Review in Korea
ZH-S
Privacy and data processing

Privacy Policy

How REVIEW IN KOREA handles account, community, analytics, advertising, and service data.

View Terms of Service

Websitereviewinkorea.com

Contactcontact@reviewinkorea.com

Service
REVIEW IN KOREA
Website
https://reviewinkorea.com/
Effective date
May 4, 2026
Last updated
May 4, 2026
Privacy contact
contact@reviewinkorea.com

Contents

OverviewPersonal Information We CollectHow We Use Personal InformationPublic Content and Search Engine VisibilityCookies and Similar TechnologiesAI-Assisted Translation and LocalizationSharing, Entrustment, and Third-Party ProcessingCross-Border Transfers and Overseas ProcessingRetention PeriodsAccount Deletion and Data DeletionDestruction of Personal InformationSecurity MeasuresChildren's Privacy and MinorsYour RightsRights for Users in the EEA, UK, and SwitzerlandAdvertising Choices and Do-Not-Sell / Do-Not-Share NoticesContent, Copyright, and Takedown RequestsInternational UsersChanges to This Privacy PolicyContact Us

1. Overview

This Privacy Policy explains how REVIEW IN KOREA ("REVIEW IN KOREA," "we," "us," or "our") collects, uses, stores, discloses, transfers, protects, and deletes personal information in connection with the REVIEW IN KOREA website and related services available at https://reviewinkorea.com/ and localized URL paths such as /ko/, /en/, and other supported language paths (collectively, the "Service").

REVIEW IN KOREA is a multilingual Korea travel guide and community website that publishes Korea travel content, community-style travel posts, attraction information, restaurant and cafe content, hidden-gem recommendations, cultural experience content, traveler stories, images, and related localized content. The Service also supports user account registration and login, email verification, password reset, account deletion, advertising, analytics, and AI-assisted localization or translation workflows.

This Privacy Policy is intended to satisfy applicable privacy notice requirements, including requirements under the Personal Information Protection Act of the Republic of Korea ("PIPA"), and to provide additional information for users outside Korea where relevant. If a separate Korean-language version of this Privacy Policy is provided, the Korean-language version will prevail to the extent permitted by applicable law, unless a different language version is required to prevail under mandatory local law.

2. Personal Information We Collect

We collect personal information in the ways described below. The exact categories collected may depend on how you use the Service and which features are enabled at the time of use.

2.1 Information you provide directly

CategoryExamplesWhen collected
Account informationEmail address, display name, nickname, password submitted at registration, password confirmationWhen you create or manage an account
Authentication and account status informationEmail verification status, account status, account deletion request, password change requestWhen you verify email, log in, reset or change a password, or delete an account
Community or public contentPost text, title, excerpt, author display name, city names, tags, images, captions, comments or likes if enabled, and other content you choose to submitWhen community, comment, upload, or similar public features are enabled and you use them
Travel Pieces or upload contentImages, file names, metadata, descriptions, and other materials submitted through upload features, if server-side upload is enabledWhen you upload or submit files through the Service
CommunicationsEmail address, name or display name, inquiry details, attachments, and other information you include in a messageWhen you contact us, report content, request support, or submit legal or privacy requests
Rights and complaint informationInformation needed to verify identity, authority, copyright ownership, consent, or legal basis for a takedown, correction, deletion, or privacy requestWhen you submit a legal, privacy, copyright, or content complaint

We do not intend to collect sensitive personal information such as passport numbers, resident registration numbers, precise health information, biometric information, financial account information, or precise location information unless we expressly request it and provide any required notice or consent mechanism. Please do not submit sensitive information or personal information about other people unless you have a lawful basis and any required consent.

2.2 Account authentication and security data

For account and security functions, we may process the following information:

  • Password hashes. We do not intend to store plaintext passwords.
  • Email verification token hashes and expiration times.
  • Password reset token hashes and expiration times.
  • Session token hashes and expiration times.
  • Account status, including active or deleted status.
  • Email verification timestamp and account deletion timestamp.
  • Authentication audit events, such as signup, login, logout, verification, password reset, password change, failed login, account deletion, and security-related events.
  • Rate-limit records and abuse-prevention information.
  • Hashed or truncated identifiers derived from IP address and user-agent information, where available, for abuse prevention and security.

2.3 Automatically collected technical information

When you visit or use the Service, we and our service providers may automatically collect technical information, including:

  • IP address or approximate location derived from IP address.
  • Device, browser, operating system, language, locale, and user-agent information.
  • Referring page, exit page, page URLs, route paths, timestamps, and interaction events.
  • Cookie identifiers, session identifiers, advertising identifiers, analytics identifiers, and similar online identifiers.
  • Log data generated by hosting, content delivery, security, email delivery, analytics, advertising, and application monitoring systems.
  • Information about errors, performance, fraud attempts, rate-limit events, and security events.

We do not currently intend to collect precise GPS or device-based geolocation information through the Service. If map, location, geolocation, or third-party map SDK features are added later, we will update this Privacy Policy and provide any required notice or consent.

2.4 Information from public or third-party sources

Some content on the Service may be created from, imported from, or linked to external source material, including public websites, blogs, source URLs, images, and related metadata. Such source material may include publicly available names, usernames, author display names, profile references, image metadata, location names, URLs, or other information. We use such information for content sourcing, attribution, editorial review, localization, publication, rights management, correction, and takedown handling.

If you believe content on the Service includes your personal information, image, copyrighted work, or other protected material without authorization, contact us at contact@reviewinkorea.com with the details described in the "Your Rights" and "Content, Copyright, and Takedown Requests" sections below.

3. How We Use Personal Information

We process personal information for the following purposes:

PurposeExamples of processing
Account creation and operationCreating accounts, verifying email addresses, authenticating users, maintaining login sessions, changing passwords, resetting passwords, updating nicknames, processing account deletion requests
Service deliveryProviding localized pages, community content, travel content, Travel Pieces features, maps or location-based features if enabled, and other website functionality
Public community featuresPublishing user-submitted or community-style content, displaying author display names, city names, tags, images, comments or likes if enabled, and making published pages available to search engines
Content operation and localizationEditing, formatting, categorizing, translating, localizing, indexing, search optimization, source attribution, and content quality control
AI-assisted translation and localizationSending content, prompts, metadata, and related outputs to AI providers for translation or localization, and storing localization run metadata as described below
Security and abuse preventionDetecting and preventing unauthorized access, account abuse, spam, scraping abuse, malware, fraudulent activity, rate-limit circumvention, and violations of our Terms of Service
CommunicationsSending email verification messages, password reset emails, security notices, service notices, responses to inquiries, privacy request responses, and legal notices
Analytics and service improvementMeasuring traffic, page views, user interactions, performance, language usage, content popularity, and technical reliability
AdvertisingDisplaying, measuring, limiting, and improving advertisements, including through Google AdSense and related advertising technologies
Legal compliance and rights protectionComplying with law, responding to lawful requests, enforcing terms, preserving evidence, resolving disputes, handling complaints, and protecting users, us, and third parties

Where applicable law requires a legal basis for processing, our legal bases may include performance of a contract with you, your consent, our legitimate interests, compliance with legal obligations, protection of legal claims, and protection of vital or public interests where applicable. Where Korean law or other applicable law requires separate consent, we will obtain consent or provide required notice in the manner required by law.

4. Public Content and Search Engine Visibility

Community posts, travel posts, images, author display names, city names, tags, excerpts, comments, and other content that you or others submit for public publication may be displayed publicly on the Service and may be indexed, cached, copied, archived, translated, quoted, or republished by search engines, social media platforms, browsers, AI systems, internet archives, and other third parties.

Please do not submit personal information or images of other people unless you have the right to do so. If you delete your account or request deletion of content, we will take reasonable steps to remove or de-identify content under our control as described in this Privacy Policy, but we may not be able to remove copies, caches, screenshots, translations, search engine results, third-party archives, or content already accessed or copied by others.

5. Cookies and Similar Technologies

We and our service providers use cookies, local storage, pixels, web beacons, tags, scripts, and similar technologies to operate the Service, maintain sessions, remember preferences, analyze traffic, prevent abuse, and display or measure advertisements.

5.1 Types of cookies and similar technologies

TypePurposeExamples
Essential cookiesRequired for login, session management, account security, routing, fraud prevention, and basic website operationHTTP-only session cookies; security and rate-limit identifiers
Preference cookiesRemember language, locale, display, or consent preferencesLocale or cookie-consent settings
Analytics cookiesMeasure traffic, performance, page interactions, and content popularityGoogle Analytics identifiers, if Google Analytics is configured
Advertising cookies and identifiersDisplay, measure, frequency-cap, prevent fraud, and personalize or contextualize ads where permittedGoogle AdSense and related advertising identifiers, cookies, web beacons, IP addresses, and browser/device signals

Our session cookies are intended to be HTTP-only, same-site lax, secure in production, and currently expire after 14 days unless you log out earlier or the session is revoked.

5.2 Google Analytics

When Google Analytics is configured, we use it to understand how visitors use the Service, measure traffic, improve content, and diagnose performance. Google Analytics may collect first-party cookies, device and browser information, on-site activities, IP-related information, and other identifiers depending on our configuration and your choices. We do not intend to send names, email addresses, or other directly identifying personal information to Google Analytics.

For more information about how Google uses information from sites and apps that use Google services, see: https://policies.google.com/technologies/partner-sites

You may be able to manage Google Analytics through browser controls, cookie settings, Google settings, or the Google Analytics opt-out browser add-on where available: https://tools.google.com/dlpage/gaoptout

5.3 Google AdSense and advertising

We use Google AdSense to display advertisements on the Service. Google and its advertising partners may use cookies, web beacons, IP addresses, browser and device identifiers, page URLs, ad interaction data, and other information to deliver ads, measure ad performance, limit ad frequency, combat fraud and abuse, and personalize ads where permitted by law and your settings.

For information about Google advertising and controls, see: https://policies.google.com/technologies/ads and https://adssettings.google.com/

For users in the European Economic Area, the United Kingdom, and Switzerland, we will request legally valid consent for cookies or other local storage and for the collection, sharing, and use of personal data for ads personalization where required by law. Where required by Google policies, we will use a Google-certified Consent Management Platform (CMP) integrated with the IAB Europe Transparency and Consent Framework.

5.4 How to manage cookies

You can manage cookies through your browser settings, device settings, Google ad settings, and any cookie or consent settings made available on the Service. You may block or delete cookies, but some features, including login, account security, language preferences, and content personalization, may not work properly. If you are located in a region where consent is required, you may withdraw or modify consent through the cookie or privacy settings available on the Service.

6. AI-Assisted Translation and Localization

We may use AI-assisted tools, including the OpenAI API, to translate, localize, summarize, format, classify, improve, or quality-check content for multilingual publication and content operations. Depending on the content being processed, the information sent to AI providers may include public or editorial post content, community content, source URLs, location names, tags, titles, excerpts, images or image references, prompt text, response text, and technical metadata.

Our localization workflow may store metadata such as provider name, model name, prompt version, source content hash, request JSON, response JSON, token counts, estimated cost, processing status, and error messages. If user-submitted content or third-party content contains personal information, that information may be included in translation or localization processing unless we remove it before processing.

We do not use AI-assisted translation or localization to make decisions that produce legal or similarly significant effects concerning users. AI-generated translations may be inaccurate, incomplete, or culturally imperfect. We may review, edit, correct, remove, or replace translations at our discretion.

7. Sharing, Entrustment, and Third-Party Processing

We do not sell personal information for money. We may share, entrust, disclose, or make personal information available to third parties in the following circumstances:

  • Service providers and processors: vendors that host, store, deliver, secure, analyze, translate, localize, advertise, or support the Service.
  • Advertising and analytics providers: providers such as Google that process identifiers, cookies, device data, IP addresses, interaction data, and advertising or analytics data according to their roles, our settings, your choices, and applicable law.
  • Legal and safety recipients: courts, regulators, law enforcement, legal advisors, auditors, rights holders, complainants, or other parties where disclosure is required or reasonably necessary to comply with law, enforce terms, protect rights, respond to complaints, or prevent harm.
  • Business transfer recipients: parties involved in a merger, acquisition, financing, restructuring, sale of assets, or similar transaction, subject to appropriate safeguards and notices required by law.
  • With your direction or consent: parties you choose to interact with or authorize.

7.1 Service providers and entrusted processors

The following table describes key providers expected to process information for the Service. This table must be updated if providers, purposes, countries, data categories, or retention periods change.

Provider / recipientRole and purposeData categoriesLocation / transfer destinationRetention / use period
Amazon Web Services, Inc. and affiliates (AWS)Hosting, compute, CDN, application load balancing, database, object storage, email delivery, logging, monitoring, securityAccount data, authentication data, content, images, logs, cookies/session data, technical information, email delivery dataPrimarily Republic of Korea region ap-northeast-2 for application resources; CloudFront/CDN, support, security, and related processing may occur in other AWS locationsDuring provision of the Service and for applicable backup, log, security, legal, and contract retention periods
Google LLC and affiliatesGoogle Analytics, Google AdSense, ad serving, ad measurement, fraud prevention, analytics, and related Google servicesCookie identifiers, IP addresses, device/browser data, URLs, interaction data, advertising identifiers, analytics data, consent signalsGlobal, including the United States and other countries where Google processes dataAccording to our configuration, your choices, Google settings, and Google retention policies
OpenAI, L.L.C. and affiliatesAI-assisted translation, localization, formatting, quality control, and related API processingContent submitted for localization, prompts, outputs, source content hashes, request/response data, metadata that may include personal information if contained in the source contentUnited States and other locations where OpenAI and its sub-processors process dataAccording to our configuration, OpenAI API data controls, and applicable abuse-monitoring or application-state retention periods

7.2 Third-party source platforms and linked websites

The Service may link to or reference third-party websites, blogs, platforms, maps, advertisers, restaurants, cafes, attractions, transportation providers, reservation sites, social media services, and other third-party resources. We do not control the privacy practices of those third parties. If you click a third-party link or interact with third-party content, the third party's privacy policy and terms apply.

8. Cross-Border Transfers and Overseas Processing

Because REVIEW IN KOREA is globally accessible and uses international service providers, personal information may be transferred to, stored in, accessed from, or processed in countries outside your country of residence, including Korea, the United States, and other countries where our providers or their sub-processors operate.

For Korean users, the following table is provided to support disclosures concerning overseas transfer, entrustment, or storage of personal information.

RecipientCountry / regionItems transferredDate and method of transferPurposeRetention and use periodRefusal procedure and effect
AWSKorea (ap-northeast-2) and other AWS locations as applicableAccount data, content, images, logs, authentication/security data, email delivery dataTransmitted continuously over encrypted network connections during Service use and stored in AWS infrastructureHosting, storage, CDN, database, email delivery, logs, security, backupDuring Service operation and applicable retention periodsCertain transfers are necessary to provide the Service. If you refuse necessary processing, you may not be able to use the Service.
GoogleGlobal, including the United StatesCookie identifiers, IP address, device/browser data, URLs, ad and analytics interaction data, consent signalsTransmitted automatically through Google scripts, cookies, tags, and browser requests when analytics or ads are loadedAnalytics, ad serving, ad measurement, fraud prevention, personalization where permittedAccording to Google policies, our settings, and your choicesYou may manage cookies, consent, Google ad settings, and browser controls. Some ads or analytics functions may be limited.
OpenAIUnited States and other OpenAI processing locationsContent submitted for localization, prompts, outputs, request/response metadata, source hashes, and any personal information contained in such contentTransmitted over encrypted API connections when localization workflows are runAI-assisted translation, localization, formatting, and quality controlAccording to OpenAI API data controls, our settings, and applicable retention controlsIf you do not want your user-submitted content processed for localization, do not submit content for public publication or contact us before publication where feasible. Some multilingual features may not be available.

Where applicable law requires separate consent for cross-border transfer or overseas processing, we will obtain consent or provide required disclosure in the manner required by law.

9. Retention Periods

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law, necessary for dispute resolution, security, fraud prevention, or legal claims, or required to comply with a legal obligation.

Data categoryStandard retention period
Account informationWhile your account is active. When you delete your account, we revoke active sessions, delete or detach user-owned community posts tied to the account where technically configured, change account status to deleted, and replace the email address with a deleted local placeholder, unless retention is required by law, security, backup, dispute, or legitimate business needs.
Session tokensCurrently up to 14 days from issuance, unless you log out earlier, the session expires, or we revoke it for security reasons.
Email verification tokensCurrently expire after 24 hours. Token hashes and related records may be deleted or overwritten after expiration or retained for short security/audit periods.
Password reset tokensCurrently expire after 30 minutes. Token hashes and related records may be deleted or overwritten after expiration or retained for short security/audit periods.
Authentication audit eventsRetained for security, abuse prevention, investigation, and legal compliance as long as reasonably necessary, unless a longer period is required for an incident, dispute, or legal obligation.
Rate-limit and abuse-prevention recordsRetained as long as reasonably necessary to prevent abuse, spam, unauthorized access, and scraping, unless a longer period is required for security or legal reasons.
Public community posts and assetsRetained while published or as necessary for content operation. If tied to a deleted account, user-owned posts may be deleted according to account deletion settings. Publicly sourced, editorial, or legally retained content may remain unless removed through moderation, correction, rights request, or legal process.
Uploaded images and filesRetained while published or needed for Service operation, backup, moderation, rights management, security, or legal reasons.
Contact and support recordsRetained as long as reasonably necessary after the matter is closed, unless a longer period is required for legal claims or compliance.
Localization run metadataRetained as long as reasonably necessary for quality control, debugging, cost accounting, provenance, rights management, and audit purposes.
Server, CDN, email, database, and application logsRetained as long as reasonably necessary where needed for security, incident response, legal compliance, or dispute resolution.
BackupsRetained according to backup cycles. Deleted or anonymized data may remain in backups until overwritten or securely deleted according to the backup schedule.
Legal, complaint, and rights-management recordsRetained for the period necessary to handle the request, preserve evidence, comply with law, resolve disputes, and protect rights.

10. Account Deletion and Data Deletion

You may request account deletion through the account deletion feature, if available, or by contacting us at contact@reviewinkorea.com. When an account is deleted, we currently intend to:

  1. Revoke active sessions associated with the account.
  2. Delete user-owned community posts tied to the account where the Service is configured to do so.
  3. Soft-delete the account by changing account status and replacing the email address with a deleted local placeholder.
  4. Retain limited security, audit, rate-limit, backup, legal, and rights-management records where necessary or permitted by law.

Deletion may not immediately remove data from technical backups, logs, caches, search engines, third-party archives, screenshots, or third-party services outside our control. Public content copied or indexed before deletion may remain available elsewhere. We will take reasonable steps to delete or de-identify personal information under our control when retention is no longer necessary.

11. Destruction of Personal Information

When personal information is no longer necessary and no legal or operational retention basis applies, we will delete, anonymize, or de-identify it using reasonable methods appropriate to the format and sensitivity of the information. Electronic records may be deleted, overwritten, de-indexed, anonymized, or rendered irrecoverable through commercially reasonable methods. Physical records, if any, will be shredded, destroyed, or otherwise securely disposed of.

12. Security Measures

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, misuse, and destruction. These safeguards may include:

  • Password hashing rather than plaintext password storage.
  • Token hashing for email verification, password reset, and session tokens.
  • HTTP-only session cookies with SameSite settings and secure flags in production.
  • SSL/TLS for website and database connections where configured.
  • Rate limiting and abuse-prevention controls.
  • Authentication audit logging.
  • Access controls for databases, servers, and infrastructure.
  • AWS-hosted infrastructure with controlled database and object-storage access.
  • S3 public access blocks and CloudFront Origin Access Control for public asset delivery.
  • Monitoring and logging for security, reliability, and incident response.

No website, network, database, or transmission method is completely secure. You are responsible for keeping your password confidential, using a strong and unique password, logging out from shared devices, and notifying us promptly if you suspect unauthorized account access.

13. Children's Privacy and Minors

The Service is intended for a general audience interested in Korea travel content, but it is not directed to children under 14 years of age. We do not knowingly collect personal information from children under 14 without verifiable consent from a legal guardian where required by law.

If you are under 14, do not create an account, submit personal information, or post content unless your legal guardian has provided consent in the manner required by applicable law. If you are a minor under the law of your residence, you should use the Service only with the consent and supervision of a parent or legal guardian.

If you believe a child has provided personal information without required guardian consent, contact us at contact@reviewinkorea.com. We will review the matter and take appropriate steps, which may include deleting the information or the account.

14. Your Rights

Subject to applicable law, you may have the right to:

  • Request access to your personal information.
  • Request correction of inaccurate or incomplete personal information.
  • Request deletion of personal information.
  • Request suspension or restriction of processing.
  • Withdraw consent where processing is based on consent.
  • Object to certain processing where applicable law provides such right.
  • Request account deletion.
  • Request information about entrustment, third-party disclosure, or cross-border transfer where required by law.
  • Designate an agent or representative where permitted by law.
  • Lodge a complaint with a competent supervisory authority.

To exercise your rights, contact us at contact@reviewinkorea.com or use the relevant account settings if available. We may ask you to verify your identity, account ownership, request details, and authority to act on behalf of another person. We will respond within the period required by applicable law. We may deny or limit requests where permitted by law, including where necessary to protect another person, preserve evidence, comply with law, prevent fraud or abuse, protect security, or maintain records that we are legally required or permitted to retain.

15. Rights for Users in the EEA, UK, and Switzerland

If the GDPR, UK GDPR, Swiss data protection law, or similar law applies to your use of the Service, you may have additional rights, including the right to request access, rectification, erasure, restriction, portability, objection to processing based on legitimate interests, objection to direct marketing, withdrawal of consent, and the right to lodge a complaint with a data protection authority.

Where applicable, our legal bases may include performance of a contract, consent, legitimate interests, compliance with legal obligations, and protection of legal claims. Our legitimate interests may include operating and improving the Service, publishing and localizing content, securing the Service, preventing fraud and abuse, measuring performance, and protecting legal rights, provided those interests are not overridden by your rights and interests.

16. Advertising Choices and Do-Not-Sell / Do-Not-Share Notices

We do not sell personal information for money. However, some privacy laws may define "sale," "sharing," or "targeted advertising" broadly to include certain uses of advertising cookies, pixels, or identifiers by third-party advertising partners. Where such laws apply, you may have the right to opt out of sale, sharing, or targeted advertising. You can manage these choices through our cookie settings, browser controls, Google ad settings, and other mechanisms we make available.

17. Content, Copyright, and Takedown Requests

If you believe that content on the Service infringes your rights, includes your personal information unlawfully, uses your image without authorization, lacks proper attribution, is inaccurate, or should be removed for another lawful reason, contact us at contact@reviewinkorea.com.

Please include, where relevant:

  1. Your name and contact information.
  2. The URL of the content at issue.
  3. A description of the rights, personal information, image, or material involved.
  4. Evidence that you are the rights holder, data subject, authorized representative, or otherwise entitled to submit the request.
  5. The action requested, such as correction, attribution, removal, de-indexing, restriction, or replacement.
  6. A statement that the information in your request is accurate and that you are authorized to submit it.

We may remove, restrict, edit, de-index, disable, preserve, or decline to act on content depending on the circumstances, applicable law, evidence provided, user safety, public interest, legal obligations, and our Terms of Service. We may also forward relevant information to the user or third party that posted or supplied the content, to legal advisors, or to competent authorities where appropriate.

18. International Users

The Service is operated for a Korea-based website and is accessible globally. If you access the Service from outside Korea, your information may be processed in Korea and in other countries where our service providers operate. These countries may have privacy laws different from those in your location. We will take steps required by applicable law to protect personal information transferred internationally.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Service, technology, providers, legal requirements, or operational practices. We will post the updated version on the Service and update the "Last updated" date. Where required by law or where changes are materially adverse to users, we will provide prior notice through the Service, email, or other appropriate means. Unless a different date is stated, the updated Privacy Policy will take effect when posted or on the effective date specified in the notice.

20. Contact Us

For privacy requests, questions, complaints, account deletion requests, cookie-choice inquiries, content complaints, or takedown requests, contact:

REVIEW IN KOREA Privacy Contact Email: contact@reviewinkorea.com