Privacy Policy
Effective 2026-06-05 · v1.0 (Draft)
LINKSUP Co., Ltd. (“the Company”) operates Sooddang (sooddang.com, “the Service”) and treats your personal data with care, in compliance with the Korean Personal Information Protection Act (PIPA) and other applicable laws. This policy applies to all users of the Service, including overseas suppliers and domestic/overseas buyers.
1. Controller Information
- Operator: LINKSUP Co., Ltd.
- Representative: [____]
- Business registration no.: [____]
- Address: [____]
- General contact: [email protected]
- Chief Privacy Officer (CPO): [name / title / email ____]
2. Personal Data We Collect and How
The Company collects the following personal data to provide the Service.
| Category | Items | When collected |
|---|---|---|
| Sign-up | Email address (email magic link or Google OAuth), country code | At registration |
| Company profile | Company name (English/local), country, business type, website, logo, company description | When creating a profile |
| Products & certifications | Product information, certificate files (PDF — e.g. HACCP/MSC), issuing body, certificate number, validity period | When listing products/certs |
| Guest inquiry / supply offer | Email (required), name & company (optional), message, IP address, browser info (User-Agent), captcha (Turnstile) pass record | When sending an inquiry/offer |
| Trade activity | RFQ and message content, service usage logs (activity logs) | During use of the Service |
3. Purposes of Processing
- Member identification, authentication, and account management
- Publishing supplier profiles, products, and certifications and exposing them in search
- Intermediating inquiries, RFQs, and messages between buyers and suppliers
- Sending notification emails about trades and inquiries
- Providing multilingual automatic translation of content
- Preventing spam and abuse, and securing the Service
- Compliance with legal obligations and dispute handling
4. Retention and Use Period
- Member data: until account withdrawal, except where law requires longer retention.
- Guest inquiries / supply offers: retained for a limited period after handling, then destroyed.
- Service usage logs (activity logs): retained for 30 days and then automatically destroyed (may be migrated to an analytics log system thereafter).
- Statutory retention: where required by law (e.g. the Act on Consumer Protection in Electronic Commerce), records are kept for the period prescribed by that law.
5. Provision to Third Parties
The Company does not provide personal data to third parties without consent. However, to enable the core SEACHING (seaching.co.kr) classification/search integration, the following information is shared.
| Recipient | Items shared | Purpose |
|---|---|---|
| SEACHING | Company name, country, business type; published product catalog; whether certifications are held; HS-code/category matching index | Exposure in SEACHING search and classification matching |
Contact-person personal data (PII), RFQ content, and message content are NOT shared with SEACHING. [To be confirmed: if SEACHING is operated by the same legal entity as LINKSUP Co., Ltd., the above integration is corrected to internal use within one entity rather than “provision to a third party.”]
6. Outsourcing (Processors)
The Company entrusts the following processing to provide the Service smoothly.
| Processor | Entrusted work | Data scope |
|---|---|---|
| Supabase Inc. | Database operation and authentication | All personal data arising from use of the Service |
| Cloudflare Inc. | Hosting, file storage (R2), captcha (Turnstile) | Access logs, uploaded files |
| Resend | Notification email delivery | Recipient email, notification content |
| Anthropic PBC | Automatic content translation | Company name, product name, company description (may include identifying info such as company name) |
7. Cross-Border Transfer of Personal Data
To provide the Service, the Company transfers personal data overseas (for processing/storage) as set out below (PIPA Art. 28-8). Users are deemed to consent to these transfers when registering and using the Service.
| Recipient / Country | Items | Purpose | Timing & method | Retention |
|---|---|---|---|---|
| Supabase Inc. / USA (data region: Tokyo, Japan) | All personal data | DB & authentication | Transmitted over the network during use | Until termination of the processing agreement |
| Cloudflare Inc. / USA (global edge) | Access logs, uploaded files | Hosting, file storage, spam prevention | Transmitted over the network during use | Until termination of the processing agreement |
| Resend / USA (sending region: Tokyo, Japan) | Recipient email, notification content | Email delivery | Transmitted when sending email | Until termination of the processing agreement |
| Anthropic PBC / USA | Company name, product name, company description | Automatic translation | Transmitted when a translation is requested | Not retained after processing (per agreement) |
You may refuse the cross-border transfer of your personal data; however, doing so may restrict your use of all or part of the Service.
8. Your Rights and How to Exercise Them
You may at any time request access to, correction, deletion of, or suspension of processing of your personal data by contacting [email protected] or the CPO. The Company will act without undue delay.
Users subject to the GDPR (EU/UK, etc.) additionally have the rights to data portability, to object to processing, to rights regarding automated decision-making, and to lodge a complaint with a supervisory authority. The legal bases for processing under the GDPR are performance of a contract, legitimate interests, consent, and compliance with legal obligations.
9. Destruction of Personal Data
Personal data is destroyed without delay once the retention period elapses or the purpose is achieved. Electronic files are permanently deleted by irrecoverable means, and printed materials are shredded or incinerated.
10. Cookies and Automatic Collection
The Service uses cookies and similar technologies to maintain authentication sessions, distinguish visits, and prevent spam. See the Cookie Policy (/legal/cookies) for details and how to manage them.
11. Security Measures
- Access controls (database row-level security, RLS) and least-privilege principles
- Encryption in transit (HTTPS/TLS)
- Access controls for sensitive files such as certificates
- Retention and tamper-protection of access logs
12. Chief Privacy Officer and Contact
You may direct privacy-related inquiries, complaints, and remedy requests to the contact above.
- Chief Privacy Officer (CPO): [name / title ____]
- Email: [____] / [email protected]
13. Remedies for Infringement
For reporting or counseling on personal-data infringement, you may contact:
- Personal Information Dispute Mediation Committee (kopico.go.kr, +82-1833-6972)
- Privacy Infringement Report Center, KISA (privacy.kisa.or.kr, 118)
- Cyber investigation units of the Supreme Prosecutors’ Office / National Police Agency
14. Changes to This Policy
This policy may be amended in line with changes in law or the Service. Changes and their effective date will be announced within the Service, with prior notice for material changes.