1. Controller and Scope
This policy applies to the Myven website, landing pages, signup and authentication, dashboards, public profiles, bio links, Instagram comments and direct messages (DM) automation, sponsorship proposals, customer support, service emails, product analytics, and security operations.
Myven primarily complies with the Personal Information Protection Act of Korea and also considers other applicable privacy, consumer, e-commerce, communications, and platform rules depending on user location, payment use, or external service connections.
Myven processes personal information only as needed to provide the service, manage accounts, operate public profiles and Instagram integrations, protect security, provide support, send service notices, improve the product, and comply with law. If a user refuses required processing or required processors, Myven may be unable to provide core features such as signup, login, public profiles, and Instagram integrations.
Company and responsible-person information, including the controller, privacy officer, privacy request handler, address, phone, and email, is available on the [Company](/company) page.
2. Purposes, Data, Retention, and Basis
The table below summarizes the purposes, data, retention periods, and legal basis for Myven's personal information processing.
Current Myven processing inventory | Purpose | Data | Retention | Basis / Nature |
| Signup, email verification, login, account management | Email, username, encrypted password, account status, email verification and password reset records, authentication provider, signup/update/deletion records | Until account deletion. One-time verification records are retained only while operationally needed after verification or expiration. Direct identifiers are deleted or anonymized when account deletion is processed. | Contract performance, security, abuse prevention |
| Beta signup, waitlist, benefits and coupon eligibility | Signup sequence, beta group, coupon and benefit eligibility, invitation and notice email records, referral signup information | Until account deletion so that benefits can be provided and confirmed. After deletion, data is deleted or anonymized except where legal retention applies. | Service provision, benefit administration, signup requested by the user |
| Referral links and attribution | Referral code, referrer and referred-user relationship, referral status, creation and end records | Until account deletion. If the referrer deletes the account, the direct identifying relationship may be anonymized or disconnected. | Service feature provision, benefit administration, abuse prevention |
| Public profiles, bio links, redirects, dashboard editing | Public username, display name, profile image, public visibility, search-engine visibility setting, social links and sponsored links | Until the user deletes the item or account. Public output is hidden and direct identifiers are deleted or anonymized on account deletion. | Contract performance and user-directed publication |
| Profile images and sponsorship attachments | File management information, upload confirmation information, public URL, security scan state, expiration and attachment state | While connected to a profile or proposal. Unattached temporary files are subject to deletion after expiration. | Service feature provision, malicious file and abuse prevention |
| Instagram account connection, comments, and direct messages (DM) automation | Instagram account identifier, username, profile image, connection status, permissions, integration token, comment and DM events, automation settings, delivery results | While the Instagram connection remains active. Tokens are revoked or disabled on disconnect or deletion, while legal, security, and dispute records may be retained where needed. | User-requested Instagram automation, Meta and Instagram policy compliance, security |
| Sponsorship proposals and transactional features | Company, contact name, phone, email, budget, media channels, usage rights, deliverables, AI-generated-content permission, approval criteria, progress status, attachment information | While needed for proposal handling, disputes, and abuse prevention. Deletion requests are handled by deletion or anonymization except where legal retention or dispute handling applies. | Proposal handling, pre-contract steps, abuse prevention |
| Public performance analytics and dashboard statistics | Visit, click, link movement, redirect records, visit date, page and link classification information, de-identified information for duplicate-visit detection, suspected abuse information | Retained as needed for service statistics and abuse prevention. Raw access information that directly identifies an individual is not stored. | Essential product analytics, performance improvement, abuse prevention |
| Security, incident response, and service reliability | Error type, request path, processing status, processing time, service environment information, and similar operational records | Retained as needed for security, incident response, and service reliability. Unnecessary direct identifiers are managed so they are not included in operational records. | Security, incident response, service reliability |
| Customer support, important notices, transactional emails | Email address provided by the requester, support content, handling records, send/receive/delivery status | Retained after support completion for the period needed for disputes, security, and legal compliance. | User request handling, service notices, legal compliance |
| Paid services, sponsorship contracts, revenue settlement, digital goods | Paid features are currently in preparation. If launched, Myven may process payment provider identifiers, receipts, billing email, tax, refund, dispute, settlement records, and guardian consent or age verification records. Myven does not store sensitive information such as full card numbers. | If transactions are provided, retention follows contract performance and e-commerce, tax, accounting, consumer dispute, and settlement laws. | Contract performance, legal obligations, settlement and dispute handling |
3. Minors and Legal Representatives
Myven does not categorically prohibit minors from signing up. If Myven needs to process personal information of a child under 14, it will first satisfy legal-representative consent and other Korean privacy requirements.
Members under 19 are classified as minor members. Myven may restrict some features, including paid services, advertising or sponsorship contracts, revenue settlement, and digital product sales.
If a minor uses paid or transactional features without legal-representative consent, the minor or the legal representative may cancel the contract under applicable law.
Myven may require legal-representative consent, identity confirmation, or age confirmation to protect minors, maintain transaction stability, and comply with law.
4. Deletion and Destruction
When account deletion is requested, Myven disables the account, prevents login, and deletes or anonymizes direct identifiers such as email, username, name, and authentication provider identifiers.
Public profile output, social links, sponsored links, and other public information are hidden, deleted, or anonymized. Legal retention records, dispute records, security audit records, and statistical analytics may be retained, separated, or anonymized where immediate deletion would undermine legal obligations or service integrity.
Electronic files are deleted or anonymized in a way that makes recovery difficult. Paper records, if any, are shredded or destroyed by an equivalent method.
5. Sharing
Myven does not sell personal information. Myven does not disclose personal information to third parties except where required by law, requested or consented to by the user, or necessary to provide the service.
If a user connects Instagram, Myven communicates with Meta and Instagram services to perform the requested automation and may exchange account identifiers, permissions, message and comment events, and delivery requests with Meta Platforms, Inc. and its affiliates.
For sponsorship proposals, proposal details such as company, contact information, budget, deliverables, and usage rights are provided to the owner of the relevant public profile for review.
6. Processors
Myven may outsource the following processing to external providers to provide the service. Refusing a required processor may prevent Myven from providing the relevant feature or the service. Optional processors will be separately disclosed or consented to where required when introduced.
Key processors | Processor | Role | Type |
| Amazon Web Services, Inc. and affiliates | Service hosting, data storage, file storage, email delivery, security and incident response | Required: refusal prevents service provision |
| Meta Platforms, Inc. and Instagram services | Instagram account authentication, permission checks, comments and direct messages (DM) related functions requested by the user | Required: refusal prevents Instagram integration |
| PostHog, Inc. | Not currently used. If introduced, it may process usage records for product analytics, quality improvement, and feature usability analysis. | Optional |
| Google LLC | Not currently used. If introduced, it may process usage records for web and product analytics, conversion measurement, and quality improvement. | Optional |
| Email and customer support providers | Email delivery, inquiry receipt, customer support handling | Required: refusal prevents account verification, security notices, important notices, and support |
| Payment provider | Not currently used. If paid services launch, Myven may outsource payment authorization, billing, refunds, receipts, tax, settlement, and dispute processing. | Required: refusal prevents paid and transactional features |
7. Cross-Border Processing
Myven is hosted in Korea. If Myven uses a service provided outside Korea or a product operated by an overseas provider, Myven will disclose the recipient, country, transferred data, purpose, and retention period in this policy or in the service UI.
Services that may involve cross-border processing | Service | Processing | Type |
| Meta Platforms, Inc. and Instagram | Instagram account identifiers, permissions, comments, and direct messages (DM) may be processed outside Korea while providing Instagram integration features. | Required: refusal prevents Instagram integration |
| PostHog, Inc. | Not currently used. If introduced, product analytics and quality-improvement information may be processed outside Korea, and Myven will provide the required notice before introduction. | Optional |
| Google LLC | Not currently used. If introduced, web and product analytics information may be processed outside Korea, and Myven will provide the required notice before introduction. | Optional |
| Payment provider | Not currently used. If paid services launch, payment, refund, settlement, and dispute information may be processed outside Korea, and Myven will provide the required notice before introduction. | Required: refusal prevents paid and transactional features |
8. Cookies, Tracking, and Behavioral Data
Myven may use cookies or similar technologies for language preferences, login sessions, security protection, public performance analytics, and abuse prevention.
PostHog and Google Analytics are not currently used. If introduced, Myven will update this policy or the service UI with the collected data, retention period, opt-out or restriction method, and advertising personalization status.
Tracking technologies | Type | Data | Purpose | Restriction method |
| Essential cookies | Language preference information, login session information, security protection information | Language state, login session, security protection | Browser blocking is possible, but blocking essential cookies may break login, dashboard, and security features. |
| Myven first-party performance analytics | Visit, click, link movement, redirect records, page and link classification information, de-identified duplicate-visit information, suspected abuse information | Creator dashboard statistics, performance improvement, abuse prevention | Essential product analytics and security processing. Refusal may limit public profile and dashboard features. |
| PostHog if introduced | Product usage events, page movement, clicks, session replay, errors, feature usage, and other configured items | Product analytics, feature improvement, incident analysis | Browser blocking, service settings, or support request paths may be available. |
| Google Analytics if introduced | Page and event records, device and browser information, referrer, campaign, approximate location. Myven does not send direct identifiers such as email, phone, real name, or precise location. | Web analytics, conversion measurement, quality improvement | Browser cookie restrictions, Google Analytics opt-out tools, service settings, or support request paths may be available. |
9. Generative AI
Myven currently does not process personal information in generative AI services. User-entered personal information, Instagram messages, sponsorship proposals, attachments, and dashboard data are not provided to external generative AI models or large language model (LLM) training.
If an AI feature later processes personal information, Myven will update this policy and the service UI before launch to disclose purposes, inputs and outputs, training use, processors, cross-border transfers, opt-out rights, and deletion, correction, and suspension methods.
10. Automated Decisions
Myven currently does not make fully automated decisions that materially affect user rights or obligations, such as credit scoring, hiring, price discrimination, or contract refusal.
The beta early-access or waitlist classification is a first-come operating rule based on signup sequence and capacity. Users may request an explanation or correction through the customer support contact details on the [Company](/company) page.
11. Security Measures
- Myven limits access to personal information through access controls and permission checks.
- Myven applies safeguards such as encrypted transmission, secret management, and file type and size limits.
- Myven manages service operation records and analytics records so unnecessary direct identifiers are not included.
- Public performance analytics is handled in a way that makes direct identification difficult.
- If a security incident occurs, Myven will notify, report, mitigate harm, and prevent recurrence as required by applicable law.
12. Rights Requests
Users and legal representatives may exercise rights available under applicable law, including access, transfer, correction, deletion, suspension of processing, consent withdrawal, and requests to refuse or explain automated decisions.
Requests can be sent through the customer support contact details on the [Company](/company) page. Myven verifies the requester or authorized representative and responds within the period required by law.
Some requests may be limited, anonymized, or handled through separated retention where legal retention, security, abuse prevention, dispute handling, transactions, settlement, tax records, or third-party rights require it.
13. Privacy Contact and Remedies
Privacy inquiries, rights requests, complaints, and remedy requests may be sent through the customer support contact details on the [Company](/company) page.
The privacy officer, privacy request handler, and contact details are available on the [Company](/company) page.
For privacy infringement consultation or reporting in Korea, users may contact the KISA Privacy Infringement Report Center at privacy.kisa.or.kr or 118, the Personal Information Dispute Mediation Committee at kopico.go.kr, or the Personal Information Protection Commission portal at privacy.go.kr. Criminal or investigation matters may be directed to the relevant law-enforcement agency.