ReelVerse (operated by Papapage, Korea) processes personal data in compliance with GDPR and Korean PIPA.
Data We Collect
| Category | Examples | Retention |
|---|---|---|
| Account | Email, birth year, nickname | 30 days after deletion |
| OAuth | Google profile (email, name, picture) | 30 days after deletion |
| Usage | Access logs, viewing history, ratings | 6 months / 90 days |
| Payment | Toss payment_key, order_id, amount | 5 years (Korean tax law) |
| Disputes | Reports, sanctions | 3 years (consumer law) / permanent for violations |
Purposes
- Service provision (signup, content, payment, notifications)
- Safety (moderation, anti-fraud, dispute handling)
- Legal compliance (tax, law enforcement)
Third-Party Processors (Sub-processors)
Supabase, Mux, Vercel, Inngest, Toss, Resend, OpenAI, ACRCloud, Sentry, Amplitude, Upstash. Most are US-based — your data may be transferred outside Korea/EU.
Your Rights (GDPR Art. 15-22)
- Access: Settings > Download my data
- Rectification: Settings > Edit profile
- Erasure: Account deletion (30-day grace, then permanent)
- Restriction / Portability / Objection: Email support@reelverse.io
Children Under 13
We block accounts under 13 (COPPA / Korean PIPA). See Children Privacy.
Security
SSL/TLS, bcrypt password hashing, database RLS, access logs, principle of least privilege.
Data Protection Officer
- Donghee Kim — 010-4764-2112 — support@reelverse.io
Contact / Complaints
- support@reelverse.io
- Korean Privacy Dispute Mediation Committee: privacy.go.kr / 1833-6972
- KISA: privacy.kisa.or.kr / 118
Last updated: 2026-04-27