Harubook (Espressobook Inc.)
Espressobook Inc. (hereinafter "the Company") establishes and discloses the following Privacy Policy to protect users' personal information and to promptly and smoothly handle related grievances in accordance with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other applicable laws.
The Company collects the following minimum personal information necessary for service provision.
| Category | Items Collected | Purpose of Collection |
|---|---|---|
| Required | Name (nickname), email address, password | Member identification and registration management, identity verification for service use, delivery of notices |
| Optional | Profile image | Additional service provision, customized profile configuration |
| Automatically collected | Access IP address, access date/time, service usage records, device information (OS, browser type) | Service usage statistical analysis, prevention of unauthorized use, service improvement |
| At purchase | Mobile phone number, shipping address, recipient information, payment information | Print book order processing, shipping, payment and refund processing, order-related communication |
The Company uses the collected personal information for the following purposes.
| Purpose of Use | Details |
|---|---|
| Member management | Identity verification for membership services, confirmation of registration intent, prevention of unauthorized use by fraudulent members, limitation of registration frequency, delivery of notices |
| Service provision | Content provision (book editing and production), collaboration services through club features, customized service provision |
| Purchase contract fulfillment | Print book order, payment, and shipping processing, refund processing, group order management |
| Service improvement | Usage statistical analysis, service quality improvement, new service development |
| Legal obligation compliance | Compliance with obligations under applicable laws, record retention for dispute resolution |
The Company destroys personal information without delay once the purpose of collection and use has been achieved. However, where retention is required under applicable laws, such information is retained for the following periods.
| Retained Items | Retention Period | Legal Basis |
|---|---|---|
| Member registration information | Until membership withdrawal | Internal policy |
| Records of contracts or subscription withdrawal | 5 years | Act on Consumer Protection in Electronic Commerce |
| Records of payment and supply of goods | 5 years | Act on Consumer Protection in Electronic Commerce |
| Records of consumer complaints or dispute resolution | 3 years | Act on Consumer Protection in Electronic Commerce |
| Access log records | 3 months | Protection of Communications Secrets Act |
The Company uses users' personal information only within the scope specified in Article 2 and does not provide it to third parties without prior consent of users. However, exceptions are made in the following cases.
When a new purpose of use arises or personal information is to be provided to a third party, the Company will notify the user of the purpose and obtain consent at the point of use or provision.
The Company entrusts personal information processing as follows for smooth service provision.
| Entrusted Company | Entrusted Tasks | Retention and Use Period |
|---|---|---|
| Interpro Communication Inc. | Print production and shipping agency | Until termination of entrustment contract |
| KG Inicis Inc. | Electronic payment processing agency | Until termination of entrustment contract |
| Lotte Global Logistics Inc. | Product shipping agency | Until delivery completion |
When entering into entrustment contracts, the Company specifies matters regarding prohibition of personal information processing beyond the purpose of entrusted tasks, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of the entrusted party, and liability for damages in contracts and other documents in accordance with applicable laws, and supervises whether the entrusted party processes personal information safely.
The Company takes the following technical, managerial, and physical measures to ensure the security of personal information.
Users (or legal representatives for those under 14 years of age) may exercise the following rights at any time.
The above rights may be exercised through written requests, email, or other means to the Company, and the Company will take action without delay. If a user requests correction of errors, the Company will not use the relevant personal information until the errors are corrected.
Users can directly delete their account through the "Delete Account" feature provided within the Harubook app. Upon withdrawal, collected personal information will be securely destroyed in a manner that makes recovery impossible, after being retained for a period in accordance with applicable laws.
If you wish to request deletion of personal information separately, you may do so through the contact information below.
The Company takes the following measures to protect the personal information of children under 14 years of age.
The Company destroys personal information without delay when the purpose of collection and use has been achieved or the retention period has elapsed.
Information entered by users is transferred to a separate database (or separate documents in the case of paper) after the purpose has been achieved and is destroyed after being stored for a certain period in accordance with internal policies and applicable laws.
Users may withdraw their consent to the collection and use of personal information at any time.
The Company does not pre-select consent checkboxes for the collection, use, and provision of personal information. Furthermore, the Company does not restrict or refuse service provision such as membership registration on the grounds of a user's refusal to consent to the collection, use, and provision of non-required personal information.
However, refusal to consent to required items may result in restrictions on membership registration and basic service use.
The Company has designated the following Personal Information Protection Officer to take overall responsibility for personal information processing and to handle user complaints and damage relief related to personal information.
| Name | Sangcheol Hwang |
|---|---|
| Position | CEO |
| Department | Service Planning |
| [email protected] | |
| Phone | +82-31-346-7787 |
Users may contact the Personal Information Protection Officer regarding all inquiries, complaints, and damage relief related to personal information protection that arise while using the Company's services.
Users may apply for dispute resolution or consultation with the following organizations for remedy of personal information infringement.
If there are additions, deletions, or modifications to this Privacy Policy due to changes in laws, policies, or security technologies, the Company will provide notice through the company website (https://harubook.com/privacy) or in-app announcements at least 7 days prior to the effective date of such changes.
Date of announcement: February 27, 2026
Effective date: February 27, 2026