1. General
FFKR service operator ("Company") operates FFKR and related websites, mobile web, apps, and customer support channels (collectively, the "Service"). The Company establishes and discloses this Privacy Policy in order to process users' personal information lawfully and transparently in compliance with applicable laws, including the Personal Information Protection Act of Korea.
This Policy applies to personal information processed when users use features such as sign-up, login, team management, schedule management, community services, inquiries, and notifications within the Service.
Effective date: 2026-02-01
Last updated: 2026-02-01
2. Personal Information We Process
The Company processes only the minimum personal information necessary to provide the Service. Depending on the circumstances, the Company may process personal information based on applicable legal grounds such as contract performance, legal obligations, user consent, or legitimate interests.
2.1 Sign-up and Login
- Required information: name, email address, password
- Optional information: profile image, marketing consent preference
- For social login or account linking: identifier, email address, name, profile image, and other information required for connection that is provided by the external service selected by the user
- Purpose of processing: user identification, authentication, account creation and maintenance, fraud prevention, service notices, and account security management
- Retention period: until account deletion, unless a longer retention period is required by applicable law
2.2 Information Generated Through Profiles, Teams, Community Features, and Service Use
- Profile information: nickname or display name, profile image, introduction, and other information entered by the user
- Team/group operation information: team name, team logo, member information, role information, schedules, attendance, announcements, match/scrimmage/PlayMaker-related records
- Community information: posts, comments, attachments, and author information disclosed according to visibility settings
- Purpose of processing: community operation, team management features, collaboration and communication between users, record management, and service improvement
- Retention period: until account deletion or achievement of the purpose of use. However, posts or team operation records may be anonymized or separately retained within the scope permitted by law and service operation policy.
2.3 Customer Inquiries and Support
- Processed information: name, email address, inquiry details, attachments, support history
- Automatic or security verification data: CAPTCHA token, access environment information
- Purpose of processing: receiving and responding to inquiries, identity verification, complaint handling, service stability, and abuse prevention
- Retention period: 3 years after completion of inquiry handling, or the period required by applicable law
2.4 Notifications and Push Services
- Processed information: device identifier, push token, operating system information, app version, notification settings
- Purpose of processing: service notices, security alerts, notifications related to schedules, team activities, and posts, and push delivery within the scope permitted by the user
- Retention period: until notification opt-out, app deletion, logout, account deletion, or token invalidation
2.5 Information That May Be Collected Automatically During Service Use
- Processed information: IP address, access date and time, access logs, device/browser information, cookies, session information, usage records, error logs
- Purpose of processing: service security, traffic statistics, incident analysis, abuse detection, and optimization of the user environment
- Retention period: in accordance with applicable laws or internal retention policies
3. Purposes of Processing Personal Information
The Company processes personal information for the following purposes:
- Confirming the intent to register, user identification, login, and account management
- Providing and operating the Service, including team collaboration features, boards, and community features
- Responding to user inquiries, delivering notices, and resolving disputes
- Security, authentication, fraud prevention, and abuse prevention
- Service analytics, error monitoring, and feature improvement
- Sending newsletters, event notices, benefits, and other marketing information where the user has separately consented
4. Legal Bases for Processing Personal Information
To the extent permitted by applicable law, the Company may process personal information on the following legal bases:
- Consent of the data subject
- Performance of a contract with the data subject or steps requested prior to entering into a contract
- Compliance with legal obligations
- The Company's legitimate interests, such as fraud prevention, security, and incident response, provided that such interests do not unfairly infringe the rights and interests of the data subject
5. Provision of Personal Information to Third Parties
In principle, the Company does not provide users' personal information to external parties. Exceptions may apply in the following cases:
- Where the user has separately given prior consent
- Where disclosure is required by law or requested lawfully by investigative or other competent authorities
- Where the user discloses posts, team information, or profile information to other users through visibility settings
- Where disclosure is necessary for payment, refunds, identity verification, delivery, or service provision within the scope separately notified or consented to
If the Company provides personal information to a third party, it will separately notify or disclose in this Policy the recipient, purpose, items provided, and retention/use period.
6. Entrustment of Personal Information Processing
To provide the Service smoothly, the Company may entrust certain tasks to external specialized service providers. When entering into entrustment agreements, the Company specifies and supervises the necessary safeguards so that personal information is handled safely in accordance with applicable law.
Major entrusted task categories currently used or that may be used depending on the operating environment include:
- Operation of cloud infrastructure, databases, and authentication services
- Email delivery and notification sending
- Customer inquiry intake and support response
- Push notification delivery
- Security verification (CAPTCHA), incident monitoring, and log analysis
Examples of entrusted vendors or connected services:
- Supabase: authentication, database, storage
- Resend: email delivery
- Firebase Cloud Messaging: push notifications
- hCaptcha, Cloudflare Turnstile: automated abuse prevention
The Company will disclose the actual names of entrusted service providers, entrusted tasks, and changes thereto through this Policy or separate notices, based on the services in operation.
7. Overseas Transfer of Personal Information
During operation of the Service, the Company may transfer personal information overseas for cloud services, authentication, email, push notifications, analytics, or security solutions. If overseas transfer occurs, the Company will disclose the following information to users or obtain consent where required by the Personal Information Protection Act and other applicable laws:
- Recipient of the transfer
- Country to which the information is transferred
- Categories of personal information transferred
- Purpose of the transfer
- Time and method of the transfer
- Retention and use period
- How to refuse the transfer and any disadvantages of refusal
Where overseas transfer actually occurs, the Company will keep the above information up to date based on the services currently in operation.
8. Retention and Use Period of Personal Information
The Company retains and uses personal information for the period notified at the time of collection or until the purpose of processing has been achieved. However, in accordance with applicable law, certain records may be retained for a specified period as follows:
- Records on consumer complaints or dispute resolution: 3 years
- Records on display and advertising: 6 months
- Communication confirmation data such as access logs and IP records: the period required by applicable law
Information retained under statutory retention requirements is stored separately from general user information and is not used for any purpose other than the relevant legal purpose.
9. Procedures and Methods for Destruction of Personal Information
When personal information becomes unnecessary due to expiration of the retention period or achievement of the processing purpose, the Company destroys the relevant personal information without delay. If retention is required by law, the information will be separately stored and destroyed after the relevant retention period ends.
Destruction procedures and methods are as follows:
- Electronic files: deleted using technical methods that prevent recovery or restoration
- Paper documents: shredded or incinerated
10. Rights of Data Subjects and How to Exercise Them
Users may exercise the following rights against the Company within the scope permitted by applicable law:
- Request access to personal information
- Request correction or deletion of personal information
- Request suspension of processing of personal information
- Withdraw consent
- Withdraw optional consents such as overseas transfer or marketing consent
Such rights may be exercised in writing, by email, or through other methods provided by the Company using the contact information below. The Company will respond within the period prescribed by applicable law.
However, requests for deletion or suspension of processing may be restricted where another law specifically requires retention of the relevant personal information.
11. Use of Cookies and Similar Technologies
The Company may use cookies or similar technologies to maintain login status, enhance security, store service environment settings, and analyze service usage statistics.
Users can refuse or delete cookies through browser settings. However, refusing cookies may limit the ability to maintain login status, save preferences, or use certain features.
Please refer to the help pages provided by each browser vendor for detailed browser-specific instructions.
12. Marketing and Promotional Communications
The Company sends marketing information such as events, benefits, promotions, and newsletters via email, text messages, app push, or other electronic means only where the user has separately consented.
Marketing consent is optional, and refusal does not restrict basic use of the Service. Users may withdraw consent or opt out at any time.
13. Measures to Ensure the Security of Personal Information
The Company takes the following safeguards to prevent loss, theft, leakage, forgery, alteration, or damage of personal information:
- Minimization of access rights and access control
- Protection measures for authentication information such as passwords
- Encryption in transit and protection of stored data
- Retention of access logs and monitoring of abnormal activity
- Security updates, malware prevention, and vulnerability checks
- Administrative oversight of entrusted vendors and internal personnel
14. Children's Personal Information
The Company does not allow children under the age of 14 to register for or use the Service. If the Company becomes aware that it has collected personal information from a child under 14, it will promptly delete the information or review other measures required by law.
15. Chief Privacy Officer and Contact Information
The Company designates the following person or department to oversee personal information protection and handle complaints and remedies related to personal information processing:
- Privacy protection entity: FFKR
- Email: scvpjk@naver.com
16. Remedies for Infringement of Rights
Users may contact the following institutions for reporting or consultation regarding personal information infringement:
- Personal Information Infringement Report Center: 118 (without area code) / https://privacy.kisa.or.kr
- Personal Information Dispute Mediation Committee: 1833-6972 / https://www.kopico.go.kr
- Supreme Prosecutors' Office: 1301 (without area code) / https://www.spo.go.kr
- Korean National Police Agency: 182 (without area code) / https://ecrm.police.go.kr
17. Changes to This Privacy Policy
The Company may revise this Privacy Policy if there are changes in applicable law, service features, processing items, or operating policies.
- For material changes: notice at least 7 days before the effective date
- For changes that materially affect users' rights: notice at least 30 days before the effective date
Previous versions of this Privacy Policy may be made available through a method designated by the Company.