Katarina
Privacy Policy
Hottest Lab Inc. (hereinafter referred to as "Company") values the personal information of users and complies with relevant laws such as the "Personal Information Protection Act" and the "Act on Promotion of Information and Communications Network Utilization and Information Protection." Through this privacy policy, the Company informs users about the purposes and methods for which personal information provided by users is being used, and what measures are being taken to protect personal information.
1. Personal Information Collection Items and Methods
A. Personal Information Items Collected
The Company collects the following information to provide AI virtual try-on services:
- Required Items: Photo images uploaded by users
- Automatically Collected Items: IP address, cookies, service usage records, device information, access logs
- Optional Items: Email address (for optional membership registration)
B. Personal Information Collection Methods
- Direct upload through website and mobile applications
- Automatic collection during service usage
- Collection during customer inquiries and consultation processes
2. Purpose of Personal Information Collection and Use
The Company utilizes collected personal information for the following purposes:
- AI Virtual Try-on Service Provision: Generating virtually clothed images by applying AI technology to photos uploaded by users
- Service Improvement: Improving service quality and AI model performance
- Prevention of Fraudulent Use: Preventing fraudulent use and unauthorized usage of the service
- Customer Support: Responding to user inquiries and handling complaints
- Statistics and Analysis: Service usage statistics and analysis (in forms that cannot identify individuals)
3. Personal Information Processing and Retention Period
- Uploaded Original Images: Immediately deleted upon completion of AI processing (within 24 hours maximum)
- Generated Result Images: Immediately deleted after delivery to users (within 7 days maximum)
- Service Usage Records: Destroyed after 3 months of storage
- Fraudulent Use Prevention Records: Stored for up to 1 year according to relevant laws
However, when necessary to preserve according to relevant laws, the Company retains personal information for the period specified by relevant laws:
- Records related to contracts or withdrawal of offers: 5 years (E-Commerce Act)
- Records related to payment and supply of goods: 5 years (E-Commerce Act)
- Records related to consumer complaints or dispute resolution: 3 years (E-Commerce Act)
- Website visit records: 3 months (Communications Secret Protection Act)
4. Third Party Provision of Personal Information
In principle, the Company does not provide users' personal information to third parties. However, exceptions are made in the following cases:
- When users have given prior consent
- When required by law or when requested by investigative agencies according to procedures and methods stipulated by law for investigative purposes
5. Outsourcing of Personal Information Processing
The Company outsources personal information processing as follows to improve services:
| Contractor | Outsourced Work Content | Retention and Usage Period |
|---|---|---|
| Google Cloud Platform | AI image processing and server hosting | Immediately deleted upon processing completion |
| Firebase | User authentication and data storage | Service provision period |
When concluding outsourcing contracts, the Company specifies matters concerning prohibition of personal information processing beyond the purpose of performing outsourced work, technical and administrative protective measures, restrictions on re-outsourcing, management and supervision of contractors, and responsibilities including damage compensation in documents such as contracts in accordance with Article 26 of the Personal Information Protection Act, and supervises whether contractors safely process personal information.
6. Rights of Users and Legal Representatives and Methods of Exercise
Users may exercise the following rights at any time:
- Request for personal information access
- Request for correction of personal information errors
- Request for deletion of personal information
- Request for suspension of personal information processing
Rights may be exercised in writing, by email, etc., according to the format specified in Annex No. 8 of the Enforcement Rules of the Personal Information Protection Act, and the Company will take action without delay.
7. Personal Information Destruction Procedures and Methods
A. Destruction Procedures
Information entered by users for service use is moved to a separate database after the purpose is achieved and stored for a certain period according to internal policies and information protection reasons under other relevant laws before being destroyed.
B. Destruction Methods
- Electronic file format information: Deleted using technical methods that make records irreproducible
- Personal information printed on paper: Shredded with a shredder or incinerated
- Temporary data in AI processing: Completely deleted from memory and cache immediately upon processing completion
8. Technical and Administrative Measures for Personal Information Protection
A. Technical Measures
- Personal information is stored and managed in encrypted form
- Systems are installed in areas with controlled external access to prevent personal information from being leaked or damaged by hacking or viruses
- Safe transmission of personal information over networks through SSL (Secure Socket Layer) encrypted communication
- Blocking external intrusions using firewalls
- Operation of immediate processing and automatic deletion systems for uploaded images
B. Administrative Measures
- Limiting access rights to personal information to the minimum number of personnel
- Regular training for employees handling personal information
- Operation of dedicated personal information protection organization
- Establishment and implementation of internal management plans
9. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
The Company uses ‘cookies‘ that store usage information and retrieve it from time to time to provide individualized customized services to users.
A. Purpose of Cookie Usage
- Analysis of service usage frequency and visit times
- Understanding users' areas of interest and service improvement
- Providing automatic login functionality
B. Installation, Operation, and Refusal of Cookies
Users have the right to choose regarding cookie installation:
- You can allow or refuse all cookies through web browser option settings
- You can set to go through confirmation every time cookies are stored
- However, if you refuse cookie storage, there may be restrictions on some service usage
10. Personal Information Protection Officer and Staff
The Company designates a personal information protection officer as follows to take overall responsibility for personal information processing matters and to handle user complaints and remedy damages related to personal information processing:
▶ Personal Information Protection Officer
- Name: Inje Lee
- Email: inje@hottest.com
Users may contact the personal information protection officer and relevant department regarding all personal information protection-related inquiries, complaint handling, damage remedies, etc. that occur while using the Company's services. The Company will respond to and process users' inquiries without delay.
11. Changes to Privacy Policy
This privacy policy applies from the effective date, and when there are additions, deletions, and corrections of changes according to laws and policies, it will be announced through announcements from 7 days before the implementation of changes. However, in case of important changes to user rights such as collection and utilization of personal information, provision to third parties, etc., it will be announced at least 30 days in advance.
12. AI Service-Specialized Personal Information Protection
Due to the characteristics of AI virtual try-on services, the following matters are additionally provided:
- Biometric Information Processing: Uploaded photos are processed for facial recognition and body measurement, but biometric information is not stored and is only used temporarily during AI processing.
- AI Training Data Usage: The Company does not use users' images for AI model training. Only anonymized data is used for statistical analysis to improve service quality.
- Third-Party AI Services: Third-party AI services such as Google AI may be used, in which case the privacy policies of those services apply.
- Safe Processing of Result Images: Generated result images are immediately deleted from Company servers after being delivered to users.
13. Rights Violation Remedy Methods
If you believe your personal information rights have been violated or you need assistance with privacy-related concerns, you may seek remedy through the following channels:
A. Contact the Company Directly
Please contact our Personal Information Protection Officer first:
Email: inje@hottest.com
We will respond to your inquiry within 7 business days
B. Data Protection Authorities
You have the right to lodge a complaint with your local data protection authority. Depending on your location:
- European Union: Contact your national data protection authority or the lead supervisory authority
- United States: Contact the Federal Trade Commission (FTC) or your state attorney general
- United Kingdom: Information Commissioner's Office (ICO) at ico.org.uk
- South Korea: Personal Information Protection Commission at www.kopico.go.kr or Personal Information Violation Report Center at privacy.kisa.or.kr
- Other regions: Contact your local privacy or consumer protection agency
C. Alternative Dispute Resolution
If you are not satisfied with our response, you may also seek resolution through independent dispute resolution services or legal proceedings available in your jurisdiction.
Supplementary Provisions
This privacy policy takes effect from December 13, 2025.
If you have any questions regarding personal information protection, please contact the above personal information protection officer.
© 2025 Katarina AI. All rights reserved.