Back to Home

Privacy Policy

Last updated: March 1, 2026

Article 1 (General Provisions)

Twotone Inc. (the "Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act of the Republic of Korea to protect the personal information of data subjects and to handle related complaints promptly. This Policy applies to the Factodo service (the "Service") provided by the Company.

Article 2 (Personal Information Collected and Collection Methods)

The Company collects the following personal information to provide the Service.

Required Information

  • Upon registration: email address, password, name (or nickname), company name
  • Upon payment: payment information (credit card number, bank account details, etc.), billing address
  • Upon inquiry: name, email address, inquiry details
  • Manufacturing-related business data entered by the User during service use (sales orders, purchasing, production, inventory, shipment information, etc.)

Automatically Collected Information

  • IP address, access date and time, browser type and version, operating system information
  • Service usage records, pages visited, error logs
  • Device identifier (Device ID), screen resolution
  • Information collected through cookies and similar technologies

Article 3 (Purpose of Processing Personal Information)

  1. Membership registration and management: User identification, verification of registration intent, identity confirmation, account management
  2. Service provision: Operating Factodo MES features (sales order, purchasing, production, inventory, shipment management, dashboards, kanban, calendar, operation scenarios, barcodes, reports, Todo management, etc.)
  3. Fee settlement and billing: Billing for paid services, payment processing, refund processing
  4. Customer support: Responding to inquiries, delivering notices, handling complaints
  5. Service improvement: Analyzing service usage statistics, developing new features, improving quality
  6. Ensuring a safe usage environment: Preventing unauthorized use, system security, access control management

Article 4 (Retention and Use Period of Personal Information)

The Company destroys personal information without delay once the purpose of collection and use has been achieved. However, where retention is required by applicable law, information shall be retained for the following periods:

  • Records of contracts or subscription withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce)
  • Records of payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce)
  • Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce)
  • Access log records: At least 3 months (Protection of Communications Secrets Act)
  • Residual data after account deletion: Destroyed within 30 days of the deletion request

Article 5 (Provision of Personal Information to Third Parties)

  1. The Company does not, in principle, provide Users' personal information to third parties. Information is provided only with the User's consent or where there is a legal basis.
  2. Where required by law (e.g., a lawful request by investigative authorities), the Company may provide personal information within the scope prescribed by applicable law.
  3. In the event of a merger, division, or business transfer, the Company shall comply with procedures prescribed by applicable law regarding the transfer of personal information.

Article 6 (Entrustment of Personal Information Processing)

  1. The Company may entrust personal information processing to external parties for service operations. When doing so, the Company discloses the details of the entrusted work and the trustees in accordance with applicable law.
  2. When entering into entrustment contracts, the Company stipulates matters required by applicable law for the safe management of personal information and supervises whether the trustee processes personal information securely.
  3. If the content of the entrusted work or the trustee changes, the Company will promptly disclose such changes through in-service notices or individual notification.

Article 7 (Rights and Obligations of Data Subjects)

  1. Users (data subjects) may exercise the following rights at any time: request to view personal information, request correction of errors, request deletion, request suspension of processing.
  2. These rights may be exercised through the settings menu within the Service or in writing via email, and the Company will take action without delay.
  3. If a User requests correction of errors in their personal information, the Company will not use or provide such information until the correction is completed.
  4. Users have a duty to maintain the accuracy and currency of their personal information. Users bear responsibility for any disadvantages caused by providing inaccurate information.
  5. Users must not infringe upon or misappropriate the personal information of others. All legal responsibility arising from such violations lies with the User.

Article 8 (Destruction of Personal Information)

  1. The Company destroys personal information without delay when the retention period has expired or the purpose of processing has been achieved.
  2. Personal information in electronic file format is deleted using technical methods that prevent recovery and reproduction. Personal information printed on paper is destroyed by shredding or incineration.
  3. However, personal information that must be retained for a certain period under applicable law is stored separately and securely from other personal information for that period.

Article 9 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the security of personal information:

  • Administrative measures: Establishing and implementing internal management plans, minimizing and training personnel who handle personal information
  • Technical measures: Managing access rights to personal information processing systems, installing access control systems, encrypting unique identification information, installing and updating security programs
  • Physical measures: Controlling access to server rooms and data storage facilities
  • Data transmission encryption: Applying SSL/TLS encryption protocols for data transmission between the Service and Users
  • Regular security audits: Conducting vulnerability analysis, assessment, and countermeasures

Article 10 (Installation, Operation, and Rejection of Cookies)

  1. The Company uses cookies for service convenience. Cookies are small text files stored on the User's browser upon accessing the Service, used for maintaining login status, saving preferences, and analyzing service usage statistics.
  2. Users may refuse to store cookies through web browser settings. However, refusing cookies may limit access to certain services that require login.
  3. The Company may use analytics tools for service usage statistics analysis, during which de-identified information may be collected.

Article 11 (Personal Information Protection Officer)

The Company designates a Personal Information Protection Officer to oversee personal information processing and handle User complaints and damage relief as follows:

Personal Information Protection Officer: CEO

Organization: Twotone Inc.

Contact: support@factodo.com

Article 12 (Remedies for Rights Infringement)

Users may contact the following organizations for damage relief, consultation, and other matters related to personal information infringement:

  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
  • Supreme Prosecutors' Office Cybercrime Investigation Division: 1301 (www.spo.go.kr)
  • National Police Agency Cyber Investigation Bureau: 182 (ecrm.cyber.go.kr)

Article 13 (Cross-Border Transfer of Personal Information)

  1. Personal information may be stored and processed outside the Republic of Korea (e.g., cloud server locations) for service provision. In such cases, the Company takes protective measures in accordance with Article 28-8 of the Personal Information Protection Act.
  2. For cross-border transfers, the Company informs Users of the items transferred, the recipient, the purpose of transfer, and the retention period, and obtains consent.
  3. The Company ensures that transferred personal information is securely managed through contractual and other protective measures.

Article 14 (Personal Information of Children Under 14)

  1. The Company does not collect personal information from children under the age of 14 and restricts membership registration for children under 14.
  2. If it is confirmed that personal information of a child under 14 has been collected, the Company will destroy such information without delay. Legal guardians may request deletion by contacting support@factodo.com.

Article 15 (Changes to the Privacy Policy)

  1. This Policy may be revised in accordance with changes to applicable laws and Company internal policies. Changes will be communicated through in-service notices with the details and effective date.
  2. For changes disadvantageous to Users, the Company will provide individual notice at least 30 days before the effective date through in-service notices or email.

Supplementary Provision: This Privacy Policy shall take effect on March 1, 2026.