Keymate Privacy Policy
Nemo Studio (Representative: Wangjun Cha; Business Reg. No. 482-06-03410; Mail-Order Sales Reg. No. 2025-Changwon Seongsan-0574; Address: 774 Wonidae-ro, Seongsan-gu, Changwon-si, Gyeongsangnam-do, Republic of Korea; "the Company") values your privacy and adopts and publishes this Privacy Policy to comply with the Korean Personal Information Protection Act ("PIPA") and other applicable laws.
1. Personal data collected and methods of collection
The Company collects only the minimum information needed to provide the service.
| Category | Items collected | When and how collected |
|---|---|---|
| Auto-generated identifier | Firebase anonymous-auth UID | Generated automatically on first app launch |
| Service usage logs | App launch events, screen-view events, app version, platform (OS), device language, user agent | Collected automatically during app use (Firebase Analytics) |
| Inquiry information | Email address, inquiry body, app version, platform, paired device name, desktop computer name, last 4 digits of license key (if applicable) | Entered by the user via the in-app inquiry form |
| Payment information | Email address, billing country/region, payment method type, amount and currency, order number, payment status, issued license key | Entered by the user on the payment processor's (Polar Software Inc.) checkout page. Detailed payment-method information (e.g., card numbers) is collected and stored by the payment processor; the Company does not retain it. |
| Website and auto-update access logs | IP address, user agent, request path, timestamp, response code, desktop app version (on auto-update checks) | Recorded automatically by infrastructure (Cloudflare) when the landing site (keymate.nemostudio.net) or auto-update endpoint is accessed |
Apart from the above, the Company does not collect any sensitive information under Article 23 of PIPA or any unique identifiers (e.g., resident registration numbers) under Article 24.
Information stored only on local devices and not transmitted externally
The following information is processed only on your phone or PC, or between paired devices on the same Wi-Fi network, and is never transmitted to the Company's servers or any third party.
- Pairing info: PIN, public key, paired device name, host address, port (stored in the phone's secure storage)
- Button and layout settings (stored locally on the PC)
- Button inputs and action-trigger messages (exchanged only between paired devices over LAN)
2. Purposes of collection and use
- Anonymous UID: user identification and abuse prevention
- Service usage logs: statistical analysis for product improvement and error tracking
- Inquiry information: receiving, processing and responding to inquiries; service-quality improvement
- Payment information: processing paid license payments, issuing and delivering license keys, refunds and receipts, abuse prevention
- Access logs: stable service operation, providing auto-updates, prevention of abuse and attacks
3. Retention and use periods
- Anonymous UID: until the app is deleted or use is discontinued
- Service usage logs (Firebase Analytics): 14 months from collection (Google Analytics default retention)
- Inquiry information: 3 years after the inquiry is resolved
- Access logs: 3 months from collection (Communications Privacy Act, Article 15-2)
- Payment information (order numbers, payment records, etc.): periods required by the Korean Act on the Consumer Protection in Electronic Commerce — records of contracts or withdrawal of offer: 5 years; records of payment and supply of goods: 5 years; records of consumer complaints or dispute resolution: 3 years
Where retention is required by applicable laws, data will be kept for the period prescribed by those laws.
4. Provision of personal data to third parties
The Company does not provide your personal data to third parties, except in the following cases:
- When the user has consented in advance
- When required by law, or when an investigative authority requests data following the procedures prescribed by law for investigative purposes
5. Entrustment of personal-data processing
To provide the service smoothly, the Company entrusts processing of personal data as follows:
| Processor | Entrusted work | Retention period |
|---|---|---|
| Google LLC (Firebase) | Authentication, cloud functions, database, and usage analytics infrastructure | Until termination of the processor agreement or end of service use |
| Polar Software Inc. | Paid-license payment processing (collection and verification of payment-method information), receipts, refunds, and sales-tax handling as Merchant of Record | Until the retention period required by applicable laws (Commercial Act, E-Commerce Act, etc.) |
| Cloudflare, Inc. | Hosting of the landing page, download files and auto-update endpoint (CDN, R2, Pages, Functions); security and access-log processing | Until termination of the processor agreement |
6. Cross-border transfer of personal data
Pursuant to Article 28-8(1)(3) of PIPA, the Company transfers personal data overseas to the extent necessary for the conclusion and performance of contracts with data subjects, as follows:
| Recipient | Country / time / method | Items transferred | Purpose of transfer | Retention period |
|---|---|---|---|---|
| Google LLC ([email protected]) | United States / at time of service use / transmission via information network | Anonymous UID, app usage events, app version, platform info, inquiry contents | Authentication, usage statistics, inquiry handling | Until termination of the processor agreement |
| Polar Software Inc. ([email protected]) | United States / at time of payment / transmission via information network | Email address, billing country/region, payment-method information, amount and currency, order number | Paid-license payment processing, receipts, refunds | Until the retention period required by applicable laws |
| Cloudflare, Inc. ([email protected]) | United States (global edge network) / at time of service use, download, or auto-update request / transmission via information network | IP address, user agent, request path, timestamp, response code | Landing-page, download, and auto-update infrastructure; security threat blocking; traffic analysis | Until termination of the processor agreement |
These overseas transfers are essential to providing the service (in particular auto-updates, payments and analytics). If you do not agree to the transfers, you may be unable to use some or all of the relevant service.
7. Rights and duties of data subjects, and how to exercise them
You may exercise the following rights at any time:
- Access, correction, deletion or suspension of processing of your personal data
- Withdrawal of consent to personal-data processing
You may exercise these rights in writing, by email or otherwise via the contact details below, and the Company will respond without undue delay.
Residents of the EU/EEA may also lodge a complaint with their local data protection authority.
8. Procedure and method of destroying personal data
- Procedure: destroyed immediately after the retention period expires or the purpose of processing is fulfilled
- Method: data in electronic form is permanently deleted in a manner that prevents recovery or reproduction
9. Measures to ensure security of personal data
- Transport encryption: TLS (HTTPS) for external communications; public-key authentication for LAN pairing
- Access control: Firestore security rules block direct client access
- Adherence to the principle of minimum data collection
10. Use of and opt-out from automated collection devices (e.g., cookies)
The app does not use web cookies. Event logging via Firebase Analytics can be opted out of by enabling the operating system's limit-ad-tracking setting or by uninstalling the app.
11. Personal data of children under 14
The Company does not collect personal data from children under 14. Use of this service by children under 14 is not recommended.
12. Data Protection Officer and contact
- Data Protection Officer: Wangjun Cha (Representative)
- Email: [email protected]
If you need to report a personal-information violation or seek advice, you may contact the following Korean authorities:
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
- Cyber Investigation Division, Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
- Cyber Bureau, Korean National Police: 182 (ecrm.cyber.go.kr)
13. Changes to this Privacy Policy
This Policy takes effect from the effective date above. When changes are made under applicable laws or policy, the Company will notify users via the app or this page at least 7 days before the changes take effect.
The Korean version of this document is the legally binding original. In case of any discrepancy between this translation and the Korean version, the Korean version shall prevail.