SoMa Privacy Policy
Article 1 (General Provisions)
SoMa Inc. (hereinafter referred to as the "Company"), which operates the SoMa service (hereinafter referred to as the "Service"), values the personal information of users and complies with relevant laws and regulations, such as the "Personal Information Protection Act" and the "Act on Promotion of Information and Communications Network Utilization and Information Protection." This Privacy Policy explains what personal information the Company collects, for what purpose it is used, and how it is protected. It also stipulates the users' rights and how to exercise them, provision to third parties, and outsourcing matters, so please read it carefully before using the Service.
Article 2 (Purpose of Collection and Use)
The Company uses the collected personal information within the scope of the following purposes. If the purpose changes, we will notify the user in advance and obtain consent.
- Member Management: Confirmation of intent to sign up, identification and authentication of users, verification of sign-up and age (procedure for legal representative consent if necessary), maintenance and management of membership status, prevention of fraudulent use, identity verification upon password loss, delivery of notices, etc.
- Service Provision and Operation: Class connection and reservation management between Instructors and Members, provision of core functions such as membership vouchers and attendance checks, 1:1 chat service support for consultation/communication, sending notifications (reservation schedules or announcements, etc.).
- Paid Service Processing: Payment of subscription fees, management of payment history and usage period, refund processing, and other e-commerce related services.
- Customer Support and Dispute Resolution: Handling inquiries or complaints, checking records and responding for dispute mediation, delivering notices, and supporting consultations related to service use.
- Service Improvement and New Development: Analysis of user service usage patterns and satisfaction, development of new features and provision of personalized services, provision of event and advertising information (only if separately consented).
- Legal Compliance and Safety Management: Preservation of transaction records according to e-commerce laws, provision of data upon lawful request or order from investigative/administrative agencies, prevention and response to violations of terms and laws, monitoring for system safety and security.
Article 3 (Items Collected and Retention Period)
- Collected Items: The Company processes the following personal information items with the consent of the data subject and retains/processes them within the period stipulated by law or the period agreed upon by the data subject at the time of collection.
| Category |
Purpose |
Items |
Retention Period |
| Required |
Sign-up & Management |
Name, Contact (Phone Number), Email, (For Student Members) Instructor ID of the inviting instructor |
1 year after withdrawal |
| Required |
Service Provision |
Membership info, Class schedule/reservation/attendance info, Chat messages between Instructor and Student |
1 year after withdrawal |
Required
(Sensitive) |
Personalized Service |
Body composition test info (height, weight, analysis data), Photos, Medical history |
1 year after withdrawal |
| Optional |
Marketing |
Name, Contact (Phone Number), Email |
Until withdrawal or consent withdrawal |
- Collection Methods: The Company collects personal information in the following ways:
- Information directly entered by the user during the sign-up or service usage process.
- Collection through automatic data collection tools during service usage.
- Information entered by an Instructor Member on behalf of a Student Member with their consent.
- Retention by Law: The Company retains the following information for a certain period in accordance with relevant laws such as the Act on Consumer Protection in Electronic Commerce.
| Items |
Period |
Legal Basis |
| Records on contract or withdrawal of subscription |
5 years |
E-Commerce Act |
| Records on payment and supply of goods |
5 years |
E-Commerce Act |
| Records on consumer complaints or dispute handling |
3 years |
E-Commerce Act |
| Records on login |
3 months |
Communication Privacy Act |
Article 4 (Provision to Third Parties)
- Provision upon User Request or Consent: Personal information is provided to third parties within the agreed scope when the user consents to provision for external service linkage or specific service usage.
- Provision under Law: Personal information may be provided without user consent exceptionally if there are special provisions in the law or if requested by investigative agencies according to lawful procedures and methods for investigation purposes.
- Provision Necessary for Service Use: Due to the nature of the Service, some personal information may be provided between Members. Student Member's name and reservation info are provided to the Instructor Member, and the Instructor's profile and contact info are provided to the Student Member. This is essential for service fulfillment, and users agree to this upon sign-up.
- Exceptions: Limited provision is allowed without consent within the scope permitted by law, such as when it is deemed urgently necessary for the safety of the user's life or body.
Article 5 (Outsourcing of Personal Information Processing)
- The Company may outsource some of the tasks necessary for service operation to external specialized companies. When outsourcing, the Company clarifies and supervises the trustee's obligation to safely manage personal information in accordance with the Personal Information Protection Act.
- The status of the Company's personal information processing outsourcing is as follows:
- KG Inicis: Payment processing and settlement for paid services
- Kakao: Sending information via AlimTalk, etc.
- If the contents of the outsourced work or the trustee change, we will disclose it through this Privacy Policy without delay.
Article 6 (Rights of Users and Legal Representatives)
- Request for Access/Correction: Users and legal representatives may request access to their personal information held by the Company at any time and request correction if there are errors.
- Withdrawal of Consent and Deletion: Users may withdraw their consent to the collection and use of personal information at any time and have the right to request account deletion through membership withdrawal.
- Request for Suspension of Processing: Users may request a temporary suspension of processing for specific personal information. However, this may be refused in accordance with legal requirements.
- Method of Exercising Rights: Requests can be made in writing, via email, etc., and the Company will take action after verifying the identity of the requester.
- Protection of Minors' Rights: The legal representative of a child under the age of 14 may exercise rights regarding the child's personal information.
Article 7 (Security Measures)
The Company implements the following measures to safely manage users' personal information:
- Administrative Measures: Establishment of internal management plans, employee training, minimization of handling staff.
- Technical Measures: Access control management, encryption of important information, installation and renewal of security programs.
- Physical Measures: Access control to computer rooms and data storage rooms.
Article 8 (Destruction Procedures and Methods)
- The Company destroys personal information without delay when it becomes unnecessary, such as when the retention period expires or the purpose of processing is achieved.
- Destruction Procedure: Personal information subject to destruction is selected and destroyed with the approval of the Data Protection Officer (CPO).
- Destruction Method: Electronic files are destroyed so that they cannot be reproduced, and paper documents are shredded or incinerated.
Article 9 (Automatic Collection of Personal Information)
- The Company may use cookies to provide user convenience.
- Purpose: Maintaining login sessions, saving personalized settings, traffic analysis, etc.
- Refusal Method: You can refuse to save cookies through your browser settings. (e.g., Settings menu in Edge, Chrome)
Article 10 (Data Protection Officer and Department)
The Company oversees personal information processing duties and designates the following officer to handle complaints and damage relief.
- Data Protection Officer (CPO): Lee Chang-jae (CEO) (cjlee@soma.ai.kr, 0502-1935-5034)
- Department: Customer Support Team (Weekdays 09:00~18:00)
Article 11 (Remedies for Infringement of Rights)
Users may contact the following organizations for remedies regarding personal information infringement:
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
- Cybercrime Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr / 1301)
- Cyber Bureau, National Police Agency (cyberbureau.police.go.kr / 182)
Article 12 (Addendum)
- This Privacy Policy applies from December 3, 2025.
- If this policy is modified to reflect changes in laws or services, we will announce it through notices at least 7 days prior to the revision.