Privacy Policy

Effective Date: June 4, 2026

 

This Privacy Policy applies to the Services provided by WEMADE PLAY (the “Company”) and includes the following information. It explains how the Company collects and uses users' personal information and the measures taken to protect such information. Users may withdraw their consent to the collection, use, disclosure, or destruction of their personal information at any time. However, if consent is withdrawn, some or all of the Services may no longer be available. In addition, the information collected is limited to the minimum information necessary to provide the Services.

 

1. Information Collection
2. Use of Collected Information
3. Information Sharing
4. Information Security
5. Updating and Deleting Information
6. Regulations and Cooperation with Regulatory Authorities
7. Scope and Changes of the Privacy Policy
8. California Privacy Rights
9. Customer Support
10. Children's Privacy

 

1. Information Collection

The Company collects various types of data, including basic information such as users' device information and service usage history, in order to provide better services. Such information may include the following.

Information from Platform Providers: To optimize the services, the Company may collect users' account identifiers (such as a user ID or email address), social media account information, nicknames, profile information, friends lists, and other related information from platform providers (such as Apple, Google, Facebook, or WEMIX) or app store providers when users download applications or use the services.

Information Collected During Service Use: While using the services, information relating to users' use of the services may be collected, including device information, usage time, usage history, the type and price of purchased content, and participation in events. Such information may include the following.

  • Device Information: Mobile device model and operating system version, device identifiers, such as universally unique identifiers (UUIDs), unique identifiers generated within the services, such as GUIDs, regional information, mobile network information (excluding phone numbers), and other device-related data.

  • Log Information: Information such as access times, Internet Protocol (IP) addresses, and usage records is automatically collected when users access or use the services.

  • Purchase Information: When users purchase content through in-app purchases via Apple or Google, information such as the purchase time, content type, price, payment currency, payment method, and order number is automatically recorded.

  • Local Storage: Data may be collected and stored locally on users' devices through mechanisms such as application data caches.

If you access the services using a guest account without registering as a member with a platform provider or using a social media account, the Company cannot identify you based solely on the data collected during your use of the services. Only users who have an account with a platform provider's service or a social media account can be identified.

 

2. Use of Collected Information

The Company uses information provided by platform providers and information collected or recorded during users' use of the services for purposes including providing, maintaining, securing, updating, developing, and offering new services. Such information may also be used to provide users with more relevant and personalized services, including advertisements.

The Company may display users' nicknames, profile information, and friends lists provided by platform providers within the services. Users may change how such information is displayed through the application's features or through the platform provider and/or social media website at any time.

If a user contacts the Company regarding the services by phone or email, the Company may retain records of communications with the user in order to respond to such inquiries. In addition, the Company may use a user's email address to provide information related to the use of the services. Furthermore, the Company may use collected information (excluding information of users in the EEA) or information provided to provide users with an improved service environment and better service quality. In addition, where a user has expressly consented (optional consent) to receive personalized advertisements, the Company's automated systems may analyze the user's service usage and/or purchase history. This information is used to provide personalized advertising and other relevant features tailored to the individual user.

The Company will notify users in advance and obtain their prior consent if collected or provided user data is to be used for purposes other than those specified in this Privacy Policy.

Data collected or provided by the Company is processed in Amazon Web Services (AWS Regions: Frankfurt, Germany and California, United States), which is certified to maintain appropriate security safeguards. When transferring personal information of users located in the European Economic Area (EEA) or the United Kingdom (UK) outside their jurisdiction, the Company will, in principle, execute Standard Contractual Clauses (SCCs) approved by the European Commission (EC) or apply other lawful and valid transfer mechanisms, such as the EU-U.S. Data Privacy Framework (EU-U.S. DPF), in accordance with applicable data protection laws to ensure that user data is adequately protected. In addition, user data may be processed in other AWS Regions (Seoul, Republic of Korea) for the purpose of providing better services or performing service agreements.

The Company processes unique identifiers within the services (e.g., GUIDs) and usage logs for the purposes of measuring service performance and analyzing revenue statistics (BI). This data is strictly limited to aggregated and cohort analysis and does not allow for the identification or singling out of any individual. In addition, technical safeguards are implemented to prevent the use of such data for user acquisition (UA) activities or its permanent linkage with payment information.

  • EEA residents: The processing is based on the Company's legitimate interests under Article 6(1)(f) of the EU GDPR (General Data Protection Regulation).

  • California residents: This constitutes processing for business purposes under the CCPA/CPRA and does not constitute the sale or sharing of personal information.

 

3. Information Sharing

The Company does not share user data with companies or individuals outside of the Company except in the following circumstances. Data may be shared in the following cases.

Where a user has consented, the Company may share data with companies or individuals outside of the Company. However, where data sharing is necessary, the user's consent must be obtained in advance. 

Where external processing is required, the Company may entrust data processing to partners or trusted service providers that maintain physical and technical safeguards and comply with the Company's internal policies and self-regulatory framework. Where this occurs, the Company remains fully responsible for the activities of the entrusted data processors.

Where required by law, the Company may share information with external companies, organizations, or individuals if it reasonably believes that access, use, preservation, or disclosure of such information is necessary for the following purposes.

  • Where data is required under legal procedures, regulations, or applicable laws, or in response to requests from law enforcement or regulatory authorities with legal jurisdiction.

  • Where necessary to detect, prevent, or address fraud, technical, or security issues.

  • Where necessary to protect users or the general public from threats to their rights, property, or public safety.

The Company may share anonymized data or data that does not identify individual users with its partners. In addition, if the Company becomes subject to an acquisition, merger, or sale of assets (collectively, "M&A"), user data may be transferred to the company involved in the M&A transaction while maintaining the confidentiality of such information. In these cases, users will be notified before their data is transferred to the company involved in the M&A transaction.

 

4. Information Security

The Company's information security management system has been certified by the Korean government for its safety and reliability, and the Company strives to protect the data it holds from unauthorized access, modification, disclosure, or deletion. In particular, the Company regularly reviews its personal information protection practices and continuously improves how personal information is collected, stored, and used by applying the latest technologies, thereby helping ensure that users can use the services safely. This includes the use of Secure Socket Layer (SSL) technology and physical and technical safeguards designed to detect unauthorized access to service systems. In addition, access to personal information is granted only to the minimum number of personnel necessary in accordance with internal policies and the self-regulatory framework.

 

5. Updating and Deleting Information

Updating Information Provided by Platform Providers. Users may request updates to their data from the relevant platform provider at any time while using the services. Users who are citizens of member states of the European Union may additionally request access to, correction, rectification, amendment, transfer, or portability of their data, and may restrict or object to processing or profiling (collectively, "Processing").

The Company is not authorized to process data that users have provided to platform providers. Accordingly, if a user requests that the Company process data that was provided through a platform provider, the Company will inform the user that it does not have the authority to process such data and will direct the user to request the processing of the data from the relevant platform provider and/or social media provider.

Updating Information Collected During Service Use.  Users may request that the Company update or process their data collected during the use of the services (applicable only to citizens of member states of the European Union). The Company will endeavor to process such requests without undue delay, except where the data must be retained for reasonable business purposes or legal purposes. In addition, requested data updates or processing will be provided free of charge unless doing so would require disproportionate effort, and the Company may request verification of the user's identity before updating or processing the data.

However, requests may be denied if they are unreasonably repetitive, require excessive technical effort to fulfill (e.g., where the development of a new system or a fundamental change to existing practices would be required), infringe upon the rights or freedoms of others, or are otherwise impracticable to carry out. In such cases, users may object to the decision by contacting the data protection authority in their country of residence or by filing a civil action in accordance with the refusal procedures of the Company's Customer Support.

Deleting Information: Users may directly request the Company to delete their collected personal information. (For more information, please click here.) However, to prevent accidental or malicious deletion of user data and to ensure service maintenance, copies of user data stored on the service servers may not be deleted immediately even after the user deletes such data from the services. In addition, to comply with the laws of the user's country of residence and/or the laws applicable in the jurisdictions in which the Company operates, data may not be deleted from backup systems for a certain period of time. In such cases, the data will be deleted without undue delay once the applicable retention period required by law has expired.

Information Delete: Users may directly request the company to delete the personal information that was collected. (Click here for more information) However, to protect user data from accidental or malicious deletion and for maintenance and management of the service, copies of user data may not be immediately deleted from service servers even after a user deletes his or her data from the service. Furthermore, data may not be deleted from backup systems for a certain period of time to comply with laws in the user's country of residence and/or the country of Wemade Play business jurisdiction. In such cases, this data will be deleted without delay once the storage period required by relevant laws has elapsed.

 

6. Regulations and Cooperation with Regulatory Authorities

The Company strives to protect user data by regularly reviewing compliance with this Privacy Policy and applying the latest technologies in accordance with its internal policies and self-regulatory framework. The Company complies with various regulatory frameworks, including the privacy protection frameworks of the European Union and the United States.

If a complaint is submitted through Customer Support, the Company will contact the user and take appropriate action as necessary. Users located in member states of the European Union may contact the representative identified below for further information regarding this Privacy Policy. In addition, where the Company is unable to resolve an issue directly with a user concerning the processing of user data, the Company will cooperate with the relevant data protection authority in the applicable country to resolve the matter.


[EU Representative Contact Information]


[UK Representative Contact Information]

 

7. Scope and Changes of the Privacy Policy

This Privacy Policy does not apply to any other websites (including advertisements) linked within the services or to any websites that may be included within the services. In addition, this Privacy Policy may be amended from time to time. If this Privacy Policy is amended, users will be notified of the changes in advance, and material changes will be announced through email, push notifications, or other appropriate means.

 

8. California Privacy Rights

Rights of California residents: If you are a California resident, you may have certain additional privacy rights. California consumers have the right to know about, access, and delete their personal information under the California Consumer Privacy Act (CCPA). They also have the right to opt out of the sale of their personal information and the right not to be discriminated against for exercising their California privacy rights. We do not sell your personal information and will not discriminate against you for exercising your privacy rights. For more information, please refer to the "California Privacy Rights" page.

California Residents’ Rights: If you are a California resident, you may have certain additional privacy rights. California consumers have a right to knowledge, access, and deletion of their personal information under the California Consumer Privacy Act (CCPA). California consumers also have a right to opt out of the sale of their personal information by a business and a right not to be discriminated against for exercising one of their California privacy rights. We do not sell your personal information and do not discriminate in response to privacy rights requests. Visit our Your California Privacy Rights page for more information

 

9. Customer Support

The Company is committed to protecting and securely managing user data. If you have any questions regarding this Privacy Policy or the use of user data, or if you would like additional information, please contact Customer Support below.

  • Address: 9–10F, Wemix Tower, 49, Daewangpangyo-ro 644beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea

  • Phone number: +82-2-1800-6855

  • Email: helpcenter@wemadeplay.com

 

10. Children's Privacy

Our services are not intended for children under the age of 13 (or under the age of 16 for users residing in the EEA, or the minimum age of consent required by applicable local law), and do not knowingly collect or request personal information from children under such age. If we become aware that we have collected personal information from a child below the applicable age without the consent of a parent or legal guardian, we will promptly take steps to securely delete such information from our servers. Parents or legal guardians may request access to, correction of, or deletion of a child's personal information at any time through our Customer Support.