch events, screen-view events, app version, platform (OS), device language, user agent | Collected automatically during app use (Firebase Analytics) |
| Inquiry information | Email address, inquiry body, app version, platform, paired device name, desktop computer name | Entered by the user via the in-app inquiry form |
| Payment information | Purchase receipt (transaction ID, product ID, purchase date), subscription status, app-store platform (iOS/Android) | Collected automatically through in-app purchases via the Apple App Store or Google Play Store. Detailed payment-method information (e.g., card numbers) is processed by Apple or Google; the Company does not retain it. |
| Website and auto-update access logs | IP address, user agent, request path, timestamp, response code, desktop app version (on auto-update checks) | Recorded automatically by infrastructure (Cloudflare) when the landing site (keymate.nemostudio.net) or auto-update endpoint is accessed |
| Advertising measurement data | Advertising identifiers (cookie IDs, IDFA/GAID, etc.), IP address, user agent, device information, page-view, app-install, app-launch, purchase and other conversion events | Collected automatically by the Google tag (gtag.js) and the Meta Pixel when the landing site (keymate.nemostudio.net) is visited. Collected automatically by the Meta SDK during mobile-app use (IDFA collected only with ATT consent on iOS) |
Apart from the above, the Company does not collect any sensitive information under Article 23 of PIPA or any unique identifiers (e.g., resident registration numbers) under Article 24.
Information stored only on local devices and not transmitted externally
The following information is processed only on your phone or PC, or between paired devices on the same Wi-Fi network, and is never transmitted to the Company's servers or any third party.
- Pairing info: PIN, public key, paired device name, host address, port (stored in the phone's secure storage)
- Button and layout settings (stored locally on the PC)
- Button inputs and action-trigger messages (exchanged only between paired devices over LAN)
2. Purposes of collection and use
- Anonymous UID: user identification and abuse prevention
- Service usage logs: statistical analysis for product improvement and error tracking
- Inquiry information: receiving, processing and responding to inquiries; service-quality improvement
- Payment information: verifying paid-plan purchases, managing subscription status, refunds and customer support, abuse prevention
- Access logs: stable service operation, providing auto-updates, prevention of abuse and attacks
- Advertising measurement data: measuring ad-campaign effectiveness, app-install tracking, conversion tracking, retargeting
3. Retention and use periods
- Anonymous UID: until the app is deleted or use is discontinued
- Service usage logs (Firebase Analytics): 14 months from collection (Google Analytics default retention)
- Inquiry information: 3 years after the inquiry is resolved
- Access logs: 3 months from collection (Communications Privacy Act, Article 15-2)
- Payment information (order numbers, payment records, etc.): periods required by the Korean Act on the Consumer Protection in Electronic Commerce — records of contracts or withdrawal of offer: 5 years; records of payment and supply of goods: 5 years; records of consumer complaints or dispute resolution: 3 years
- Advertising measurement data (Google Ads cookies, etc.): up to 540 days from collection (Google default retention)
- Advertising measurement data (Meta Pixel and Meta SDK, etc.): up to 180 days from collection (Meta default retention)
Where retention is required by applicable laws, data will be kept for the period prescribed by those laws.
4. Provision of personal data to third parties
The Company does not provide your personal data to third parties, except in the following cases:
- When the user has consented in advance
- When required by law, or when an investigative authority requests data following the procedures prescribed by law for investigative purposes
5. Entrustment of personal-data processing
To provide the service smoothly, the Company entrusts processing of personal data as follows:
| Processor | Entrusted work | Retention period |
|---|---|---|
| Google LLC (Firebase) | Authentication, cloud functions, database, and usage analytics infrastructure | Until termination of the processor agreement or end of service use |
| Apple Inc. | Apple App Store in-app purchase processing (collection and verification of payment-method information), subscription management, refund processing | Until the retention period required by applicable laws |
| Google LLC (Google Play) | Google Play Store in-app purchase processing (collection and verification of payment-method information), subscription management, refund processing | Until the retention period required by applicable laws |
| Cloudflare, Inc. | Hosting of the landing page, download files and auto-update endpoint (CDN, R2, Pages, Functions); security and access-log processing | Until termination of the processor agreement |
| Google LLC (Google Ads) | Measurement of ad-campaign effectiveness, conversion tracking, retargeting | Until termination of the processor agreement |
| Meta Platforms, Inc. (Meta Pixel and Meta SDK) | Measurement of ad-campaign effectiveness, conversion tracking, retargeting (landing page and mobile app) | Until termination of the processor agreement |
6. Cross-border transfer of personal data
Pursuant to Article 28-8(1)(3) of PIPA, the Company transfers personal data overseas to the extent necessary for the conclusion and performance of contracts with data subjects, as follows:
| Recipient | Country / time / method | Items transferred | Purpose of transfer | Retention period |
|---|---|---|---|---|
| Google LLC ([email protected]) | United States / at time of service use / transmission via information network | Anonymous UID, app usage events, app version, platform info, inquiry contents | Authentication, usage statistics, inquiry handling | Until termination of the processor agreement |
| Apple Inc. (https://www.apple.com/legal/privacy/) | United States / at time of in-app purchase / transmission via information network | Purchase receipt (transaction ID, product ID, purchase date), subscription status | In-app purchase processing, subscription management, refund processing | Until the retention period required by applicable laws |
| Google LLC — Google Play (https://policies.google.com/privacy) | United States / at time of in-app purchase / transmission via information network | Purchase receipt (transaction ID, product ID, purchase date), subscription status | In-app purchase processing, subscription management, refund processing | Until the retention period required by applicable laws |
| Cloudflare, Inc. ([email protected]) | United States (global edge network) / at time of service use, download, or auto-update request / transmission via information network | IP address, user agent, request path, timestamp, response code | Landing-page, download, and auto-update infrastructure; security threat blocking; traffic analysis | Until termination of the processor agreement |
| Google LLC — Google Ads (https://policies.google.com/privacy) | United States / at time of landing-page visit / transmission via information network | Advertising identifiers (cookie IDs, etc.), IP address, user agent, device information, page-view and conversion events | Measurement of ad-campaign effectiveness, conversion tracking, retargeting | Up to 540 days from collection |
| Meta Platforms, Inc. — Meta Pixel and Meta SDK (https://www.facebook.com/privacy/policy) | United States / at time of landing-page visit and mobile-app use / transmission via information network | Advertising identifiers (cookie IDs, IDFA/GAID, etc.), IP address, user agent, device information, page-view, app-install, app-launch, purchase and other conversion events | Measurement of ad-campaign effectiveness, app-install tracking, conversion tracking, retargeting | Up to 180 days from collection |
These overseas transfers are essential to providing the service (in particular auto-updates, payments, analytics and ad measurement). If you do not agree to the transfers, you may be unable to use some or all of the relevant service.
7. Rights and duties of data subjects, and how to exercise them
You may exercise the following rights at any time:
- Access, correction, deletion or suspension of processing of your personal data
- Withdrawal of consent to personal-data processing
You may exercise these rights in writing, by email or otherwise via the contact details below, and the Company will respond without undue delay.
Residents of the EU/EEA may also lodge a complaint with their local data protection authority.
8. Procedure and method of destroying personal data
- Procedure: destroyed immediately after the retention period expires or the purpose of processing is fulfilled
- Method: data in electronic form is permanently deleted in a manner that prevents recovery or reproduction
9. Measures to ensure security of personal data
- Transport encryption: TLS (HTTPS) for external communications; public-key authentication for LAN pairing
- Access control: Firestore security rules block direct client access
- Adherence to the principle of minimum data collection
10. Use of and opt-out from automated collection devices (e.g., cookies)
The landing site (keymate.nemostudio.net) uses cookies set by the Google tag (gtag.js) and the Meta Pixel to measure ad-campaign effectiveness. You can refuse advertising cookies via your browser's cookie-blocking settings, Google Ads Settings (https://adssettings.google.com), or Meta ad preferences (https://www.facebook.com/adpreferences/).
The mobile app collects app-install, app-launch, purchase and other events via the Meta SDK. On iOS, the advertising identifier (IDFA) is collected only after the user grants App Tracking Transparency (ATT) consent. You can opt out of this tracking via your device's limit-ad-tracking setting.
Event logging via Firebase Analytics can be opted out of by enabling the operating system's limit-ad-tracking setting or by uninstalling the app.
11. Personal data of children under 14
The Company does not collect personal data from children under 14. Use of this service by children under 14 is not recommended.
12. Data Protection Officer and contact
- Data Protection Officer: Wangjun Cha (Representative)
- Email: [email protected]
If you need to report a personal-information violation or seek advice, you may contact the following Korean authorities:
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
- Cyber Investigation Division, Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
- Cyber Bureau, Korean National Police: 182 (ecrm.cyber.go.kr)
13. Changes to this Privacy Policy
This Policy takes effect from the effective date above. When changes are made under applicable laws or policy, the Company will notify users via the app or this page at least 7 days before the changes take effect.
The Korean version of this document is the legally binding original. In case of any discrepancy between this translation and the Korean version, the Korean version shall prevail.