Playio Privacy Policy (Ver 2.0)
Last updated: February 26, 2026
GNA COMPANY CORP (the “Company”) values users’ personal information and makes best efforts to process such information lawfully and securely in compliance with applicable laws and regulations, including the Personal Information Protection Act.
This Privacy Policy sets forth the procedures and standards for the processing of personal information in connection with the use of Playio (the “Service”) operated by the Company, and is intended to protect users’ rights and facilitate prompt handling of complaints and inquiries. Users under the age of fourteen (14) are restricted from using the Service. The Service is not directed to children under the age of 14, and the Company does not knowingly collect personal information from children under 14.
Purpose of Processing Personal Information
The Company processes personal information for the following purposes and does not use such information for any purposes other than those listed below. If the purpose of processing changes, the Company will provide prior notice through service announcements or obtain separate consent.
-
Identification of members; confirmation of intent to register; verification of identity and age
-
Handling inquiries, complaints, and providing notices and customer support
-
Service improvement and development of new services based on analysis of service usage records and access frequency
-
Provision of personalized and customized content based on analysis of user characteristics and usage history
-
Prevention of and sanctions against activities that hinder service operations, such as account theft or fraudulent use
-
Establishment of a secure environment to ensure the safety of personal information
-
Marketing and advertising; operation of events and promotions (including participation verification and prize delivery)
-
Provision of communication features, such as activity notifications
Processing and Retention Period of Personal Information
In principle, the Company retains personal information from the time it is collected with the user’s consent and destroys it without delay when the user withdraws from membership or when the purpose of processing has been achieved.
However, where retention is required for a certain period pursuant to applicable laws or service operation policies, the Company will retain the information for that period only and will not use it for other purposes.
(1) Retention Periods Required by Law
| Retained Information | Legal Basis | Retention Period |
|---|---|---|
| Records of consumer complaints or dispute resolution | Consumer Protection in Electronic Commerce and Related Laws | 3 years |
| Records related to labeling and advertising | Consumer Protection in Electronic Commerce and Related Laws | 6 months |
| Login records related to service use | Protection of Communications Secrets Act | 3 months |
(2) Retention Periods Based on Service Policies
-
If a user does not access the Service for 210 consecutive days, the account will be converted to an inactive account, and free virtual assets (Gems, Hearts, Coins) may expire. Prior notice will be provided via email or push notifications 60 days and 30 days before the conversion. Upon re-login, the account will be immediately reactivated; however, any free virtual assets that have already expired will not be restored.
-
If a user withdraws from the Service and/or deletes the account, related information will be retained for 90 days and then destroyed.
-
Where necessary to prevent improper use or to respond to disputes, the Company may retain personal information for up to one (1) year after withdrawal.
Categories of Personal Information Processed
[Items of Personal Information Collected]
-
At the time of registration, the Company collects email address, date of birth, and gender as required items. Information collected varies depending on the login method, as described below.
-
If a user uses paid services, the Company may collect payment method information, payment approval numbers, and related data at the time of payment through a personal information processor (payment service provider).
-
If a user purchases products, the Company may collect the information listed below.
-
If a user participates in events or promotions, the Company may collect the information listed below.
-
In the course of handling inquiries, the Company may collect the information listed below.
-
During the use of the Service, the following information may be automatically generated and collected:
-
Registration path, registration date, IP address, cookies, access logs, service usage records, records of improper use, device information (model name, unique device identifiers, MAC address, OS information), mobile carrier, payment records, and purchase history
-
| Category | Personal Information Collected |
|---|---|
| Membership registration (Email) | Email address, password, date of birth, gender |
| Membership registration (Google) | Email address, date of birth, gender |
| Membership registration (Facebook) | Email address, date of birth, gender |
| Events / Promotions | Name, email address, mobile phone number, address, date of birth |
| Customer Support | Account ID, contact information, device information, payment and purchase information |
| Service improvement and stabilization | Email address, mobile phone number, device information, service usage (suspension) records, access logs, cookies, IP address, payment and purchase information |
[Methods of Collecting Personal Information]
When collecting personal information, the Company provides prior notice to users and obtains their consent. Personal information is collected through the following methods:
-
Where users agree to the collection of personal information and directly enter such information through the Company’s website or mobile applications during registration or service use
-
Where personal information is provided by affiliated services or organizations
-
Where personal information is provided through web pages, email, or telephone during customer support or inquiry handling
-
Where personal information is provided through participation in online or offline events and promotions
App Permission Information
The Company requests only the minimum access permissions necessary to provide the Service.
[Required Permissions]
-
Display over other apps: Permission to display reward acquisition information during gameplay
-
Access to usage information: Permission to check game app usage time for the purpose of granting rewards
[Optional Permissions]
-
Contacts: Permission for the friend invitation feature
-
Camera: Permission to attach photos when posting community content or submitting customer support inquiries
-
Files and media: Permission to attach files when posting community content or submitting customer support inquiries
[Data Access Information]
-
Installed app information: Used to provide the “Continue Playing” feature and to synchronize game lists; such information is securely transmitted outside the device.
-
Optional permissions are not required to use the Service; however, certain features may be limited if such permissions are not granted.
Provision and Entrustment of Personal Information
The Company does not provide users’ personal information to third parties without prior consent. However, the Company may entrust certain tasks necessary for service provision to external service providers. In such cases, the Company strengthens management and supervision through contractual arrangements to ensure the protection of personal information.
| Service Provider | Purpose of Use | Information Provided | Retention Period |
|---|---|---|---|
| Twilio Inc. | SMS delivery service | Phone number | Until the purpose is achieved |
| Amazon Web Services, Inc. | Data storage / hosting | IP address, location information, basic user information, advertising ID | Until contract termination or membership withdrawal / purpose achievement |
| Google LLC | Service usage analysis and advertising performance measurement | Advertising ID, event data | Until the purpose is achieved |
| Meta Platforms, Inc. | Service usage analysis and advertising performance measurement | Advertising ID, event data | Until the purpose is achieved |
| Singular Labs, Inc. | Advertising performance measurement | Device ID, location information, advertising ID | Until the purpose is achieved |
Cross-Border Transfer of Personal Information
The Company may transfer users’ personal information to overseas recipients as described below. Such cross-border transfers are conducted for purposes including service provision and marketing activities (e.g., analysis of user activity statistics, notifications of events and promotions). Users’ personal information is transmitted through secure information and communication networks. The transferred personal information is retained and used until the relevant purposes are achieved. Details of cross-border transfers are as follows:
| Recipient | Country | Contact | Purpose | Information Provided | Retention Period |
|---|---|---|---|---|---|
| AppsFlyer Ltd. | Israel / United States | [email protected] | Advertising performance measurement | Device ID, location information, advertising ID | Until the purpose is achieved |
| Adjust GmbH | Germany | [email protected] | Advertising performance measurement | Device ID, location information, advertising ID | Until the purpose is achieved |
| Grey Box, Co., Ltd. | South Korea | [email protected] | Delivery of messages such as automatically collected information to users, app push notifications, SMS, and emails | Name, phone number, email address, date of birth | Until membership withdrawal or termination of the entrustment agreement |
Destruction of Personal Information
When the retention period of personal information expires or the purpose of processing has been achieved, the Company destroys such personal information without delay. However, where retention is required for a certain period pursuant to applicable laws or internal policies, the information will be stored separately and then destroyed.
(1) Destruction Procedures
-
Personal information is destroyed immediately after the retention period prescribed by internal policies and applicable laws has elapsed following the achievement of the processing purpose.
(2) Destruction Methods
-
Personal information stored in electronic file form is permanently deleted in a manner that prevents recovery or reproduction.
-
Personal information stored in paper document form is destroyed by shredding or incineration.
Users’ Rights and Methods of Exercising Rights
The Company does not sell or share users’ personal information as defined under applicable U.S. state privacy laws, including the California Consumer Privacy Rights Act (CPRA). The Company does not use or disclose sensitive personal information except as permitted by applicable law.
-
Users may exercise the following rights related to personal information protection at any time:
-
Request access to personal information
-
Request correction of errors or inaccuracies in personal information
-
Request deletion of personal information (except for items required to be collected by law)
-
Request membership withdrawal or suspension of personal information processing (note that some or all services may be restricted as a result)
-
-
Users may access or correct their personal information after identity verification, in accordance with the procedures established by the Company.
-
Membership withdrawal may be requested directly through the “Withdraw Membership” menu within the app.
-
If direct withdrawal or correction is difficult, users may submit a request to customer support or the personal information protection officer by written request, telephone, or email, and the Company will take action without delay.
-
If a user withdraws consent for the use of personal information or requests account deletion, the account will be deleted, and all virtual assets (Gems, Coins, Hearts) and purchased items held by the member will also be deleted. However, posts and comments previously published in the community will not be deleted.
-
Where a correction of personal information is requested, the relevant personal information will not be used or provided until the correction is completed. If the information has already been provided to a third party, the Company will promptly notify such third party to ensure that the correction is made.
-
Personal information deleted at the request of the user or legal guardian will be processed in accordance with the procedures set forth in this Privacy Policy and will not be accessed or used for any other purpose.
Technical and Administrative Safeguards for Personal Information
To prevent loss, theft, leakage, alteration, or damage of users’ personal information, the Company implements the following technical and administrative safeguards.
(1) Access Control and Authorization Management
-
Access to personal information is granted only to the minimum number of personnel necessary to perform their duties.
-
When a person handling personal information changes roles or leaves the Company, access rights are immediately modified or revoked.
-
When accessing systems externally, personal information handlers use secure connections (such as SSL), and additional security measures are applied to systems and personal computers to prevent unauthorized access.
(2) Encryption of Personal Information
-
Personal information is encrypted during transmission and receipt.
-
Where personal information must be stored for business reasons, it is securely stored in encrypted form.
-
Sensitive information, such as passwords and unique identifying information (e.g., date of birth, gender, alien registration numbers), is stored and managed using secure encryption algorithms.
(3) Retention of Access Logs and Prevention of Tampering
-
Records of personal information processing through systems by authorized personnel are retained for at least three (3) months.
-
Such records are securely managed to prevent tampering, theft, or deletion.
(4) Physical Access Control
-
Servers and documents containing personal information are stored in separate areas with restricted access.
-
Documents, electronic files, and auxiliary storage media containing personal information are stored in secure locations equipped with locking devices.
Collection and Use of Behavioral Information
The Company may collect and use behavioral information generated during users’ use of the Service for the purpose of improving service quality and providing personalized content.
[Purposes of Collection]
-
Analysis of service usage statistics and improvement of service features
-
Analysis of game usage patterns by user groups
-
Creation of content based on de-identified statistical data
(e.g., Top 5 popular games, usage pattern reports, campaign performance metrics)
The collected behavioral information is processed only in a form that does not allow identification of individual users. Even when such information is used on external channels such as social media or blogs, it is used only in an anonymized form that does not identify any individual.
The Company does not use identifiable personal information for external marketing or advertising purposes without the user’s explicit prior consent.
[Advertising Identifiers]
-
The Company may collect users’ ADID. ADID is an advertising identifier for mobile app users and may be collected to provide better services.
-
Users may refuse the collection of ADID as described below.
-
Menu names and paths may vary slightly depending on the operating system version.
| Platform | Path |
|---|---|
| Android | Settings > Google (Google Settings) > Ads > Opt out of Ads Personalization |
[Third-Party Advertising Notice]
The Company may enter into advertising agreements with various mobile game studios (third-party advertisers) in order to operate the Service and provide useful content to users.
-
To measure the performance of advertising campaigns, the Company uses service providers (analytics platforms) and does not directly provide users’ personal information to advertisers (game studios).
-
All information related to advertising campaigns is collected, used, and deleted solely within the scope of contracts between the Company and the service providers.
-
If a user downloads a specific game and provides personal information to the relevant game studio, such information is managed in accordance with that studio’s privacy policy, and the Company is not involved in the processing of such information. Users are encouraged to review the game studio’s privacy policy in advance.
Personal Information Protection Officer
-
Company: GNA Company Corp.
-
Name: Jiwoong Choi
-
Email: [email protected]
Scope of Application of This Privacy Policy
-
This Privacy Policy applies to the Service operated by the Company (playio.co) and all related web- and app-based services.
-
Services provided under a separate brand name may be subject to a separate privacy policy.
-
Where personal information is collected by external websites linked within the Service, the privacy policy of such external website shall prevail.
Changes to the Privacy Policy
-
The Company may revise this Privacy Policy to reflect changes in applicable laws or the Service.
-
In the event of additions, deletions, or modifications to this Privacy Policy, notice will be provided at least seven (7) days prior to the effective date. If the changes materially affect users’ rights—such as changes to the categories of information collected or the purposes of use—prior notice will be provided at least thirty (30) days in advance.
-
The revised Privacy Policy shall take effect on the announced date or on a separately specified effective date.
Addendum
(Effective Date)
This Privacy Policy shall take effect on November 13, 2026.
All prior privacy policies are hereby replaced by this Privacy Policy.
-
Last Updated: February 26, 2026
-
Privacy Policy of Service Version : v2.0
