Privacy Policy

This privacy policy is provided in English for our global users. The Korean version is available at shareit.kr/terms?termsNo=002.

1. Data Controller

The data controller responsible for processing your personal data is:

• Company: 쉐어잇 주식회사 (SHARE.IT Inc.)
• CEO: 박상준 (Sangjun Park)
• Registration No.: 822-88-00602
• Address: 서울특별시 성동구 뚝섬로3길 13, 2층(성수동1가) / 2F, 13 Ttukseom-ro 3-gil, Seongdong-gu, Seoul, Republic of Korea
• Email: hello@shareitglobal.co
• Phone: +82 2-6204-8399

2. Data Protection Officer

Our Data Protection Officer (DPO) / Privacy Officer is responsible for overseeing data protection and can be contacted at:

• Name: 최혜훈 (Hyehun Choi)
• Email: privacy@shareitglobal.co

3. Personal Data We Collect

We collect and process the following categories of personal data, depending on how you interact with our services:

a) Lead Form and Inquiry Data

• Country of origin
• Company or brand name
• Contact name
• Business email address
• WhatsApp number (optional)
• Service interest (e.g., pop-up store, event venue, OOH)
• Budget range
• Preferred dates

b) Chatbot Interaction Data

• Conversation messages exchanged with our AI concierge
• Qualification answers (event type, size, dates, budget)
• Email address (if voluntarily provided during conversation)

c) Analytics Data (with consent)

• Page views and navigation patterns
• Scroll depth and engagement metrics
• Device type, browser, and operating system
• Approximate geographic location (country/city level)

d) Cookies and Technical Data (with consent)

• Session identifiers
• Cookie consent state
• Chatbot session state

For details on cookies, see our Cookie Policy.

4. Purposes of Processing

We process your personal data for the following purposes:

• Lead qualification and venue curation — Contract performance (GDPR Art. 6(1)(b))
• Responding to inquiries via email or chatbot — Contract performance / Legitimate interest
• Sending venue proposals and follow-up communications — Consent (GDPR Art. 6(1)(a))
• Marketing newsletters and market insights — Explicit consent (GDPR Art. 6(1)(a))
• Site analytics and service improvement — Legitimate interest (GDPR Art. 6(1)(f)) / Consent
• AI chatbot service delivery — Consent (GDPR Art. 6(1)(a))
• Fraud prevention and security — Legitimate interest (GDPR Art. 6(1)(f))

5. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent — Where you have given clear, affirmative consent for us to process your data for a specific purpose (e.g., marketing emails, chatbot conversations, analytics cookies). You may withdraw consent at any time.
• Contract performance — Where processing is necessary to perform our services, such as curating venues based on your inquiry.
• Legitimate interest — Where processing is necessary for our legitimate business interests (e.g., improving our platform, ensuring security), provided this does not override your fundamental rights and freedoms.

6. Data Sharing and Third-Party Recipients

We share your personal data with the following categories of service providers, who process data on our behalf under appropriate data processing agreements:

• Supabase (AWS) — Database hosting, lead storage. Data location: US (us-east-1)
• OpenAI — AI chatbot processing, text embeddings. Data location: US
• Resend — Transactional and marketing email delivery. Data location: US
• Vercel — Website hosting, edge rendering. Data location: Global Edge (origin: US)
• Google Analytics — Site analytics (with consent). Data location: US / Global

We do not sell your personal data to third parties. Data is shared only as necessary to provide our services.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside of your country of residence, including the United States. We ensure appropriate safeguards are in place for such transfers:

• EU Standard Contractual Clauses (SCCs) — We rely on EU-approved Standard Contractual Clauses as the primary transfer mechanism for data transferred from the EU/EEA/UK to the US.
• Data Processing Agreements (DPAs) — All service providers maintain DPAs that include appropriate data protection obligations.
• Zero Data Retention — For AI processing via OpenAI, we use the Zero Data Retention API configuration, meaning your conversation data is not stored or used for model training.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Lead information (email, company, etc.) — 3 years from collection (Korea PIPA standard)
• Chatbot conversation history — 1 year (Service improvement)
• Analytics data (anonymized) — Indefinite (Not personal data post-anonymization)
• Consent records — 5 years (GDPR proof-of-consent obligation)

After the retention period expires, personal data is automatically deleted, unless retention is required by law or the data subject is an active customer.

9. Your Rights

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of access — Request a copy of all personal data we hold about you.
• Right to rectification — Request correction of inaccurate or incomplete personal data.
• Right to erasure ("Right to be forgotten") — Request deletion of your personal data where there is no compelling reason for continued processing.
• Right to restriction — Request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability — Receive your personal data in a structured, commonly used, machine-readable format.
• Right to object — Object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent — Withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority. In the Republic of Korea, this is the Personal Information Protection Commission (PIPC). In the EU, you may contact your local data protection authority.

10. How to Exercise Your Rights

You can exercise your data subject rights in the following ways:

• Email — Send a request to privacy@shareitglobal.co. We will respond within 30 days.
• Self-service API — Use our Data Subject Rights API at /api/privacy to access, export, or delete your data programmatically. See the Terms of Service for usage details.
• Chatbot — Ask our AI concierge Jina to stop marketing emails or delete your data. Your request will be forwarded to our privacy team.

We may ask you to verify your identity before processing your request. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.

11. AI Transparency

Our website features an AI-powered chatbot concierge ("Jina") that assists visitors with venue inquiries and information. We want to be transparent about how this AI service works:

• AI disclosure — Jina is clearly identified as an AI-powered assistant in the opening message of every conversation, in compliance with the EU AI Act transparency requirements.
• Technology — Jina is powered by a large language model (GPT-based). It uses a retrieval-augmented generation (RAG) system to provide accurate information about our venues and services.
• No model training — Your conversations with Jina are not used to train or fine-tune any AI models. We use the OpenAI API with zero data retention settings.
• Automated decision-making — Jina performs automated intent classification and lead qualification. These are used to improve service delivery and are not the sole basis for decisions that produce legal effects concerning you. You have the right to contest automated decisions and request human review.
• Limitations — Jina provides information and recommendations, not binding commitments. Venue availability, pricing, and terms are subject to confirmation by our human team.

12. Cookies

We use cookies and similar technologies to provide functionality, analyze usage, and improve your experience. We obtain your consent before setting non-essential cookies.

For complete details about the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

13. Marketing Communications

We send marketing communications (newsletters, market insights, new venue updates) only with your explicit, opt-in consent. Consent is collected via a clearly labeled, unchecked-by-default checkbox.

• Every marketing email includes a 1-click unsubscribe link.
• You can withdraw marketing consent at any time by clicking unsubscribe, emailing privacy@shareitglobal.co, or asking our chatbot to stop marketing emails.
• Withdrawal of marketing consent does not affect the lawfulness of processing for other purposes (e.g., responding to your venue inquiry).

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Updating the "Last updated" date at the top of this page
• Displaying a notice on our website for significant changes
• Sending an email notification to registered users for material changes that affect their rights

We encourage you to review this policy periodically.

15. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Privacy inquiries: privacy@shareitglobal.co
• General inquiries: hello@shareitglobal.co
• Phone: +82 2-6204-8399 (Mon-Fri, 09:30–18:30 KST)