Back

Privacy Policy

This translation is provided for convenience. If there is any inconsistency, the Korean version prevails.

TravelGen lawfully processes and securely manages personal information in accordance with the Personal Information Protection Act of Korea and other applicable laws to protect users' rights and freedoms. In accordance with Article 30 of the Personal Information Protection Act, we establish and disclose this Privacy Policy to explain how we process and protect personal information and how we handle related grievances promptly and smoothly.

Purpose of Processing Personal Information

We process personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below. If the purpose of use changes, we will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

  1. Membership registration and account management: identity verification and authentication based on social login, management of terms consent status, maintenance and management of membership, and account withdrawal processing
  2. Service provision: searching and viewing festivals/events, travel/tourism, and itinerary information, itinerary storage and sharing, and providing AI inquiry and conversation services
  3. Service operation and improvement: prevention of abuse, access statistics and usage analysis, service quality improvement, incident response, and operation of external integration features

Categories of Personal Information Processed

We collect and use the minimum amount of personal information necessary to provide the service. In the course of providing the service, we process the following personal information that is directly provided by users or automatically generated and collected without separate consent where permitted by law. Generated information such as device data may be automatically created and collected during use of the website or app.

  1. Membership registration and account management
    • Legal basis: Article 15 (1) 4 of the Personal Information Protection Act (performance of a contract), and Article 15 (1) 1 (consent of the data subject)
    • Items collected and used: email address, display name provided by the social login service, profile photo provided by the social login service, service identifier, login provider information, terms consent status and consent timestamp, and withdrawal request information
  2. Information automatically collected in the course of service operation and use
    • Legal basis: Article 15 (1) 4 of the Personal Information Protection Act (performance of a contract)
    • Items collected and used: cookies, access logs, device information (IP address, web browser type, operating system), service usage records, access timestamps, language settings, and error and diagnostic information
  3. AI inquiry and conversation features
    • Legal basis: Article 15 (1) 4 of the Personal Information Protection Act (performance of a contract)
    • Items collected and used: search queries, inquiry content, conversation history, selected conversation mode, recent reference information used to generate responses, and saved conversation information
  4. Itinerary storage and sharing features
    • Legal basis: Article 15 (1) 4 of the Personal Information Protection Act (performance of a contract)
    • Items collected and used: itinerary title, description, number of days, start date, end date, itinerary items, and public sharing information

Processing and Retention Period

  1. We process and retain personal information within the retention and use period prescribed by law or the period agreed to by users at the time of collection. In principle, personal information is destroyed without delay when the purpose of processing has been achieved.
  2. The retention periods for each processing purpose are as follows:
    1. Member information and records of consent to the terms: until account withdrawal
    2. Saved AI conversation history: until the user deletes it directly or until account withdrawal
    3. Saved itinerary and public sharing information: until the user deletes it directly, stops sharing, or until account withdrawal
    4. Records for abuse prevention and service operation management: destroyed without delay after the purpose is achieved. However, records for restricting re-registration after abuse are retained for one year after withdrawal.
    5. Retention required by applicable laws
      • Records related to consumer complaints or dispute resolution: 3 years
      • Log records (access records): 3 months

Destruction Procedures and Methods

  1. We destroy personal information without delay when it becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose.
  2. If personal information must continue to be retained under other laws even after the agreed retention period has expired or the processing purpose has been achieved, such information will be moved to a separate database or stored in a different location.
  3. Electronic files are deleted in a manner that prevents recovery or reproduction, and printed documents containing personal information are shredded or incinerated.

Provision to Third Parties

  1. We process personal information only within the scope specified in this Privacy Policy and do not provide personal information to third parties unless it falls under Articles 17 and 18 of the Personal Information Protection Act, such as with user consent or specific legal requirements. Personal information may be processed in the following cases:
    1. where the user has agreed in advance to third-party provision or disclosure
    2. where provision is required by laws and regulations

Cross-Border Transfer and Outsourcing of Personal Information

  1. We transfer and outsource personal information to overseas service providers to provide the service. Cross-border transfer and outsourcing occur in connection with member accounts, AI inquiry and conversation features, itinerary storage and sharing, and service usage analysis.
  2. Cross-border transfer and outsourcing recipients and details are as follows:
    1. Google LLC
      • Entrusted tasks: social login authentication and account linking, storage of membership, itinerary, and conversation information, AI inquiries and conversations, and service usage analysis
      • Personal information transferred: email address, display name, profile photo, service identifier, login provider information, terms consent status and consent timestamp, search queries, inquiry content, conversation history, saved conversation information, itinerary information, public sharing information, cookies, and access/usage information
      • Destination country: United States
      • Timing and method: when the user uses login, AI features, itinerary storage/sharing, or analytics features, through remote transmission over an encrypted network
      • Retention and use period: until the relevant processing purpose is achieved or until the user deletes the information or withdraws membership
    2. Voyage AI Innovations, Inc.
      • Entrusted tasks: support for search and recommendation features
      • Personal information transferred: search queries, inquiry content, and information necessary for search and recommendation
      • Destination country: United States
      • Timing and method: when search and recommendation features are used, through remote transmission over an encrypted network
      • Retention and use period: processed only as long as needed to provide search results
  3. How to refuse the transfer, procedures, and effect: users may refuse cross-border transfer by stopping use of the relevant feature or declining analytics through cookie settings. However, login-based features, AI features, search and recommendation features, or some itinerary storage and sharing features may be limited.

Security Measures

  1. We take the following measures to ensure the security of personal information:
    1. Administrative measures: establishment and implementation of internal management plans, regular employee training
    2. Technical measures: access control for personal information systems, installation of access control systems, encryption of personal information, installation and updating of security programs
    3. Physical measures: access control to servers and file systems

Cookies and Similar Technologies

<Automatically collected devices and information> 1. We use cookies to provide personalized services and convenience by storing and retrieving usage information from time to time. 2. Cookies are small pieces of information sent by the website server to the user's browser and stored on the user's PC or mobile device. 3. Google Analytics is loaded only when the user separately consents through cookie settings, and is used for session maintenance, language settings, and service usage analysis. 4. Users can allow or block cookies through browser settings. However, refusing to store cookies may make it difficult to maintain sign-in sessions and use customized services or analytics features.

▶ Allow/block cookies on web browsers

  • Chrome: Settings > Privacy and security > Clear browsing data
  • Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data

▶ Allow/block cookies on mobile browsers

  • Chrome: Browser settings > Privacy and security > Clear browsing data

  • Safari: Device settings > Safari > Advanced > Block all cookies

  • Samsung Internet: Browser settings > Browsing history > Clear browsing data

  • If you have questions about behavioral information or wish to exercise your rights or report damage, please contact:

    ▶ Personal information contact

Rights of Users and Legal Representatives

  1. Users may exercise rights at any time, including requesting access, correction, deletion, suspension of processing, withdrawal, or refusal of or explanation regarding automated decisions. ※ Requests concerning children under 14 must be made directly by their legal representatives. Users aged 14 or older who are minors may exercise their rights themselves or through their legal representatives.

  2. Rights may be exercised by written document, email, facsimile, or other means under Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and we will act without delay.

  3. Rights may also be exercised through a legal representative or authorized agent. In that case, a power of attorney in the form prescribed by applicable notice must be submitted.

  4. Requests for access and suspension of processing may be restricted under Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.

  5. If another law expressly requires the collection of the relevant personal information, deletion may not be requested.

  6. We verify whether the person exercising the right is the data subject or a duly authorized representative.

  7. Users may exercise their rights through the following contact point, and we will endeavor to respond promptly.

    ▶ Requests for access and related rights

Chief Privacy Officer

  1. We designate the following person in charge of personal information protection to oversee personal information processing and handle related complaints and remedies.

    ▶ Chief Privacy Officer

  2. Users may contact the Chief Privacy Officer regarding all privacy-related questions, complaints, or remedies arising from use of the service, and we will respond without delay.

Changes to This Privacy Policy

  1. This Privacy Policy is effective as of 2025-04-01.
  2. Previous versions of the Privacy Policy may be provided below.

Additional Notice for International Users

  1. This Privacy Policy is prepared under the laws of the Republic of Korea. However, the following supplemental notices may apply to the extent required by the laws of the user's place of residence.
  2. Users in the EEA and the United Kingdom
    1. To the extent required by applicable law, users may exercise rights of access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent where consent is the legal basis.
    2. We provide notice of our processing purposes, retention periods, recipients or categories of recipients, cross-border transfers, and the available methods to exercise rights.
    3. Where applicable law so requires, users may lodge a complaint with the supervisory authority in their place of residence or work.
    4. If local law requires the appointment of a representative, we will separately disclose the representative's contact details.
  3. Users in California, United States
    1. To the extent required by applicable law, California residents have the right to receive notice about the categories of personal information collected, the purposes of collection and use, the retention period, and the categories of third parties to whom information is disclosed.
    2. To the extent required by applicable law, California residents may request access, deletion, correction, and equal service without unlawful discrimination, and may submit requests through an authorized agent where permitted by law.
    3. Based on the current service model, we do not sell personal information for monetary consideration or share personal information for cross-context behavioral advertising. If that changes, we will update this Privacy Policy and related notices.
  4. Users in Japan
    1. To the extent required by applicable law, users in Japan may request disclosure, correction, addition, deletion, suspension of use, deletion, or suspension of third-party provision of retained personal data.
    2. Requests and complaints may be submitted through the contact channels described in this Privacy Policy.