BeSir Logo

BeSir Privacy Policy

This Privacy Policy (hereinafter "this Policy") has been established to clearly explain how personal information of users is collected, used, stored, and protected during the use of BeSir Browser, BeSir Studio, and related AI services (hereinafter "the Service") provided by Serverkit Inc. (hereinafter "the Company"). The Company complies with relevant laws and regulations, including the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Electronic Commerce Act.

Article 1 (Items and Methods of Personal Information Collection)

① Collection Items and Retention Period

CategoryCollected ItemsPurpose of UseRetention Period
Membership RegistrationEmail, password, name, countryMember identification, account management, service provisionUpon membership withdrawal
Payment and RefundPayment method information (card company, authorization number, transaction ID, etc.), billing address, refund account (if necessary)Payment and refund processing, tax invoice issuance5 years (Electronic Commerce Act, Article 6)
Credit RechargePayment method, recharge amount, usage history, balanceCredit recharge and usage history management5 years (Electronic Commerce Act, Article 6)
AI Function UsageInput data, request logs, response results, error logsAI function provision, quality improvement, service stability3 years (for service stability purposes)
Customer SupportEmail, inquiry contentCustomer inquiry response and technical support3 years (Consumer Protection Act)
Automatically Collected ItemsIP, browser type, operating system, access time, cookies, usage recordsSecurity management, fraud prevention, service improvement and statistical analysisLogs: 3 years / Cookies: Automatically deleted upon session termination or within 6 months

② Collection Methods

  • Direct input by users during membership registration, payment, customer center, and other service usage
  • Automatically generated and collected during service usage
  • Collected through external integrations such as payment processors and cloud services
  • When using AI functions, input and processed data is collected only to the minimum extent necessary for request execution and managed in de-identified form.

Article 2 (Purpose of Personal Information Use)

The Company uses collected personal information only for the following purposes:

  1. Member identification, login management, and identity verification
  2. Processing payment-related tasks such as recurring payments, credit recharges, and refunds
  3. Efficiency of service operation and quality improvement and stability enhancement of AI functions
  4. Fraud prevention, account protection, and security enhancement
  5. Customer inquiry response, technical support, and user satisfaction improvement
  6. Fulfillment of legal obligations such as tax and accounting

Article 3 (AI Data Processing and Log Management)

  1. The Company transmits and processes user request data to servers for AI function execution.
  2. Transmitted data is limited to the minimum information necessary for request execution.
  3. The Company may analyze or utilize only de-identified data for service operation and AI function quality improvement.
  4. Such data is processed so that individuals cannot be identified and is not used for purposes other than service quality improvement such as AI model performance enhancement or error improvement.
  5. System logs are retained for up to 3 years for service stability and failure tracking, then destroyed.

Article 4 (Retention and Use Period of Personal Information)

The Company destroys personal information without delay after the purpose of processing has been achieved, except when there is a retention period required by law, user consent, or legitimate reason.

CategoryRetained ItemsRetention PeriodLegal Basis
Payment and Refund RecordsPayment method, transaction ID, amount, authorization number5 yearsElectronic Commerce Act, Article 6
Credit Recharge/Usage HistoryRecharge amount, usage records, balance5 yearsElectronic Commerce Act, Article 6
Customer Support HistoryInquiry content, response records3 yearsConsumer Protection Act
System Log RecordsIP, device information, access time, error details, etc.3 yearsService stability and failure tracking purposes

Personal information is processed within the scope necessary for service operation and may be processed into non-identifiable form during analysis and AI function quality improvement.

Article 5 (Provision of Personal Information to Third Parties)

The Company does not provide users' personal information to third parties in principle. However, it is exceptionally provided in the following cases:

RecipientProvided ItemsPurpose of ProvisionRetention Period
Toss Payments / PortOne / PayPalPayment method, transaction ID, amountPayment approval and refund5 years
Tax and Accounting AgenciesTransaction records, billing informationTax reporting and accounting audits5 years
Investigative Agencies/CourtsRequested informationProvision upon request under lawPeriod specified by law

Article 6 (Entrustment of Personal Information Processing)

The Company entrusts personal information processing as follows for smooth service provision:

TrusteeEntrusted TasksRetention Period
Google CloudData storage, log management, backupUntil contract termination or membership withdrawal
Cloudflare, Inc.SSL certificate management, DDoS protection, traffic routing, CDN and security proxy servicesUntil contract termination or membership withdrawal
Toss Payments / PortOne / PayPalPayment and refund processing5 years

All trustees are managed and supervised in accordance with Article 26 of the Personal Information Protection Act, and personal information protection obligations are clearly stipulated in entrustment contracts.

Article 7 (Overseas Transfer of Personal Information)

The Company provides global services based on cloud infrastructure, and personal information may be transferred overseas as follows:

① Google Cloud

ItemContent
Transfer CountryUnited States (Google Cloud Data Center)
Transfer PurposeGlobal server operation, backup and log management
Transfer ItemsAccount information, payment records, log data
Transfer MethodEncrypted transmission (TLS 1.3 or higher) and IAM access control
ContactGoogle Korea LLC Personal Information Inquiry (googlekrsupport@google.com)
Retention PeriodImmediately deleted upon membership withdrawal or contract termination

② Cloudflare, Inc.

ItemContent
Transfer CountryUnited States (Cloudflare Data Center)
Transfer PurposeSSL certificate management, DDoS protection, traffic routing and CDN security services
Transfer ItemsAccess IP, browser information, request URL, cookies, etc.
Transfer MethodEncrypted transmission (TLS 1.3 or higher) and access control policy applied
ContactCloudflare Privacy Office (privacyquestions@cloudflare.com / +1-888-993-5273)
Retention PeriodAutomatically deleted upon session termination or log expiration

Article 8 (User Rights)

  1. Users may exercise the following rights regarding their personal information at any time:

    • Request to view or receive a copy of personal information
    • Request to correct or delete personal information
    • Request to suspend processing or withdraw consent for personal information

  2. The Company will take action without delay within 30 days from the date of receiving the user's request in accordance with relevant laws, and if processing is unavoidably delayed, will notify the user of the reason and schedule.

  3. Users may request to exercise their rights in accordance with the procedures prescribed by relevant laws such as the Personal Information Protection Act, and the Company will verify the identity and review the legitimacy of the request before taking necessary action.

Article 9 (Retention and Destruction Procedures for Personal Information)

  1. The Company destroys personal information without delay when the purpose of processing has been achieved or when the user directly requests deletion.
  2. The Company's service is a system-type service that requires continuous server agent operation and data linkage, so the general "dormant account" system does not apply. However, when requested by the user or when the contract is terminated, related accounts and data are deleted without delay.
  3. Information that needs to be retained for a certain period for service operation and fulfillment of legal obligations is retained to the minimum extent until the purpose is achieved and destroyed immediately after the retention period expires.
  4. Personal information in electronic file format is deleted using technical methods that make recovery impossible, and printed materials are physically shredded or incinerated.
  5. The Company records and manages the destruction status and procedures of personal information in an internal management ledger.

Article 10 (Measures to Ensure Safety of Personal Information)

The Company implements the following protective measures for the safe processing of personal information:

  1. Encrypted storage of personal information (AES-256) and encryption of transmission sections (TLS 1.3)
  2. Access control (IAM, MFA) and minimum privilege management policy application
  3. Intrusion detection system (IDS) and security monitoring operation
  4. Payment information stored separately in a secure database
  5. Establishment of internal management plan and regular security training for employees
  6. Immediate response and recurrence prevention measures in case of security incidents

Article 11 (External Account and Service Integration Management)

  1. The Company provides login or data integration functions using authentication information from external accounts (e.g., Google, GitHub, Slack, Notion, etc.) that users optionally integrate for service provision.
  2. When integrating external services, the Company obtains explicit consent from users and collects and uses only the minimum necessary information (identification tokens, email, workspace name, etc.) and complies with the API policies of the external services.
  3. Users can directly manage and revoke access permissions for external accounts, and the Company immediately deletes related integration information upon user request.
  4. The management and security of information received from external services follow the privacy policy of each service provider, and the Company is not responsible for security incidents or policy changes of external services.

Article 12 (Responsibility for External Services and Links)

  1. The Company may provide users with integration functions with external services such as Notion, Slack, Google Drive (hereinafter "external services") or links to external sites.
  2. The Company does not directly operate external services or external sites and has no control over their content or policies.
  3. Therefore, the Company is not responsible for the truthfulness, usefulness, or legality of materials, content, or functions provided by external services or external sites.
  4. When using external services, the collection, use, and storage of personal information follow the privacy policy of each external service provider, and users should check the policy before integration.
  5. However, the Company will be liable for damages caused by its willful misconduct or gross negligence.

Article 13 (User Rights and How to Exercise Them)

  1. Users may exercise the following rights regarding their personal information at any time:

    • Request to view or receive a copy of personal information
    • Request to correct or delete personal information
    • Request to suspend processing or withdraw consent for personal information
    • File complaints or objections regarding personal information

  2. The Company will take action without delay within 30 days from the date of receiving the user's request, and if processing is unavoidably delayed, will notify the user of the reason and schedule.

  3. Users may exercise their rights through the following methods:

    • ① Settings menu within the service: Settings → Personal Information Management → View/Delete Information
    • ② Email submission: Request to privacy@server-kit.com or the Personal Information Protection Officer (support@server-kit.com)
    • ③ Written request: You may request in writing in accordance with Article 41 of the Enforcement Decree of the Personal Information Protection Act.
      • Unit 1205, 30 Gimpo Hangang 4-ro 420beon-gil, Gimpo-si, Gyeonggi-do, 10063, Republic of Korea, Serverkit Inc.

  4. The Company will verify identity and review the legitimacy of requests, and may request additional documents if necessary.

  5. Information that must be retained for a certain period under law (e.g., transaction records, tax documents, etc.) may be restricted from deletion or processing suspension.

  6. Users may file complaints regarding personal information infringement, and the Company will promptly process received complaints.

Article 14 (Personal Information Protection Inquiries)

ItemContent
Emailsupport@server-kit.com
AddressUnit 1205, 30 Gimpo Hangang 4-ro 420beon-gil, Gimpo-si, Gyeonggi-do, 10063, Republic of Korea
Operating HoursWeekdays 10:00-18:00 (excluding lunch 12:00-13:00)

Article 15 (Remedies for Rights Infringement)

Users may contact the following organizations for consultation and dispute resolution regarding personal information infringement:

Article 16 (Changes and Notification of Privacy Policy)

  1. This Policy is effective from November 1, 2025.
  2. If there are additions, deletions, or modifications to the content, we will notify you at least 7 days in advance, or 30 days in advance for significant changes, via email or notice.
Privacy Policy | BeSir