PRIVACY POLICY
Privacy Policy
Rightis collects, uses, and safeguards the personal information of rights holders and brands as described below.
1. Information Collected
The Company collects the following personal information to operate the Service. [Required] - Email, password (encrypted) - Name or display name - Identity verification data (rights holders only): face image, ID copy, KYC data [Optional] - Profile image, contact information - Asset data: voice samples, style references, persona responses, demographic information - Agency affiliation (agency managers) - Brand information: company name, contact name, inquiry purpose, expected usage scope [Automatically Collected] - IP address, browser and device information - Service usage logs and access records - Cookies and session tokens
01 / 10
2. Purpose of Collection
The Company uses the collected information for the following purposes. 1. Account identification and identity verification 2. Rights asset registration and review 3. Licence request intake, rights-holder approval workflow, and contract execution 4. Payment processing and settlement 5. Usage tracking, dispute handling, asset suspension, and appeal processing 6. Service announcements (mandatory) and marketing information (only with separate consent) 7. Security incident response, fraud prevention, and service quality improvement 8. Fulfilment of legal obligations
02 / 10
3. Retention and Use Period
The Company retains and uses personal information for the following periods. - Account data: until account closure (deleted immediately on closure as the default) - If licensing transactions are in progress: destruction follows transaction completion - Dispute records: 3 years after dispute closure (statutory retention) [Separate retention required by law] - E-Commerce Act: contract / withdrawal / payment / supply records (5 years); consumer complaint and dispute records (3 years) - Electronic Financial Transactions Act: electronic financial transaction records (5 years) - Communications Privacy Act: access logs (3 months) Separately retained data is used only for the retention purpose and is destroyed immediately at the end of the period.
03 / 10
4. Third-Party Disclosure
The Company does not provide personal information to third parties without user consent. Exception cases: 1. Upon licensing transaction: with the rights holder's explicit approval, the minimum information required to fulfil the contract (rights holder's display name, asset identifiers, usage scope) is shared with the counterparty brand. 2. Where required by law, when investigative authorities or courts make a lawful request, disclosure proceeds under the prescribed procedure. 3. When urgent protection of life or safety is needed. Third-party disclosures are documented with the reason, items disclosed, and retention period.
04 / 10
5. Processors
The Company entrusts processing to the following providers to deliver the Service reliably. Each processor is bound by a contract that requires data-protection obligations equivalent to the Company's. [AWS (Amazon Web Services)] - Scope: face image analysis and matching (Rekognition); image and file storage - Retention: until account closure or analysis completion [Supabase] - Scope: authentication, database, file storage - Retention: until account closure [Sentry] - Scope: error logging and operational monitoring - Retention: 30 days [Resend] - Scope: transactional and notification email delivery - Retention: 90 days after sending Changes to processors are announced in advance. When user consent is required, the change is communicated separately.
05 / 10
6. Data-Subject Rights
Users may exercise the following rights at any time. 1. Access: review the personal information on file 2. Correction: fix inaccurate information 3. Deletion and processing suspension: request deletion or pause processing 4. Withdrawal of consent: withdraw consent for optional items such as marketing 5. Data portability: download the user's data in a structured format How to exercise: - "My Account" menu inside the rights-holder or brand console - Email: support@backersby.com The Company processes requests within 10 days of receipt. Delays are communicated with the reason and expected handling date. If licensing transactions are in progress, deletion requests are processed after those transactions complete.
06 / 10
7. Security Measures
The Company applies the following technical and managerial safeguards to protect user data. [Technical] - AES-256 encryption for passwords and rights data at rest - TLS 1.2 or higher on every transport - IP allow-listing and certificate-based access controls on database connections - Periodic vulnerability scans and patches [Managerial] - Role-based access control for operators - audit_log capture of every operator action (5-year retention) - Regular training for personnel who handle personal information - Internal security policy and incident-response procedure [Incident response] - In the event of a personal data breach the Company notifies data subjects and the relevant authorities within 24 hours.
07 / 10
8. Cookies
The Company uses cookies for the following purposes. - Maintaining sign-in sessions - Storing language preferences and user environment - Service usage statistics (e.g. which pages are visited) The Company does not use advertising or third-party analytics cookies. Users may disable cookies in browser settings (e.g. Chrome → Settings → Privacy). Some features (session retention, language preference) may be limited as a result.
08 / 10
9. Data Protection Officer
The Company designates a data protection officer who oversees personal-data processing and handles inquiries, complaints, and remediation. - Name: Jace BAE - Department: The Backers Inc., Operations - Email: Support@backersby.com Please direct privacy-related inquiries, complaints, or reports to the contact above. Reports may also be submitted to the Korea Internet & Security Agency (KISA) Privacy Complaints Center at privacy.kisa.or.kr or 118 (domestic call).
09 / 10
10. Changes
Material changes to this policy are communicated as follows. - General changes: announced through the Service and by registered email at least 7 days before the effective date - Changes unfavourable to users (additional data collection, longer retention, broader third-party disclosure): announced at least 30 days in advance The Company makes the change history available inside the Service. Users who disagree with a change may close their account.
10 / 10
Last updated: May 2026