Zexea Logo

Privacy Policy

Effective Date: February 16, 2026

ZEXEA (hereinafter 'Company') establishes and discloses the following privacy policy to protect the personal information of data subjects and to handle related complaints promptly and smoothly in accordance with Article 30 of the Personal Information Protection Act.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, necessary measures such as obtaining separate consent will be taken in accordance with Article 18 of the Personal Information Protection Act.

  • Review of AI development inquiries, consultation, and project execution
  • Provision of free resources and marketing information
  • Review of AI education inquiries, consultation, and education program execution

Article 2 (Personal Information Items Collected)

The Company collects the following personal information to provide services.

1. Development Inquiry

Name, email, phone number, project name, obstacles, budget, timeline, website, project details

2. Free Resource Request

Name, email, phone number, referral source, automation-related questions

3. Education Inquiry

Company name, contact name, position, email, phone, business description, employee count, AI project status, AI tool usage, repetitive task information, education goals, budget information, decision-making information, previous training experience

Article 3 (Processing and Retention Period)

The Company processes and retains personal information within the retention and use period agreed upon when collecting personal information from the data subject or as required by law.

Retention Period: Destroyed 6 months after submission

However, the retention period may vary according to contract terms and relevant laws during project execution.

Article 4 (Procedures and Methods for Destroying Personal Information)

The Company destroys personal information without delay when it becomes unnecessary, such as when the retention period has elapsed or the purpose of processing has been achieved.

Destruction Procedure

Information entered by users is transferred to a separate DB after achieving its purpose (or to separate documents in case of paper) and is destroyed after a certain period in accordance with internal policies and other relevant laws, or immediately.

Destruction Method

  • Personal information in electronic file format is deleted using technical methods that make the records unrecoverable.
  • Personal information printed on paper is destroyed by shredding or incineration.

Article 5 (Provision of Personal Information to Third Parties)

The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the data subject or special provisions of the law.

Currently, the Company does not provide personal information to third parties.

Article 6 (Outsourcing of Personal Information Processing)

The Company outsources personal information processing as follows for service provision.

  • n8n: Webhook processing and workflow automation
  • Supabase: Database storage and management
  • Amazon SES (Simple Email Service): Marketing email delivery

Article 7 (Rights, Obligations and Exercise Methods of Data Subjects)

Data subjects may exercise their rights to access, correct, delete, or suspend processing of personal information at any time.

  • Request to access personal information
  • Request for correction in case of errors
  • Request for deletion
  • Request for suspension of processing

Rights may be exercised in writing, by email, etc., and the Company will take action without delay.

Article 8 (Measures to Ensure Security of Personal Information)

The Company takes the following measures to ensure the security of personal information.

  • Encryption of personal information
  • Technical measures against hacking
  • Restriction of access to personal information
  • Storage and prevention of falsification of access records

Article 9 (Privacy Officer)

The Company has designated a Privacy Officer to oversee personal information processing and handle complaints and damage relief related to personal information processing.

ZEXEA

Email: reducingtime@zexea.io

9, Gangnamseo-ro, Giheung-gu, Yongin-si, Gyeonggi-do, Republic of Korea

Article 10 (Changes to Privacy Policy)

This Privacy Policy is effective from February 16, 2026, and in case of additions, deletions, or corrections to the policy in accordance with laws and policies, changes will be announced through notices at least 7 days before implementation.

Article 11 (Remedies for Rights Infringement)

Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. for relief from personal information infringement.

  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
  • Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
  • National Police Agency: 182 (ecrm.cyber.go.kr)

Article 12 (Marketing Emails and Unsubscribe)

The Company sends marketing emails only with the prior consent of the user.

  • Marketing emails are sent only when the user has explicitly opted in through a subscription form.
  • The Company does not purchase, rent, or scrape email lists. Only directly collected, consent-based lists are used.
  • Every marketing email includes a one-click unsubscribe link in the footer.
  • Unsubscribe requests are processed automatically and immediately. The email address is permanently removed from all future mailing lists.
  • Users may also request removal by emailing reducingtime@zexea.io directly.
  • Unsubscribe requests are honored within 2 business days.

Article 13 (Bounce and Complaint Handling)

The Company maintains the following bounce and complaint handling procedures to ensure email delivery quality.

  • Hard bounces: The email address is immediately removed from active mailing lists.
  • Soft bounces: Retried up to 3 times; if unsuccessful, the address is removed from mailing lists.
  • Spam complaints: The recipient is immediately and permanently unsubscribed upon receipt of a complaint.
  • The Company monitors bounce and complaint rates via Amazon CloudWatch and the SES reputation dashboard, targeting a bounce rate below 2% and a complaint rate below 0.1%.

Article 14 (International Compliance)

In accordance with the global operation of its services, the Company complies with the following international data protection regulations.

Korea Personal Information Protection Act (PIPA): The Company complies with domestic laws governing the collection, use, provision, and destruction of personal information.

CAN-SPAM Act (United States): All marketing emails include a physical mailing address, and unsubscribe requests are honored within 2 business days.

GDPR (EU General Data Protection Regulation): For EU/EEA residents, the Company guarantees the right to explicit consent for data processing, the right to access, rectify, and erase data (including the right to be forgotten), the right to data portability, and the right to restrict or object to processing. Requests may be submitted to reducingtime@zexea.io and will be processed within 30 days.

KISA (Korea Internet & Security Agency) Guidelines: The Company adheres to KISA guidelines on spam prevention and email marketing.