top of page

Supercat Inc. Privacy Policy

슈퍼캣 RPG 설립

In order to provide the best service to users, Supercat Inc. (the "Company") uses personal data from users to provide some services.

With respect to handling personal data of the users, the Company shall comply with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., and other relevant laws and regulations including regulations enacted by relevant authorities. The Company is to enact and apply the following Privacy Policy in order to prevent the misuse of users' valuable personal data and to clarify the purpose, methods, and scope in which personal data is collected and used. This Privacy Policy is subject to change due to amendments to applicable laws and regulations or amendments to the Company's internal policies.

Article 1 [Personal Data Collection and Collection Method]

1. The Company shall collect and handle the following personal data, and the collected personal data shall never be used for purposes other than those specified herein.

1) Membership registration and management

 - Required: email address (member ID), password, age verification (14 years of age or older)

 - Required: (Membership registered via Google Play) Google Play ID (email address), nickname, profile photo

2) Payment management and illegal transaction verification (Upon use of payment service)

 - Required: payment history

3) Provision of payment settlement (Applied upon settlement registration)

 - Required: name, mobile number, identification information, residential registration number (an individual or an individual business  representative), bank account information (bank name, depositor name, account number), wallet address information

4). Data automatically created and collected while using services

 - IP address, service usage history, browsing history, date and time of membership registration, abuse history

2. The Company shall collect personal data using the following methods:

 - Data being directly input by the user on the Company’s website, applications, or within its services

 - Created data being collected through automatic storage devices


Article 2 [Purpose of Collection and Use of Personal Data]

1. The Company may use collected personal data for the following purposes. Personal data which is handled by the Company is never used for other purposes than the following, and in the case of changes to the purpose of use, necessary measures such as consent receipt shall be taken according to relevant laws and regulations.

1) Official website membership registration and user management

- Confirmation on membership registration, self-identification/verification for provision of services, maintenance/management of membership qualifications, confirmation of valid membership registration records, management of abusers, revealing abusers and restricting their use, fulfillment of the contract, dispute resolution

2) Use of services

- Complaint handling and provision of other customer services, delivery of notices, provision of payment services and notification of payment details, in-game cooperative play, and support for community services

3) Fulfilment of Settlement (In the case of members registered for settlement)

- Self-identification/verification, fulfillment of settlement, and income payment

4) Use required as per other applicable laws

- Performance of obligations stipulated in law, etc.


Article 3 [Retention Period of Personal Data and Withdrawal of Users]

1. The Company shall retain and use the personal data collected from the user while the user's status is maintained. If the purpose for the collection of the data is completely achieved, the data will be deleted immediately regardless of whether or not the user’s status is maintained. However, the Company shall keep and use personal data for the written retention period if the Company has any of the following bases for retention:

- Retention basis: consumer satisfaction, dispute settlement, restriction to re-registration of membership, etc., when cancelling membership

- Retention period: 30 days

- Retained items: email, access records, abuse records, payment records, nickname

2. Notwithstanding the provisions of Paragraph 1 above, if there is reason to hold personal data under relevant laws and regulations, the Company shall preserve the data for a period of time prescribed in relevant laws and regulations including the Commercial Act and the Act on the Consumer Protection in Electronic Commerce, Etc. In this case, the Company shall separate the data to be preserved, and the preservation periods are as follows:

1) Records concerning display and advertising: 6 months (Act on the Consumer Protection in Electronic Commerce, Etc.)

2) Record of contract or withdrawal of subscription: 5 years (Act on the Consumer Protection in Electronic Commerce, Etc.)

3) Record of payment and goods supply: 5 years (Act on the Consumer Protection in Electronic Commerce, Etc.)

4) Record of complaints or disputes of consumers: 3 years (Act on the Consumer Protection in Electronic Commerce, Etc.)

5) Books and supporting documents on all transactions as prescribed by tax law: 5 years (Framework Act on National Taxes)

6) Record on Electronic Financial Transactions: 5 years (Electronic Financial Transactions Act)

7) Record of access logs, connection IP information, etc. Service use: 3 months (Protection of Communications Secrets Act)

3. Your account will be withdrawn immediately upon application for withdrawal. User registration with the same email address will be restricted until one month after withdrawal.


Article 4 [Protection of Personal Data]

1. The Company shall collect and use the personal data of the user within the scope of Article 2 of this Privacy Policy. In cases in which personal data not mentioned in the Terms of Service or Privacy Policy is shared with third parties, the Company shall notify the user in advance in order to obtain consent, and if the user does not agree to provide such data, the Company shall not share the data with a third party. However, in the following cases, personal data may be shared with third parties without the consent of the user:

1) If the consent of the user has already been obtained

2) If there is an unavoidable situation in accordance with special provisions of the law or in order to comply with legal obligations (including cases of a request by an investigating agency or an administrative organ in accordance with the procedure and method prescribed by relevant laws and regulations for the purpose of investigation)

3) If a business assignment, merger, or etc. is to take place (However, if the user data needs to be transferred due to reasons related to the Company's assignment, etc., the Company shall notify users of such fact in advance as per the procedure and method prescribed by applicable laws and provide members with the right to withdraw their consent to the transfer of personal data.)

2. Members may not consent to the provision of personal data to third parties and may withdraw their consent to the provision of personal data to third parties. Even if they do not consent, services that are not based on provision of personal data to third parties will remain available, while the use or provision of services dependent on the provision of this data to third parties may be limited. Notification shall be provided for any other changes to the provision of personal data to third parties through separate notifications.


Article 5 [Handling Consignment of Collected Personal Data]

1. The Company consigns personal data as described in Paragraph 2 in order to increase the quality of services and perform a certain part of tasks required to provide services and stipulates necessary matters for the personal data to be safely managed as per applicable laws and regulations upon conclusion of the consignment contract. Also, the amount of data to be shared is limited to the minimum amount necessary to achieve the concerned purposes.

2. The trustees and entrusted task are as below:


NICE Information Service Co., Ltd.and SK Telecom Co., Ltd

Entrusted task

Provision of self-verification services via mobile phones, etc

3. If the trustee or its task changes, it shall be announced through this Privacy Policy.

Article 6 [Procedures and Methods for Destroying Personal Data]

1. In principle, when the purpose for collecting and using a user’s personal data is achieved, the Company shall destroy the data without delay. The Company’s procedures and methods for personal data destruction are as follows:

1) The data entered by the user for the purpose of membership registration, etc., is transferred to a separate database (or, in the case of paper documents, a separate document box) after the purpose is accomplished as per the internal policy and other relevant laws and regulations, the data is stored temporarily and then destroyed. Personal data will not be used except for as prescribed by laws.

2) Personal data printed on paper is destroyed by a shredder. Personal data stored in the form of electronic files is deleted using a technical method that prevents it from being restored.

2. The Company shall, in accordance with Article 39-6 of the Personal Information Protection Act, in order to protect the personal data of those who have not used the service for a long period, immediately destroy the personal data of the user, or save or manage it separately, if the following conditions are met:


- Subject: Users who have not logged in for the past 1 year or have no history of inquiries or users who have no history of settlement for the past 1 year (In case of members registered for settlement)

- The Company notifies the user through email, etc. 1 month before the separation and storage of the personal data of the user who has not used the service for a long period.


Article 7 [Rights and Obligations of Users and Legal Representatives]

1. Users and their legal representatives may view or modify their personal data at any time. This can be done through Settings-View and Change Member Information within the service or through a wired phone call with an agent. However, if the user's personal data is linked with an external platform, such as Google Play, the user must view or change the personal data = according to the method provided by the concerned platform vendor.

2. If a user requests the correction of a personal data error, the Company shall correct the error without delay or inform the user of the reason for not correcting it and will not use or share the data until necessary action is taken. However, the Company may provide such data when requested in accordance with applicable laws.

3. If the person whose data is to be collected is under 14 (a "Child"), the Company shall obtain the consent of the legal representative separately from the Child's consent for the collection, use, provision, etc. of personal data protection.

4. In order to obtain the consent as described in Paragraph 1, the Company may request the minimum amount of data necessary, such as the name and address of the legal representative, and the collected personal data of the legal representative may not be used for purposes other than to confirm the consent of the legal representative and may not be shared with third parties. The agreement of the legal representative is used for a Child for the resolution of customer complaints when there is a dispute with the Company, for the withdrawal of subscriptions, settlement of payments, and the supply of goods.

5. The withdrawal of consent or the expiration of the validity of the legal representative’s consent will be executed in a non-renewable manner 30 days after the expiration date. However, if there is a legal need to preserve the data as defined in the Commercial Act or the Act on the Consumer Protection in Electronic Commerce, Etc., the Company shall keep the personal data of the legal representative for the period set by applicable laws and regulations.

6. The legal representative of the Child may request the retrieval of the Child's personal data, corrections, or the withdrawal of consent to the collection, use and provision of personal data. If such a request is made, the Company shall take necessary measures without delay.


Article 8 [Installation and Operation of Automatic Personal Data Collection Tools and Their Refusal]

1. The Company installs and operates tools that automatically collect personal data, such as cookies (access information files) that store and retrieve user data from time to time to provide personalized services. A cookie is a small text file sent to the user's device by the server used to run an application and stored in your device's storage. When the user uses the application, the server reads the contents of the cookies stored in the user's device to maintain the user's preferences.

2. The Company may use cookies for the following purpose:

- To analyze visits to and uses of the website and provide the user with personalized usage environments

3. The installation of cookies is optional. As a result, the user can allow all cookies in the device settings or options, require permission to be given each time a cookie is saved, or refuse to save all cookies. However, if the user refuses to store all cookies, the service may be restricted or unavailable.


Article 9 [Technical and Administrative Protection Measures for Personal Data]

1. The Company takes the following technical and administrative measures while handling users’ personal data in order to prevent it from being lost, stolen, leaked, altered, or damaged.

1) Password encryption

Users’ passwords are encrypted, stored, and managed. Therefore, even if a user forgets his or her password and confirming said password is impossible, a new password can be issued after a predetermined identification process.

2) Enhanced network security

(a) The Company takes various technical measures to prevent the leakage of users’ personal data due to atypical network access from hacking, computer viruses, etc., and is constantly monitoring the network connection.

(b) The Company uses a secure cryptographic communication method for communication between its server and database and makes every effort to secure all systems using all possible technical means.

3) Minimization and training of handling staff

(a) The Company's personal data handling staff is limited to the person in charge. A separate password is assigned to the person in charge and is then updated periodically. The Company continuously reinforces compliance with the Privacy Policy through regular training.

(b) The Company has internal procedures for preventing the leakage of data through the implementation of the security contract of the data handler and through the auditing the implementation of the Privacy Policy and the compliance of the employee.

(c) Personal data security is handled thoroughly during personnel changes and responsibilities for accidents are clearly defined after both entering and leaving the Company.

4) Access and storage control

The area where personal data is handled and stored is set as a secure zone so that only those who have the right to handle personal data can access it. Tangible and electronic records containing personal data are stored securely in areas that are equipped with security devices and require special permissions to access.

5) Operation of personal data protection team

Through the in-house personal data protection organization, the Company checks the implementation of the Privacy Policy and the compliance of the person in charge.

Users are obligated to protect themselves and not to infringe on the data of others. Users should be careful that their personal data, such as their password, is not leaked, and also that the personal data or postings of other users are not negatively affected. The Company will not take any responsibility for any personal data issues that occur due to a user's carelessness or mistake.


Article 10 [Personal Data Protection Manager]

1. The Company makes its best effort to provide the best service while keeping personal data safe. The personal data protection manager is responsible for the protection of personal data in case of incidents as described above. However, despite technical remedies, the Company has no liability for any damage to data due to unexpected accidents caused by basic network dangers such as hacking, and any disputes over the posts made by visitors.

2. You may contact the designated responsible person below to communicate your opinions or complaints about the Company's Privacy Policy. The following staff will make their best effort to collect your opinions and handle complaints.

- Personal data protection manager

- Name: Taeseong Lee

- Email address:

3. In some circumstances you are entitled to the erasure of your personal data without undue delay.  Those circumstances include: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw consent to consent-based processing; (iii) you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and (iv) the personal data have been unlawfully processed.  However, there are exclusions of the right to erasure.  The general exclusions include where processing is necessary: (a) for exercising the right of freedom of expression and information; (b) for compliance with a legal obligation; or (c) for the establishment, exercise or defense of legal claims.


You may request erasure of your information by contacting us at

4. Please contact the following organizations if you need to report or consult about other personal data infringement.

- Personal Information Infringement Notification Center ( +82-2-1336)

- ePRIVACY ( / +82-2- 580-0533~4)

- Supreme Prosecutor's Office, Advanced Crime Investigation Department ( / +82-2-3480-2000)

- Cyber Terrorism Response Center ( +82-2-392-0330)


Article 11 [Opinion Collection and Complaint Processing]

The Company has opened a window for filing opinions and complaints regarding the protection of personal data. Users who are dissatisfied with the handling of personal data may inquire about such issues to the person in charge of the personal data management of the Company and then will be notified of the result of their inquiries.

- Personal data manager email address:


Article 12 [Notification Obligation]

1. The Company's Privacy Policy is subject to change due to changes in laws and the internal policies of the Company. In such cases, the Company shall notify the user of the changes in a way that users can confirm on the official website or within services.

2. The previous versions of the Privacy Policy are as below:

- Privacy Policy enacted from June 29th, 2017 to May 13th, 2019
- Privacy Policy enacted from May 14th, 2019 to Aug 19th, 2021
- Privacy Policy enacted from Aug 20th, 2021 to Feb 8th, 2022

​③ 위탁업무의 내용이나 수탁자가 변경될 경우에는 본 개인정보 처리방침을 통하여 공개하도록 하겠습니다.


제6조 [개인정보 파기 절차 및 방법]

① 회사는 원칙적으로 이용자의 개인정보에 대해 개인정보의 수집 및 이용목적이 달성되면 해당 정보를 지체 없이 파기합니다. 회사의 개인정보 파기절차 및 방법은 다음 각 호와 같습니다.

1. 이용자가 회원가입 등을 위해 입력한 정보는 목적이 달성된 후 별도의 DB로 옮겨져(종이의 경우 별도의 서류함) 내부 방침 및 기타 관련 법령에 의한 정보보호 사유에 따라(제3조 보유 및 이용기간 참조) 일정 기간 저장된 후 파기됩니다. 개인정보는 법률에 의한 경우가 아니고서는 보유되는 이외의 다른 목적으로 이용되지 않습니다.

2. 종이에 출력된 개인정보는 분쇄기로 분쇄하여 파기합니다. 전자적 파일 형태로 저장된 개인정보는 기록을 재생할 수 없는 기술적 방법을 사용하여 삭제합니다.

② 회사는 개인정보 보호법 제39조의6에 따라 장기간 서비스 미용자의 개인정보 보호를 위하여 아래 사항에 해당하는 경우 이용자의 개인정보를 즉시 파기하거나 다른 이용자의 개인정보와 분리하여 별도로 저장, 관리하는 등의 조치를 진행합니다.

 - 대상: 최근 1년간 서비스 로그인하지 않았거나 상담 이력이 없는 이용자 또는 최근 1년간 정산 이력이 없는 이용자(정산 등록 회원의 경우)


 - 회사는 장기간 서비스 미이용자의 개인정보를 별도 분리보관하기 30일 전까지 별도 분리보관되는 사실 및 분리/보관 예정일, 별도 분리 보관하는 개인정보 항목을 이용자에게 이메일 등을 통해 알리고 있습니다.

제7조 [이용자 및 법정대리인의 권리·의무 및 행사방법]

① 이용자 및 그 법정대리인은 회사에 대해 언제든지 다음 각 호의 개인정보 보호 관련 권리를 행사할 수 있습니다. 다만, 이용자의 개인정보가 구글플레이 등 외부 플랫폼과 연동되는 경우에는 해당 플랫폼 업체가 제공하는 방식에 따라 개인정보를 조회·변경하셔야 합니다.


   1. 개인정보 열람 요구

   2. 오류 등이 있을 경우 정정 요구

   3. 삭제 요구 

   4. 처리정지 요구  


② 제1항에 따른 권리 행사는 회사에 대해 전자우편 등을 통하여 하실 수 있으며 개인정보 보호책임자 및 담당부서(로 문의하실 수 있습니다. 회사는 이용자의 요청이 있는 경우 지체없이 필요한 조치를 취하겠습니다.


③ 이용자가 개인정보의 오류 등에 대한 정정 또는 삭제를 요구한 경우에는 회사는 정정 또는 삭제를 완료할 때까지 당해 개인정보를 이용하거나 제3자에게 제공하지 않습니다. 


④ 제1항에 따른 권리 행사는 이용자의 법정대리인이나 위임을 받은 자 등 대리인을 통하여 하실 수 있습니다. 이 경우 개인정보 보호법 시행규칙 별지 제11호 서식에 따른 위임장을 제출하여야 합니다. 


⑤ 회사는 이용자의 권리에 따른 열람의 요구, 정정·삭제의 요구, 처리 정지의 요구 시 열람 등 요구를 한 자가 본인이거나 정당한 대리인인지를 확인합니다.


제8조 [개인정보의 자동 수집 장치의 설치·운영 및 그 거부에 관한 사항]

① 회사는 개인화된 맞춤서비스를 제공하기 위해 이용자의 정보를 수시로 저장하고 불러오는 ‘쿠키(cookie, 접속정보파일)’ 등 개인정보를 자동으로 수집하는 장치를 설치·운영합니다. 쿠키란 애플리케이션을 운영하는데 이용되는 서버가 이용자의 디바이스에 보내는 아주 작은 텍스트 파일로서 이용자의 디바이스 내 저장소에 저장됩니다. 이후 이용자가 애플리케이션을 이용할 경우, 서버는 이용자의 디바이스 내 저장되어 있는 쿠키의 내용을 읽어 이용자의 환경설정을 유지합니다.

② 회사는 다음 각 호와 같은 목적을 위해 쿠키 등을 사용할 수 있습니다.

 - 사이트 방문 및 이용 형태 파악하여 이용자에게 최적화된 이용 환경 제공

③ 이용자는 쿠키 설치에 대한 선택권을 가지고 있습니다. 따라서, 이용자는 디바이스 설정 또는 옵션에서 모든 쿠키를 허용하거나, 쿠키가 저장될 때마다 확인을 거치거나, 아니면 모든 쿠키의 저장을 거부할 수도 있습니다. 단, 이용자가 모든 쿠키의 저장을 거부하는 경우, 서비스 제공에 제약이 따르거나 이용이 불가할 수 있습니다.


제9조[개인정보보호를 위한 기술적/관리적 보호 대책]

① 회사는 이용자들의 개인정보를 처리함에 있어 개인정보가 분실, 도난, 누출, 변조 또는 훼손되지 않도록 안전성을 확보를 위하여 다음과 같은 기술적/관리적 대책을 강구하고 있습니다.

1. 비밀번호 암호화

이용자의 비밀번호는 암호화하여 저장 및 관리됩니다. 따라서, 이용자가 자신의 비밀번호를 잊은 경우에도 비밀번호의 확인이 불가능하며, 소정의 본인확인 절차 후 새로운 비밀번호를 발급하는 방식을 채택하고 있습니다.

2. 네트워크 보안 강화

가. 회사는 해킹, 컴퓨터 바이러스 등 비정상적인 네트워크 접근을 통해 이용자의 개인정보가 유출되지 않도록 여러 기술적 조치를 취하고 있으며, 네트워크 접속에 대한 상시 모니터링을 수행하고 있습니다.

나. 회사 서버 및 데이터베이스 간의 통신에도 보안성을 갖춘 암호화 통신 방식을 이용하고 있고, 기타 시스템적으로 보안성을 확보하기 위한 가능한 모든 기술적 장치를 갖추려 노력하고 있습니다.

3. 개인정보 처리 직원의 최소화 및 교육

가. 회사의 개인정보 관련 처리 직원은 담당자에 한정시키고 있고 이를 위한 별도의 비밀번호를 부여하여 정기적으로 갱신하고 있으며, 담당자에 대한 수시 교육을 통하여 개인정보 처리방침의 준수를 항상 강조하고 있습니다.

나. 입사 시 개인정보 처리자의 보안서약서를 통하여 사람에 의한 정보유출을 사전에 방지하고 개인정보 처리방침에 대한 이행사항 및 직원의 준수 여부를 감사하기 위한 내부절차를 마련하고 있습니다.

다. 개인정보 처리자의 업무 인수인계는 보안이 유지된 상태에서 철저하게 이뤄지고 있으며 입사 및 퇴사 후 개인정보 사고에 대한 책임을 명확화하고 있습니다.

4. 출입 및 보관 통제

개인정보를 처리 및 보관하는 지역은 보안구역으로 설정하여 개인정보 처리권한을 갖춘 자만이 출입할 수 있도록 통제하고 있으며, 개인정보를 포함하는 유형물 및 전자기록은 시정장치가 있는 장소나 별도의 접근권한이 설정된 컴퓨터에 보관하고 있습니다.

5. 개인정보보호전담기구의 운영

사내 개인정보보호전담기구를 통하여 개인정보 처리방침의 이행사항 및 담당자의 준수 여부를 확인하여 문제가 발견될 경우 즉시 수정하고 바로잡을 수 있도록 노력하고 있습니다.

② 이용자는 스스로를 보호하고 타인의 정보를 침해하지 않을 의무를 가지고 있습니다. 비밀번호를 포함한 귀하의 개인정보가 유출되지 않도록 주의하시고, 타인의 개인정보와 게시물을 훼손하지 않도록 유의해 주십시오. 회사는 당사의 귀책사유 없이 회원의 부주의나 실수로 발생한 개인정보 문제에 대하여는 책임을 지지 않습니다.


제10조 [개인정보 보호책임자]

① 회사는 개인정보를 안전하게 이용하여 최상의 서비스를 제공하기 위하여 최선을 다하고 있습니다. 개인정보를 보호하는데 있어 상기 고지한 사항에 반하는 사고가 발생할 시에 개인정보 보호책임자가 책임을 집니다. 그러나 기술적인 보완조치를 했음에도 불구하고, 해킹 등 기본적인 네트워크상의 위험성에 의해 발생하는 예기치 못한 사고로 인한 정보의 훼손 및 방문자가 작성한 게시물에 대한 각종 분쟁에 관해서는 일체 책임이 없습니다.

② 이용자는 아래의 지정된 책임자와 연락하여 회사의 개인정보 처리방침에 대한 이용자의 의견 또는 불만을 전달하실 수 있습니다. 아래 책임자는 이용자의 의견을 수렴하고 불만을 처리하기 위하여 최선의 노력을 다할 것입니다.

 - 개인정보 보호책임자

 - 성 명 : 이태성

 - 직 위 : 이사

 - 이메일 주소 :

③ 귀하께서는 회사의 서비스를 이용하시며 발생하는 모든 개인정보보호 관련 민원을 개인정보 보호책임자 혹은 고객센터(로 신고하실 수 있습니다. 회사는 이용자들의 신고사항에 대해 신속하게 충분한 답변을 드릴 것입니다.

④ 기타 개인정보침해에 대한 신고나 상담이 필요하신 경우에는 아래 기관에 문의하시기 바랍니다.

 - 개인정보침해신고센터 : (국번없이) 118 (

 - 개인정보분쟁조정위원회 : (국번없이) 1833-6972 (

 - 대검찰청 : (국번없이) 1301 (

 - 경찰청 : (국번없이) 182 (  

제11조 [의견수렴 및 불만처리]

회사는 개인정보보호와 관련하여 의견과 불만을 제기할 수 있는 창구를 개설하고 있습니다. 개인정보와 관련하여 불만이 있으신 분은 회사의 개인정보 보호책임자에게 의견을 주시면 접수 즉시 조치하여 처리 결과를 통보해드립니다.

제12조 [고지의 의무]

① 회사의 개인정보 처리방침은 법률 및 회사의 내부 방침의 변경 등으로 인하여 변경될 수 있으며, 그러한 경우 회사는 그 변경사항을 회사 홈페이지 또는 서비스 내에서 이용자가 확인할 수 있는 방법으로 고지합니다.

② 이전의 개인정보 처리방침은 아래에서 확인할 수 있습니다.


- 개인정보처리방침 시행일: 2022년 11월 8일

2017. 6. 29. ~ 2019. 5. 13. 적용 개인정보 처리방침

2019. 5. 14. ~ 2021. 8. 19. 적용 개인정보 처리방침

2021. 8. 20. ~ 2021. 11. 1. 적용 개인정보 처리방침

- 2021.11.02. ~ 2022. 11.07 적용 개인정보 처리방침

bottom of page