Privacy Policy

We collect the following categories of personal information:

A. Information You Provide:

• Account Information: Name, email address, phone number, company name, and job title

• Payment Information: Credit card details, billing address (processed through third-party payment processors)

• Communications: Messages, feedback, and other communications you send to us

• Product Data: Ingredient lists, formulations, certificates, and compliance documents you upload

B. Automatically Collected Information:

• Technical Data: IP address, browser type, device identifiers, operating system

• Usage Data: Pages visited, features used, time spent, clickstream data

• Cookies and Similar Technologies: As described in Section 4 below

We collect and process your personal information for the following purposes:

• Service Provision: To provide, maintain, and improve our compliance platform services

• Contract Performance: To process transactions, manage subscriptions, and fulfill our contractual obligations

• Communication: To respond to inquiries, provide customer support, and send service-related notifications

• Legal Compliance: To comply with MoCRA, FDA regulations, and other legal obligations

• Security: To detect, prevent, and address fraud, security issues, and technical problems

• Marketing: To send promotional communications (with your consent where required)

• Analytics: To understand usage patterns and improve our services

Legal Basis (for Korean and EU users): Consent, contract performance, legal obligation, and legitimate interests

We retain your personal information for the following periods:

• Account Information: Duration of account plus 3 years after closure (Korean tax law requirement)

• Payment Records: 5 years from transaction date (US and Korean law requirement)

• Compliance Documents: Duration required by FDA regulations and applicable law

• Usage Data: 2 years from collection

• Marketing Communications: Until you withdraw consent or request deletion

You may request deletion of your data at any time, subject to our legal retention obligations.

We use cookies and similar technologies to collect information about your browsing activities:

• Essential Cookies: Required for basic website functionality (no consent required)

• Analytics Cookies: Help us understand how visitors use our website (Google Analytics)

• Marketing Cookies: Used to deliver relevant advertisements

Cookie Management: You can control cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may limit functionality.

Do Not Track: Our website does not currently respond to Do Not Track signals.

We may share your personal information with:

A. Service Providers:

• AWS (Cloud hosting - US and Korea regions)

• Stripe (Payment processing)

• Google Analytics (Usage analytics)

• Intercom (Customer support)

B. Legal Requirements:

• Government agencies when required by law (FDA, tax authorities)

• Law enforcement in response to valid legal requests

C. Business Transfers:

• In connection with mergers, acquisitions, or sale of assets

We do not sell your personal information to third parties. All third-party providers are contractually obligated to protect your data and use it only for specified purposes.

Noedal operates in both the United States and Korea. Your personal information may be transferred to and processed in:

• United States: Our primary servers are located in US AWS regions

• Korea: We maintain data processing facilities in Korean AWS regions

For Korean Users: International transfers to the US are conducted in accordance with Korean PIPA Article 17, with appropriate safeguards including:

• Standard contractual clauses

• AWS's security certifications (ISO 27001, SOC 2)

• Your explicit consent for cross-border transfers

For US Users: We comply with applicable US state privacy laws regarding international transfers.

We implement comprehensive security measures to protect your personal information:

Technical Measures:

• TLS 1.3 encryption for data in transit

• AES-256 encryption for data at rest

• Multi-factor authentication and access controls

• Regular security audits and penetration testing

Organizational Measures:

• Employee confidentiality agreements

• Privacy and security training programs

• Incident response and breach notification procedures

• Regular compliance reviews

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches in accordance with applicable law.

Depending on your location, you have the following rights:

All Users:

• Access: Request copies of your personal information

• Correction: Request correction of inaccurate data

• Deletion: Request deletion of your personal information (subject to legal retention requirements)

• Portability: Receive your data in a structured, machine-readable format

• Opt-out: Unsubscribe from marketing communications

California Residents (CCPA/CPRA):

• Right to know what personal information is collected

• Right to delete personal information

• Right to opt-out of the sale of personal information (we do not sell data)

• Right to non-discrimination for exercising your rights

Korean Users (PIPA):

• Right to request access to personal information

• Right to correction and deletion

• Right to suspend processing

• Right to withdraw consent at any time

To exercise these rights, contact us at legal@noedal.com. We will respond within 30 days (US) or 10 days (Korea).

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete such information promptly.

If you believe we have collected information from a child, please contact us immediately at legal@noedal.com.

For privacy-related inquiries, complaints, or to exercise your rights:

Business Representative: Gordon Li

Email: legal@noedal.com

US Address: Noedal Inc., 1207 Delaware Ave #754, Wilmington, DE 19806, USA

Korea Address: 경기도 성남시 분당구 대왕판교로645번길 12, 13487

Korean Users - Dispute Resolution:

If you are not satisfied with our response, you may file a complaint with:

• Korea Personal Information Protection Commission (www.pipc.go.kr)

• Korea Internet & Security Agency Privacy Center (privacy.kisa.or.kr)

US Users - Dispute Resolution:

California residents may contact the California Attorney General's Office.