Privacy Policy

Draft v2.0 | April 2026

Article 1. Purpose of Processing Personal Information

The Company operates the NADO platform (“Platform”). In accordance with Article 30 of the Personal Information Protection Act (“PIPA”) of the Republic of Korea, the Company establishes and discloses this Privacy Policy to protect the personal information of data subjects and promptly address related grievances.

Purpose	Details
Registration and management	Identity verification, membership maintenance, prevention of fraudulent use
Service provision	Intermediation between NADOs and Guests, reservation and payment processing, in-app messaging and translation, shared photo album
Safety management	Location-based safety monitoring during service use, emergency response
Service improvement	Usage analysis, new feature development, quality improvement
Grievance handling	Complaint processing, dispute resolution, review and report handling
Marketing (with consent)	Event and discount notifications, personalized recommendations

Article 2. Personal Information Collected

2.1 Information Required for Contract Performance

Category	Items	When
Registration	Name, email, profile photo, date of birth	At registration
Verification	Mobile phone number	At first reservation
Payment	Credit/debit card, billing address	At first reservation
Service use	Reservation records, usage history, chat messages	During use
Reviews	Ratings, written content	After completion
NADO registration	Name, email, phone, profile photo, activity name, bio	At NADO registration

2.2 Information Requiring Separate Consent

Government-issued ID (last digits masked) — NADO registration, separate consent
Health information (allergies, dietary restrictions) — at reservation, optional
GPS location — during service use, separate consent
Marketing — at registration, optional

2.3 Automatically Collected

Device information, log data (IP, access times), usage data (search queries, feature interactions).

2.4 From Third Parties

Social login providers (Google, Apple, Kakao): name, email, profile photo. Payment processors: transaction confirmation.

Article 3. Retention and Use Period

Data	Retention
Membership information	Until account deletion (destroyed within 30 days)
Reservation and payment records	5 years after transaction
Consumer complaint records	3 years
Chat messages	1 year after completion
Location data	90 days after completion
Shared album photos	1 year (or upon deletion request)
NADO identity documents	During activity; destroyed within 30 days of termination
Log records	3 months

Article 4. Destruction Procedures and Methods

The Company promptly destroys personal information when the retention period expires or the processing purpose is achieved.

Electronic files: Permanently deleted using irrecoverable methods
Paper documents: Shredded or incinerated
NADO identity documents: Deleted within 30 days of termination

Article 5. Provision to Third Parties

5.1 During Service Use

Upon reservation confirmation, Guest profile (name, photo) is shared with the NADO
NADO profile (activity name, photos, bio, reviews) is publicly visible
NADO’s real name is not disclosed to Guests — only the activity name. However, in cases of legal disputes or requests from investigative authorities pursuant to applicable law, NADO identity information may be provided through proper legal procedures.
Shared album photos are accessible only to the NADO and Guest for that service

5.2 Legal Reasons

When required by law or in response to requests from investigative authorities.

Article 6. Entrustment of Processing

The Company entrusts personal information processing for payment, cloud storage, translation, authentication, analytics, and insurance claim processing. Entrustment contracts include provisions for safeguards and compliance monitoring.

Article 7. International Transfer

Personal information may be transferred internationally for translation (chat messages), cloud storage, and payment processing. The Company ensures appropriate safeguards. For EEA/UK users, Standard Contractual Clauses (SCCs) are applied.

Article 8. Security Measures

Administrative: Internal management plans, regular training, Chief Privacy Officer
Technical: Access control, encryption (TLS/SSL, identity documents), security software
Physical: Access control for server rooms

Article 9. Cookies

The Platform uses essential cookies (session, security), analytics cookies (with consent), and marketing cookies (with opt-in consent). Users may manage settings through their browser.

Article 10. Special Provisions for NADO Services

Photos: NADOs may photograph Guests upon request. After uploading to the shared album, NADOs must delete photos from personal devices. Photos auto-delete after 1 year.
Chat records: Accessible only to the NADO and Guest involved. Company may access for safety incidents, reports, or legal requests.
Reviews: Must not include personal information (real names, phone numbers). Company may edit or delete violating reviews.
Information learned during service: NADOs and Guests shall not use personal information learned about each other for purposes other than the service.

Article 11. Location Data

GPS collected only during active service use after check-in
Shared only with Platform support, not directly with NADO or Guest
Requires separate consent
Users may disable at any time (safety features may be limited)
Deleted within 90 days of completion

Article 12. Rights of Data Subjects

Users may request: access, correction, deletion, suspension of processing, and data portability. Rights may be exercised via email (privacy@nado.kr), in-app settings, or written request. The Company will respond within 10 days.

Article 13. Automated Decision-Making

The Company may use algorithms for Experience recommendations and anomalous behavior detection. Users may refuse automated decisions or request an explanation.

Article 14. Children’s Personal Information

The Platform is intended for users aged 19 and older. The Company does not intentionally collect personal information from children under 14. If such information is collected, it will be destroyed without delay.

Article 15. Chief Privacy Officer

The Company has designated a Chief Privacy Officer to oversee personal information processing and address grievances. Contact: privacy@nado.kr

Article 16. Remedies

For dispute resolution regarding personal information:

Personal Information Dispute Mediation Committee: 1833-6972
Personal Information Infringement Report Center (KISA): 118
Supreme Prosecutors’ Office: 1301
National Police Agency: 182

Article 17. Additional Rights for EEA/UK Users (GDPR)

Users in the EEA/UK have additional rights under GDPR: right to information about legal basis, right to restrict processing, right against automated decision-making, and right to lodge complaints with national data protection authorities.

Article 18. Changes to This Policy

Material changes will be announced at least 7 days before the effective date via the Platform or email.

Effective as of April 2026.