Privacy Policy
Last Updated: February 18, 2025
At neocastpoint, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information when you use our budget automation services. We're based in South Korea, so this document follows Korean privacy laws—specifically the Personal Information Protection Act (PIPA). But don't worry, we've written everything in plain English so you actually understand what's happening with your data.
Information We Collect
What You Give Us Directly
When you sign up for neocastpoint, we ask for basic stuff. Your name, email address, and phone number. If you're setting up payment methods or linking bank accounts for budget tracking, we'll need that financial information too. But here's the thing—we only ask for what we actually need to make the service work.
Data Generated Through Use
As you use our platform, we automatically collect certain technical information. This includes your IP address, browser type, device information, and how you interact with our service. We track which features you use most, when you log in, and what actions you take within the app. This helps us understand usage patterns and fix things when they break.
We also collect financial transaction data that you choose to connect—spending patterns, income sources, budget categories you create. This is the core of what makes our automation work, but you're always in control of what gets connected.
Information from Third Parties
If you connect external bank accounts or financial services, we receive data from those institutions. Credit card transactions, account balances, transaction descriptions—that sort of thing. We also might get verification data from identity confirmation services, but only when it's necessary for security purposes.
How We Use Your Information
We use your data to provide and improve our budget automation service. That's the main purpose. Specifically:
- Processing your financial transactions and creating automated budget rules based on your spending patterns
- Sending you notifications about budget thresholds, unusual spending, or account activity
- Analyzing aggregated data to improve our algorithms and add new features
- Providing customer support when you contact us with questions or technical issues
- Detecting and preventing fraud, unauthorized access, or security threats
- Complying with legal requirements under Korean financial regulations
We never sell your personal information to advertisers or data brokers. That's not our business model, and frankly, we think it's a terrible practice. Your financial data stays between you, us, and the financial institutions you explicitly connect.
Legal Basis for Processing (South Korea)
Under Korean law, we need a valid reason to process your personal information. Here's our legal basis:
- Contract Performance: We need your data to deliver the service you signed up for
- Consent: For certain features, we ask for your explicit permission before collecting specific data types
- Legal Obligations: Korean financial regulations require us to maintain certain records and perform identity verification
- Legitimate Interest: We process some data to improve security, prevent fraud, and enhance service quality
You can withdraw consent at any time for data processing that's based on your permission. Just know that some features might stop working if you do.
Data Storage and Security
Where Your Data Lives
We store your information on secure servers located in South Korea. Financial transaction data is encrypted both in transit and at rest using industry-standard encryption protocols. Our infrastructure meets Korean data protection standards and undergoes regular security audits.
Security Measures
We take technical and organizational measures to protect your data. This includes encryption, access controls, regular security testing, and employee training on data protection. Our team members only access your information when necessary to provide support or maintain the service.
But let's be honest—no system is 100% secure. We do our best, but if a breach occurs, we'll notify you promptly as required by Korean law.
How Long We Keep Your Data
We retain your personal information for as long as your account is active, plus whatever period Korean financial regulations require. For most transaction data, that's five years after account closure. Some basic account information might be kept longer if needed for legal disputes or regulatory compliance.
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Account information | Active period + 5 years | PIPA Article 21 |
| Transaction records | Active period + 5 years | Financial regulations |
| Customer support logs | 3 years after resolution | Consumer protection laws |
| Marketing consent records | Active period + 3 years | PIPA compliance |
Sharing Your Information
We share your data only in specific circumstances:
Service Providers
We work with third-party companies that help us run the service—cloud hosting providers, payment processors, email services. These companies can access your data only to perform specific tasks on our behalf, and they're contractually obligated to protect your information.
Financial Institutions
When you connect external bank accounts, we share necessary authentication data with those institutions to establish and maintain the connection. This is how account linking works—we can't pull your transaction data without sharing authentication credentials.
Legal Requirements
If Korean authorities request your information through proper legal channels, we're required to comply. We'll notify you unless legally prohibited from doing so. We might also disclose data to prevent fraud, enforce our terms of service, or protect someone's safety.
Business Transfers
If neocastpoint gets acquired or merges with another company, your information would transfer as part of that transaction. We'd notify you beforehand and explain any changes to how your data is handled.
Your Rights Under Korean Law
Korean privacy law gives you several rights regarding your personal information. Here's what you can do:
Access and Portability
You can request a copy of all personal data we hold about you. We'll provide this in a structured, commonly used format within 30 days. There's no charge for your first request in a 12-month period.
Correction
If your information is inaccurate or incomplete, you can ask us to correct it. For most account details, you can update this directly in your account settings. For financial transaction data that came from external sources, you'll need to correct it with the originating institution.
Deletion
You can request deletion of your account and associated data. We'll process this within 10 business days, though some information might be retained if required by law. Once deleted, you can't recover your budget history or automated rules—so make sure you're certain before requesting this.
Processing Restriction
You can ask us to temporarily stop processing your data in certain situations—like when you're disputing data accuracy or contesting the legal basis for processing. During this time, we'll store your information but not actively use it.
Objection
You can object to data processing based on legitimate interest. We'll stop processing unless we can demonstrate compelling reasons that override your interests—typically related to legal claims or service security.
How to Exercise These Rights
Send requests to info@neocastpoint.com with "Privacy Rights Request" in the subject line. Include your full name and account email. We'll verify your identity and respond within the timeframes required by Korean law.
International Data Transfers
Your data primarily stays within South Korea. However, some of our service providers have servers in other countries. When we transfer data internationally, we ensure adequate protection through standard contractual clauses or by verifying that the receiving country has data protection laws that meet Korean standards.
If you're accessing our service from outside South Korea, your data might be transferred to our Korean servers. By using neocastpoint, you consent to this transfer and acknowledge that Korean data protection laws will apply.
Cookies and Tracking
We use cookies and similar technologies to make the service work properly. Essential cookies handle things like keeping you logged in and remembering your preferences. We also use analytics cookies to understand how people use the platform, though you can opt out of these.
You can control cookie settings in your browser, but blocking essential cookies will prevent certain features from working. We don't use advertising cookies or share cookie data with ad networks.
Children's Privacy
Our service isn't designed for anyone under 19 years old (the age of majority in South Korea). We don't knowingly collect information from minors. If we discover that we've accidentally collected data from someone under 19, we'll delete it immediately.
Changes to This Policy
We update this privacy policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by email or through a prominent notice in the app. The "Last Updated" date at the top shows when the current version took effect.
Continued use of neocastpoint after policy changes means you accept the updated terms. If you don't agree with changes, you can close your account before they take effect.
Data Protection Officer
Under Korean law, we're required to designate a Data Protection Officer who oversees compliance with privacy regulations. You can contact our DPO directly for privacy-related concerns or questions that standard support channels don't address.
Questions About Privacy?
If you have concerns about how we handle your data, reach out to us:
+82319116527
36 Dongdeok-ro, 3rd Floor, Jung-gu, Daegu, South Korea
You also have the right to file a complaint with the Korean Personal Information Protection Commission if you believe we've violated privacy laws.