Privacy Policy
Last Updated: February 15, 2025
At DataFlow Organization, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information when you use our comparative company analysis platform. We're committed to transparency and giving you control over your data. If something here doesn't make sense, reach out. We're happy to explain further.
Information We Collect
We collect different types of information depending on how you interact with our platform. Some data you provide directly, and some we gather automatically as you use our services.
Information You Provide
When you create an account or use our analysis tools, you might share:
- Contact details like your name, email address, and phone number
- Company information including business registration numbers and financial data
- Payment details when you subscribe to premium features
- Messages you send through our contact forms or support channels
- Documents you upload for analysis purposes
Automatically Collected Data
Our systems gather technical information to improve performance and security:
- IP addresses and browser types
- Device information and operating systems
- Pages you visit and features you use
- Time stamps and interaction patterns
- Referral sources and search terms
How We Use Your Information
We don't collect data just for the sake of it. Everything we gather serves a specific purpose related to delivering and improving our services.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account management and authentication | Email, password, profile information | Contract performance |
| Providing financial analysis services | Company data, financial documents | Contract performance |
| Processing payments | Billing information, transaction history | Contract performance |
| Customer support | Contact details, support messages | Legitimate interest |
| Platform improvements | Usage patterns, feedback | Legitimate interest |
| Security and fraud prevention | IP addresses, device data | Legal obligation |
Important: We never sell your personal information to third parties. Your financial data and business information remain confidential and are only used to provide the services you requested.
Data Sharing and Third Parties
Sometimes we need to share information with trusted partners to deliver our services. But we're selective about who gets access and what they can do with it.
Service Providers
Cloud hosting, payment processors, and email services that help us run the platform. They only access data necessary for their specific function.
Financial Institutions
Banks and payment gateways that process your transactions securely. They follow strict financial regulations.
Legal Authorities
When required by law or to protect rights and safety, we may share information with government agencies or legal entities.
Business Transfers
If we merge with or are acquired by another company, your data may be transferred as part of that transaction.
All third parties we work with are contractually obligated to protect your information and use it only for the purposes we specify. We perform due diligence before partnering with anyone.
International Data Transfers
Our servers are primarily located in South Korea, but we use some services that may process data in other countries. When your information crosses borders, we ensure adequate protection through:
- Standard contractual clauses approved by regulatory authorities
- Adequacy decisions recognizing equivalent data protection standards
- Additional safeguards like encryption during transit
- Regular audits of international partners' security practices
South Korean law, particularly the Personal Information Protection Act (PIPA), governs our data handling practices. We comply with these regulations even when processing data internationally.
Your Rights and Choices
You're not powerless here. South Korean privacy law gives you substantial control over your personal information. Here's what you can do:
Access Your Data
Request a copy of all personal information we hold about you. We'll provide it in a readable format within 10 days.
Correct Inaccuracies
Update or fix any incorrect information in your profile. You can do this directly through your account settings or by contacting us.
Delete Information
Ask us to remove your personal data, subject to legal retention requirements. We'll honor deletion requests within 5 business days.
Restrict Processing
Limit how we use certain information while maintaining your account. Useful if you're disputing data accuracy.
Data Portability
Receive your data in a structured, machine-readable format to transfer to another service provider.
Withdraw Consent
For processing based on consent, you can change your mind anytime. This won't affect the lawfulness of prior processing.
To exercise any of these rights, email us at contact@datafloworg.com with your request. We'll verify your identity and respond promptly. There's no fee unless your request is clearly unfounded or excessive.
Data Security Measures
We take security seriously because your financial data deserves robust protection. Our approach combines technical safeguards with strict operational policies.
Technical Protections
- End-to-end encryption for data transmission using TLS 1.3
- AES-256 encryption for stored financial documents
- Multi-factor authentication for account access
- Regular security audits and penetration testing
- Automated threat detection and monitoring systems
- Secure backup systems with geographic redundancy
Operational Security
- Strict access controls limiting who can view your data
- Employee background checks and confidentiality agreements
- Regular security training for all staff members
- Incident response plan for potential breaches
- Annual third-party security assessments
Despite our best efforts, no system is completely immune to security risks. If we detect a breach affecting your personal information, we'll notify you within 72 hours as required by law.
Data Retention Periods
We don't keep your information forever. Retention periods vary based on data type and legal requirements:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Duration of account + 1 year | Service provision and legal claims |
| Financial records | 5 years after transaction | Tax law requirements |
| Support communications | 3 years | Customer service improvement |
| Marketing preferences | Until withdrawal of consent | Compliance with opt-out requests |
| Technical logs | 12 months | Security and troubleshooting |
| Backup copies | 90 days in backups | Disaster recovery |
After these periods expire, we securely delete or anonymize your information so it can't be traced back to you. Active accounts are reviewed annually to ensure we're only keeping what's necessary.
Cookies and Tracking Technologies
Like most websites, we use cookies and similar technologies. Some are essential for the platform to function, while others help us improve your experience.
Essential Cookies
Required for authentication, security, and basic functionality. You can't disable these without breaking the platform.
Performance Cookies
Help us understand how you use the site so we can fix bugs and improve features. These are optional.
Functional Cookies
Remember your preferences and settings to personalize your experience across sessions.
Analytics Cookies
Provide aggregated statistics about site usage. Data is anonymized before analysis.
You can manage cookie preferences through your browser settings or our cookie consent manager. Disabling non-essential cookies won't prevent you from using core features, but some convenience functions may not work as smoothly.
Children's Privacy
Our services are designed for business professionals and are not intended for anyone under 18. We don't knowingly collect information from minors. If we discover that a child has provided personal data, we'll delete it immediately. Parents who believe their child has shared information with us should contact us right away.
Changes to This Policy
Privacy practices evolve, and so does this policy. When we make significant changes, we'll notify you through email or a prominent notice on the platform at least 30 days before the new policy takes effect. Minor updates might not trigger notification, but we'll always update the "Last Updated" date at the top.
Continuing to use our services after changes become effective means you accept the updated policy. If you disagree with modifications, you can close your account before they take effect.
Compliance and Regulatory Information
DataFlow Organization operates under South Korean jurisdiction and complies with:
- Personal Information Protection Act (PIPA)
- Act on Promotion of Information and Communications Network Utilization and Information Protection
- Credit Information Use and Protection Act (for financial data)
- Electronic Financial Transactions Act
Our Personal Information Protection Officer oversees compliance and handles privacy-related concerns. You can reach them directly at contact@datafloworg.com for questions about how we handle your data or to file complaints.
If you're not satisfied with our response, you have the right to lodge a complaint with the Personal Information Protection Commission of South Korea or the Korea Internet & Security Agency.
Questions About Privacy?
We know privacy policies can be dense. If anything here is unclear or you have specific concerns about your data, don't hesitate to reach out. We're here to help and take your privacy questions seriously.
We typically respond to privacy inquiries within 2 business days. For urgent security concerns, call our phone line during business hours (Monday through Friday, 9 AM to 6 PM KST).