Last Updated: January 9, 2026
Triplio (the "Company") processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, we will take necessary measures such as obtaining separate consent. • Membership registration and management: Identity verification, personal identification, prevention of fraudulent use • Service provision: Travel planning, itinerary management, group travel collaboration, personalized travel information • Service improvement: Service improvement and new service development through usage analysis • Customer support: Complaint handling, inquiry consultation, and grievance resolution
The Company collects the following personal information to provide services: [Required Items] • Email address • Name (or nickname) • For social login: Social account identifier, profile image URL [Optional Items] • Profile photo • Travel itinerary information (destination, dates, routes, etc.) • Language/currency preferences [Automatically Collected Items] • Service usage records, access logs • Device information (device type, OS version) • Push notification token (when notification consent is given)
The Company processes and retains personal information within the retention period prescribed by law or agreed upon at the time of collection. • Member information: Until membership withdrawal (destroyed within 30 days after withdrawal) • Service usage records: 3 years • Payment records: 5 years per e-commerce law • Login records: 3 months per communications privacy law
The Company processes personal information only within the scope specified in Article 1 and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act. Currently, we do not provide personal information to third parties. If provision becomes necessary in the future, we will obtain prior consent from users.
The Company outsources personal information processing as follows for smooth operation: • Supabase: Cloud database and authentication services • Vercel: Web service hosting • Google (Firebase): Push notification services
Data subjects may exercise the following rights regarding personal information protection at any time: 1. Request to view personal information 2. Request for correction of errors 3. Request for deletion 4. Request for suspension of processing Rights can be exercised through the in-app settings menu or email (support@triplio.app), and the Company will take action without delay.
When personal information becomes unnecessary due to expiration of retention period or achievement of processing purpose, the Company will destroy it without delay. • Destruction procedure: Unnecessary personal information is destroyed after approval by the personal information manager. • Destruction method: Electronic files are deleted using technical methods that prevent reproduction.
The Company takes the following measures to ensure the security of personal information: • Encryption: Passwords and sensitive information are encrypted for storage and management • Technical measures against hacking: Encrypted communication through SSL certificates • Access control: Minimization of personal information access rights and access record management • Security programs: Regular security checks and vulnerability analysis
The Company designates a privacy officer to oversee personal information processing and handle complaints and remedies. Privacy Officer Email: privacy@triplio.app Contact: support@triplio.app
This Privacy Policy is effective from the enforcement date, and any additions, deletions, or corrections due to changes in laws and policies will be announced through notices 7 days before the changes take effect.
Data subjects may apply for dispute resolution or consultation to the following organizations for remedies for personal information infringement: • Personal Information Dispute Mediation Committee: www.kopico.go.kr • Privacy Infringement Report Center: privacy.kisa.or.kr • Cyber Crime Investigation: Local law enforcement
This Privacy Policy is effective from January 9, 2026.