Full Policy in Korean
The legally binding full privacy policy is in Korean: nightflow.kr/privacy
1. Data We Collect
- Account information: name, email, phone (via Kakao/Google OAuth)
- Profile information: nickname, profile photo
- Transaction data: reservations, payments, refunds
- Communication records with MDs and customer support
2. Payment Data (Important)
NightFlow does NOT store your credit card information directly. All payment data is handled by PCI DSS compliant payment processors:
- Eximbay (Korea-based, certified PG)
- VISA, MasterCard, JCB, AMEX, UnionPay
- WeChat Pay, Alipay+, PayPal
3. How We Use Your Data
- Account management and authentication
- Matching with Korean nightclub managers (MDs)
- Payment processing and settlement
- Customer support and dispute resolution
- Service improvements and analytics
- Marketing communications (with your consent)
4. Data Sharing
We share data only with:
- Matched club MDs (limited to reservation details)
- Payment processors (Eximbay, etc.)
- Korean tax authorities when legally required
We do NOT sell your personal data to third parties.
5. Data Retention
- Account data: until account deletion + 30 days recovery period
- Transaction records: 5 years (Korean tax law)
- Communication logs: 3 years
6. Your Rights
- Access your personal data
- Correct inaccurate data
- Request account deletion (soft delete + 30 day recovery)
- Withdraw consent for marketing
- Data portability (export your data)
7. Security
We use industry-standard encryption (HTTPS, TLS) and follow Korean Personal Information Protection Act (PIPA) requirements.
This is an English summary. For legal purposes, the Korean version takes precedence. Effective from June 30, 2026.