Privacy Policy · 개인정보처리방침
® JindoPrompt (“we,” “us”) operates lockstack.net and the LockStack desktop application. This policy explains what personal information we collect, why we collect it, and your rights over it under the South Korean Personal Information Protection Act (개인정보보호법, PIPA) and the EU General Data Protection Regulation (GDPR).
1. Who we are (개인정보처리자)
The data controller is ® JindoPrompt, located at Seongnam-si, Gyeonggi-do, South Korea (경기도 성남시 분당구).
- 상호 (Trade name): JindoPrompt
- 대표자 (Representative): 이수정
- 사업자등록번호 (Business Registration Number): 516-36-01589
- 통신판매업신고번호 (Mail-Order Business Registration): 2026-성남분당B-0442
- 연락처 (Phone): 010-9014-7306
- 이메일 (Email): hello@lockstack.net
2. What we collect (수집하는 개인정보 항목)
We collect the minimum needed to deliver your purchase and respond to your messages.
| Data | Purpose (이용목적) | Legal basis |
|---|---|---|
| Email address | Deliver license key, send purchase receipt, respond to support | Contract performance |
| Purchase metadata (product, price, order ID, date) | Order fulfilment, accounting, refund handling | Contract performance / legal obligation |
| Traffic source (UTM parameters) | Attribute which channels drive purchases | Legitimate interest in measuring marketing |
| Email correspondence | Provide support and follow up | Contract performance |
| Server logs (IP, user agent, request paths) | Abuse prevention, security, debugging | Legitimate interest in service security |
We do not collect: behavioural cookies, browser fingerprints, advertising identifiers, or any data from inside the LockStack desktop application. The desktop app sends nothing to our servers after install.
3. How long we keep data (보유 및 이용기간)
- Purchase records: 5 years from the purchase date, in accordance with Korean Commercial Act (상법) and tax law (국세기본법) record-keeping requirements.
- Consumer complaint & dispute records: 3 years, per 전자상거래법 Article 6.
- Payment records: 5 years, per 전자상거래법 Article 6.
- Support correspondence: 24 months after the last message.
- License records: for the lifetime of the licensed product so we can verify ownership for support and reissue.
- Server logs: 90 days, then deleted automatically by the hosting provider.
Once a retention period expires, the data is destroyed promptly and securely. Electronic records are deleted such that they cannot be reconstructed; printed records (if any) are shredded.
4. The desktop app collects nothing
This is worth a separate section because it is unusual for a software product. The LockStack desktop application contains no telemetry, no analytics, no crash reporter, no update pinger, and no usage tracking. After install, you can run it on a permanently offline machine and it will function normally. Your prompts, generated content, and saved campaigns never leave your computer. See Security for technical detail.
5. Cookies & automatic collection (자동 수집)
The website uses a single first-party session cookie for the admin dashboard login. There are no analytics cookies, no third-party trackers, and no advertising cookies.
You may refuse cookies through your browser settings. Doing so will prevent admin login but will not affect normal browsing or purchasing.
6. Third-party sharing & entrustment (제3자 제공 및 처리위탁)
We share data only with the subprocessors required to operate the business. We do not sell, rent, or trade personal information.
| Recipient | Purpose | Data shared | Country |
|---|---|---|---|
| Lemon Squeezy (Squeezy LLC) | Payment processing, merchant of record, tax handling | Email, payment details, billing address, order metadata | United States |
| Resend, Inc. | Transactional email delivery (license keys, support replies) | Email address, message content | United States / EU |
| Render Services, Inc. (United States) | Web hosting for lockstack.net | Standard server logs (IP address, user agent, request paths) | United States |
Each subprocessor is contractually bound to process the data only for the specified purpose and to apply equivalent or stronger protections than required by Korean law. We will update this list before adding any new subprocessor that processes personal data, and notify customers by email where required.
7. International transfers (국외 이전)
Our subprocessors are based outside South Korea (primarily the United States and the European Union). When personal data is transferred internationally we rely on the subprocessor’s Standard Contractual Clauses (SCCs) or equivalent safeguards under PIPA Article 28-8. By providing your data, you consent to this international transfer.
8. Your rights (정보주체의 권리)
Under PIPA and GDPR, you have the right to:
- Request a copy of the personal data we hold about you (열람권).
- Correct inaccurate data (정정·삭제 요구권).
- Request deletion (subject to legal retention obligations).
- Object to or restrict processing (처리정지 요구권).
- Withdraw consent where consent is the basis.
- Lodge a complaint with the Personal Information Protection Commission or your local data protection authority.
Exercise any right by emailing hello@lockstack.net. We respond within 10 days under PIPA, and within 30 days under GDPR.
9. Security measures (안전성 확보 조치)
We implement the technical and administrative measures required by PIPA Article 29 and the Personal Information Protection Commission’s safety standards:
- Encryption in transit — TLS 1.2+ on all web traffic.
- Encryption at rest — vendor-managed encryption on the database and email service.
- Access control — least-privilege admin access; the admin dashboard is password-protected with CSRF token rotation on login.
- Webhook integrity — payment events are signature-verified before any database write.
- Audit logging — server logs retain admin actions for incident review.
- No on-app processing — the desktop application processes user content entirely on the user’s own machine, eliminating the largest attack surface.
10. Privacy Officer (개인정보 보호책임자)
The designated Privacy Officer responsible for handling personal information protection matters under PIPA Article 31:
- 이름 (Name): 이수정
- 이메일 (Email): hello@lockstack.net
11. Rights infringement remedies (권익침해 구제방법)
If your personal information rights are infringed, you may seek remedy through any of the following Korean authorities:
- 개인정보 분쟁조정위원회 (Personal Information Dispute Mediation Committee) — 1833-6972 · www.kopico.go.kr
- 개인정보 침해신고센터 (Privacy Infringement Report Center, KISA) — 118 · privacy.kisa.or.kr
- 대검찰청 사이버수사과 (Supreme Prosecutors’ Office Cybercrime Division) — 1301 · www.spo.go.kr
- 경찰청 사이버수사국 (National Police Agency Cyber Bureau) — 182 · ecrm.police.go.kr
12. Changes to this policy (변경 공지)
If we make material changes, we will update the “last updated” date below and, where required by law, notify customers by email or website notice at least 7 days before the change takes effect (30 days for changes adverse to data subjects).