Privacy Policy

A transparent guide to how we use, store, and delete the personal information collected on this site — and how we protect your rights.

Cooking Transfer AI ("the Company") protects the personal information of visitors to this website (a public business-introduction and partnership-intent site, "the Site") in accordance with Korea's Personal Information Protection Act (PIPA) and related laws, and explains its handling in this policy. This policy applies to the personal information that users enter directly through the Site's application and inquiry forms. (Data processing in the separately operated learner app and admin systems will be disclosed at the official launch stage.)

Effective date: June 15, 2026 · Version: 2026-06-15-v1

1. Items collected and how

The Company collects the following items as entered directly by the user. Required and optional fields are distinguished, and there is no disadvantage for leaving optional fields blank.

  • Partnership application (/en/apply): contact person's name (required); email and phone (optional); business name, cuisine category, founded year, location (city/district), signature dish, peak time, wait-time level, self-introduction, intro-video link, photo attachments (optional); message (optional). For agent applicants: company headquarters address, franchise operating experience, and brands operated (optional). With Google sign-in: account identifier and email (optional).
  • Inquiry (/en/contact): display name (nickname, required); email (optional, for replies, kept private); subject and content (required); for private posts, a password (stored one-way encrypted). With Google sign-in: account identifier and email (optional).
  • Partnership "likes" (/en/agreements): a Google account identifier and a browser device identifier, used to identify U.S. visitors and to manage duplicates and limits.

2. Purposes of processing

  • Receiving, reviewing, and responding to partnership applications, and confirming suitability.
  • Operating the inquiry board and providing answers.
  • Consent-based public listing of partnerships (Section 7) and aggregation of "like" demand signals.
  • Preventing misuse, verifying identity, and ensuring stable operation of the service.

3. Retention period, and destruction procedure and method

  • Retention: If no formal contract is signed, application data is kept for 1 year from the application date and then destroyed. With a formal contract, it is retained for the contract's duration. Inquiries are destroyed within 1 year of resolution. Where applicable law requires separate retention, that period applies.
  • Procedure: Personal information whose retention period has passed or whose purpose has been achieved is destroyed without delay.
  • Method: Electronic files are permanently deleted in an unrecoverable manner; any printed materials are shredded or incinerated.

4. Provision to third parties

The Company does not, as a rule, provide personal information to outside parties, and does so only with the user's consent in the following cases (applications and inquiries remain possible without such consent).

  • Domestic provision (PIPA §17) — Recipient: Korean sponsor (Republic of Korea) / Items: name, email, business name, message / Purpose: identity and business-fit review and contact / Retention: until the earlier of review completion or 1 year.
  • Cross-border transfer (PIPA §28-8) — Recipient: U.S. master agent / Country: United States / Items, purpose, retention: as above / When/how: electronic transfer during the review stage after submission. Privacy protections in the U.S. may differ from those in Korea. If you do not consent to the cross-border transfer, only the Korean sponsor reviews your application.

5. Outsourcing of processing

The Company currently does not outsource the processing of users' personal information to any external processor. If outsourcing (e.g., cloud infrastructure or email delivery) arises in the future, the processor and the scope of the entrusted work will be stated in this policy and managed in accordance with applicable law.

6. Automatic collection (cookies, access logs)

  • The Company does not use third-party analytics/advertising tools (e.g., Google Analytics) or tracking cookies, and does not run behavior-based targeted advertising.
  • Browser local storage is used only for functional purposes (remembering language preference, managing "like" duplicates and limits) on the user's own device, and does not track or transmit behavioral data to the server.
  • Access IP and access logs are processed for service operation and security, and to determine the country (U.S. or not) for partnership "likes." (This is operated on a limited basis during the pilot stage.)

7. Consent-based public listing of partnerships

Business information published on the /en/agreements page after a formal partnership is based on separate consent and is de-listed immediately upon withdrawal of consent.

  • Publishable: business name, cuisine category, city (city/district), peak hours, wait-time level, founded year.
  • Never published: detailed address, revenue figures, royalty, family information, other sensitive data, and the user's name, email, or phone.

8. Your rights and how to exercise them

You may exercise the following rights at any time.

  • Request access, correction, deletion, or suspension of processing, and withdraw consent.
  • Requests may be sent to the Privacy Officer below; the Company will act without delay. Rights may also be exercised through a legal representative or an authorized agent.

9. Security measures

To keep personal information safe, the Company applies layered security measures — encryption in transit, least-privilege access and access controls, and external security reviews — from the design stage and strengthens them in phases. Core business data such as head-restaurant recipes is likewise designed to be isolated and protected against external exposure, and some security mechanisms are activated in stages as the service matures.

10. Privacy Officer

The Company designates a Privacy Officer to oversee personal-information handling and to address users' questions, complaints, and remedies.

  • Privacy Officer: Operations Lead (role)
  • Contact: food@k-er.ai

11. Remedies for rights infringement

For counseling or remedy regarding privacy infringement, you may contact the following Korean bodies.

  • Personal Information Dispute Mediation Committee: 1833-6972 (kopico.go.kr)
  • Privacy Infringement Report Center (KISA): 118 (privacy.kisa.or.kr)
  • Supreme Prosecutors' Office, Cybercrime: 1301
  • National Police Agency, Cyber Bureau: 182

12. Overseas visitors (GDPR · CCPA)

This Site is provided in Korean and English and may be accessed from overseas. Visitors residing in the EU (GDPR) or California (CCPA/CPRA) hold rights under their local laws — including access, deletion, and objection to processing — and may submit requests to the Privacy Officer above. Specific legal wording will be reflected in this policy following counsel review at the official launch stage.

13. Business information

This business is preparing to establish a new legal entity; at this stage, business-registration details such as registration number, representative, and address are not yet finalized. After incorporation, the Company will publish business information required under Korea's E-Commerce Act and related laws on this policy and the Site. Until then, please send privacy-related inquiries to the Privacy Officer contact above.

14. Changes to this policy

This policy may be revised in line with changes in law or the service. Revisions and their effective dates will be posted on this page, and material changes will be separately announced by reasonable means.

Some security mechanisms in this policy are activated in stages as the service matures, and the final legal language will be finalized after counsel review at the official launch stage.