Effective Date: December 12, 2025
Last Updated: December 12, 2025
Version: 1.0 (English — Master Version)
This English version is the master version of this Privacy Policy. Translations into other languages (including Korean) are provided for convenience only. In case of any discrepancy or conflict between the English version and any translation, the English version shall prevail.
This Privacy Policy describes how [Company Name] ("soviss", "we", "our", or "us") collects, uses, stores, and shares personal information when you use soviss.com, our authentication hub service.
soviss.com itself is a Unified Account and single sign-on (SSO) service. It does not host content or process payments. Each Subdomain Service (e.g., movis.soviss.com, seo.soviss.com, apost.soviss.com, music.soviss.com) has its own Privacy Policy that supplements this one with service-specific information.
We are committed to protecting your personal information and your right to privacy. This Policy is designed to comply with:
The data controller responsible for your personal information is:
For users in the EEA and UK, please see Section 14 for our Data Protection Officer (DPO) and EU Representative information.
Because soviss.com is purely an authentication hub, the personal information we collect is limited and minimal.
| Examples | ||
|---|---|---|
| Account credentials | Email address, password (hashed), display name | Required for registration |
| Profile information | Profile picture, contact preferences | Optional |
| Communications | Inquiries, support tickets, feedback | Provided when you contact us |
When you use the Service, we automatically collect:
| Examples | ||
|---|---|---|
| Authentication data | Login timestamps, session tokens, device identifiers | Account security, session management |
| Technical data | IP address, browser type, operating system, language preference | Service operation, security, fraud prevention |
| Usage data | Pages visited on soviss.com, click events related to authentication flow | Service improvement, analytics |
| Cookies | See Section 11 (Cookies) | See Section 11 |
When you use a Subdomain Service, that service collects additional information governed by its own Privacy Policy. soviss.com itself does not receive content or behavioral data from those services unless required for authentication.
soviss.com does not collect:
We use your personal information for the following purposes, based on the legal grounds described in Section 5:
| Account creation and management | Verifying your identity, enabling SSO login |
| Service operation | Providing authentication across Subdomain Services |
| Security | Preventing unauthorized access, detecting fraud and abuse |
| Communication | Sending account-related notifications (e.g., password resets, security alerts) |
| Legal compliance | Complying with applicable laws and responding to lawful requests |
| Service improvement | Understanding usage patterns to improve the Service |
If you are in the EEA, UK, or Switzerland, we process your personal information on the following legal bases under Article 6 of the GDPR:
| Creating and managing your Unified Account | Contract performance (Art. 6(1)(b)) |
| Providing SSO authentication | Contract performance (Art. 6(1)(b)) |
| Securing the Service and preventing abuse | Legitimate interests (Art. 6(1)(f)) |
| Sending essential service notifications | Contract performance (Art. 6(1)(b)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Optional marketing or product updates | Consent (Art. 6(1)(a)) — withdrawable at any time |
We share your personal information only as described below:
We share information with trusted service providers that help us operate the Service. These providers act under contract and may only use your information for the purposes we specify.
| Examples | ||
|---|---|---|
| Cloud infrastructure | AWS, Google Cloud, or similar | Hosting, data storage |
| Email delivery | Transactional email providers | Sending account emails (verification, password reset) |
| Security and fraud prevention | Authentication and bot-detection services | Account security |
| Analytics | Privacy-respecting analytics tools | Aggregated usage analysis |
| Customer support | Helpdesk tools | Responding to your inquiries |
When you use a Subdomain Service, your Unified Account credentials and basic profile information are shared with that service to enable authentication. Each Subdomain Service's Privacy Policy describes any additional sharing.
We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to:
If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you in advance of any such transfer that would change how your information is handled.
We may share information for any other purpose with your explicit consent.
We do not sell your personal information for monetary or other valuable consideration, as defined under the CCPA/CPRA. We also do not "share" your information for cross-context behavioral advertising.
We are based in the Republic of Korea, and we use service providers located in various countries. As a result, your personal information may be transferred to, stored, and processed in countries other than your own.
When we transfer personal information out of the EEA, UK, or Switzerland, we use one or more of the following safeguards:
You can request a copy of the safeguards used by contacting support@soviss.com.
We retain your personal information only as long as necessary for the purposes described in this Policy, or as required by applicable law.
| Active Unified Account data | Until you delete your account |
| Account data after deletion request | Deleted within 30 days, except where law requires longer retention |
| Authentication logs | Up to 12 months |
| Customer support records | Up to 3 years |
| Records required by Korean e-commerce or tax law | As required by law (typically 5 years) |
| Backups | Up to 90 days after deletion from primary systems |
Regardless of where you live, you have the following rights:
To exercise these rights, log into your account settings or email support@soviss.com. We will respond within 30 days.
If you are in the EEA, UK, or Switzerland, you also have the right to:
If you are a California resident, you have the following additional rights under the CCPA/CPRA:
To submit a CCPA request, email support@soviss.com with the subject "CCPA Request." We may verify your identity before responding. Authorized agents may submit requests on your behalf with proper documentation.
Korean residents have rights under the Personal Information Protection Act, including the right to access, correct, delete, and suspend processing of their personal information. To exercise these rights, contact support@soviss.com or use the controls in your account settings. You may also file a complaint with the Personal Information Protection Commission (privacy.go.kr) or the Korea Internet & Security Agency Privacy Center (privacy.kisa.or.kr / call 118).
We implement administrative, technical, and physical safeguards designed to protect your personal information, including:
However, no method of transmission or storage is 100% secure. If you have reason to believe your account is no longer secure, please contact us immediately at support@soviss.com.
soviss.com uses a minimal set of cookies necessary for the Service to function:
| Purpose | ||
|---|---|---|
| Strictly Necessary | Authentication, session management, security | Required |
| Functional | Remembering your language and display preferences | Optional |
| Analytics | Aggregated usage analysis (no individual tracking) | Optional |
You can manage cookies through your browser settings. Disabling strictly necessary cookies will prevent the Service from functioning correctly.
For users in the EEA, UK, or jurisdictions requiring consent, we display a cookie consent banner on first visit allowing you to accept or reject non-essential cookies.
The Service is not intended for users below the minimum age stated in Section 3 of our Terms of Service:
We do not knowingly collect personal information from children below these ages. If we learn that we have collected personal information from a child without verified parental consent, we will delete that information promptly. Parents and guardians who believe their child has provided personal information to us should contact support@soviss.com.
We do not use your personal information for automated decision-making that produces legal effects or similarly significant effects on you, as defined under GDPR Article 22.
We do use automated systems for fraud detection and security purposes (e.g., detecting suspicious login patterns), but these systems do not make final decisions affecting your rights without human review.
For privacy questions, please contact:
If we appoint an EU representative or UK representative under GDPR Article 27 / UK GDPR, their details will be listed here. As of the effective date of this Policy, we have evaluated our processing activities and do not believe we meet the threshold requiring formal appointment. Users in the EEA or UK may contact support@soviss.com directly for any privacy matter.
In compliance with Article 31 of PIPA, our designated privacy officer is:
We may update this Privacy Policy from time to time. When we do:
If you do not agree to the updated Policy, you should stop using the Service and may close your account.
For any questions or requests regarding this Privacy Policy or our data practices:
We aim to respond to all privacy requests within 30 days.
| Effective Date | ||
|---|---|---|
| 1.0 | 2025-12-12 | Initial release |