Privacy Policy

Depending on how you use the Service, we may process the following information. General browsing and use - Access logs, IP address, browser and device information, referral path, and page activity - Cookies required for language preference and sign-in persistence - Usage events such as search, filter, and button interactions Member sign-in and account - Account identifiers returned by Google sign-in - Internal service user ID, login provider, service-generated display alias, and account key used for support verification - Email address if provided by the login provider - Sign-up time, session information, and required terms acknowledgment time and version - If selected, promotional email opt-in status, consent or withdrawal time, and consent text version - Daily summary activity statistics for signed-in members' service use Reviews - Event ID, distance type, ratings, selected tags, and optional comment - Created and updated times, visibility status, and hidden or deleted status - If needed for moderation: hidden reason, internal notes, and moderation time - Helpful vote status for reviews Event submissions, inquiries, and rights requests - Submitter name, contact name, organization or agency name, email address, and phone number - Event name, schedule, venue, registration link, categories, fees, and description - Main image, banner image, business verification materials, and other uploaded materials - Request details, attachments, and handling history

We process personal information for the following purposes. - Social sign-in, account creation, and session maintenance - Review posting, editing, deletion, and My Page features - Review display, helpful count display, abuse prevention, reports, and dispute handling - Managing public event information and reference review links - Receiving event submissions, checking facts, and sending approval or rejection notices - Publishing public event information, displaying images, map linking, and reviewing promotional requests - Handling inquiries, complaints, and privacy rights requests - Sending promotional emails such as race news, events, benefits, newsletters, and event winner notices if the user separately agrees - Maintaining service stability, checking errors, analytics, and usability improvement - Compliance with applicable law and dispute response

KorMarathon processes personal information only as needed to provide the Service and respond to user requests. - Sign-in, account creation, reviews, and My Page features: processing necessary to enter into or perform the service relationship - Event submissions, image uploads, and support inquiries: processing necessary to respond to the user or submitter's request - Optional promotional materials, optional review comments, helpful votes, and other optional features: user consent or processing needed to provide the feature the user chose - Security logs, abuse prevention, and error response: legitimate interests in service stability and user protection - Legal retention, lawful requests from authorities, and dispute handling: compliance with law and protection of rights Promotional email consent is optional. Users can sign up, sign in, post reviews, and use the core Service without agreeing. Users may use basic event browsing without providing optional information. Some features, such as sign-in, review posting, and event submission, may be unavailable if the information needed to provide that feature is not provided.

Because KorMarathon is an event information and review service, some information may be shown publicly. Information that may be public - Approved event name, schedule, region, venue, registration link, categories, fees, description, and public images - Public review display alias, ratings, tags, comment, distance type, posting or update time, and helpful count - Review links already published on public webpages and the minimum information needed to display them Information not public by default - Social login provider identifiers, internal user IDs, email addresses, and account keys - Event submitter contact name, contact details, email address, and business verification materials - Operator-only review notes, detailed hidden reasons, and information about members who marked a review as helpful If a user directly includes personal information in a review or submission material, that information may become visible. Please avoid entering contact details or sensitive information in public fields.

We keep personal information only for as long as needed for the stated purposes, then delete or de-identify it when it is no longer needed. - Member account information: kept while membership remains active, and deleted or de-identified after an account deletion request is verified, unless legal retention or dispute handling requires limited retention. - Promotional email consent information: kept while membership remains active or as needed to process withdrawal. Users can opt in or withdraw anytime from My Account. After withdrawal, the user is excluded from future promotional email recipients. - Reviews: kept until the user deletes the review or it is removed under service policy. Hidden or deleted moderation records may be retained as needed for re-review, abuse prevention, and dispute handling. - Helpful vote information: kept until the vote is canceled or the target review is deleted, and processed only as needed for abuse prevention and aggregate count display. - Approved public event information: may remain in the service archive for event history and search quality. We may adjust or remove it after a valid request by an organizer or rights holder. - Non-public submission materials: kept as needed for submission review, fact checking, support, and dispute handling. We delete or narrow the retention scope when the information is no longer needed or a valid deletion request is received. - Reference review links: kept as needed for public-content quality management and rights-holder requests, and may be removed or unpublished after a valid request or operational review. - Access logs and security records: kept as needed for service stability, security, and error response. - Cookies and browser storage: sign-in sessions remain until session expiration, language preference may remain for up to 1 year, and browser storage for recent review prompts and PWA install prompts may remain until the user clears browser storage.

As a rule, KorMarathon does not sell or arbitrarily provide users' personal information to outside parties. Exceptions may apply when: - the user gives separate consent, - disclosure is required by law or by a lawful request from an authorized investigative or supervisory authority, or - the user has directly made information public through a public service feature. Public reviews, public event information, and external review links are handled as public content shown through the Service. Non-public contact details, account identifiers, and business verification materials are not included in public content.

We use external infrastructure and tools to operate the Service, and limited personal information may be processed through those providers. - Supabase: member authentication, session handling, and database storage - Cloudinary: storage of public event images, submission images, and banner images - Resend: operational emails about event submission receipt, approval, and rejection, and promotional emails where the user separately agrees - Google: social login, tag management, analytics tools, maps, and site verification - Microsoft Clarity: behavior analytics if enabled - Ahrefs Web Analytics: traffic analytics - Vercel Analytics and Speed Insights: usage metrics and performance analytics The information that may be transferred or processed is limited to the account information, review information, helpful vote information, submission materials, image files, reference review links, and access or usage records needed for the purposes above. Processing occurs when a user signs in, posts a review, marks a review as helpful, submits an event, uploads an image, or uses pages, through encrypted communications or server-to-server transmission. Depending on each provider's global infrastructure and our service configuration, information may be processed or stored outside the Republic of Korea. Retention is limited according to this policy, service contracts, and each provider's security and backup practices. If a user refuses processing by essential infrastructure providers, features such as sign-in, review posting, event submission, and image display may be limited. We manage these tools so that processing remains limited to what is needed to provide the Service, and we apply reasonable safeguards such as encrypted transmission. If processors or processing methods materially change, we will update this policy.

KorMarathon may use cookies and browser storage for sign-in persistence, language preference, and service improvement. - Essential functionality: Supabase authentication and session cookies - Preferences: language preference cookie - Convenience features: browser storage for recent review target prompts and PWA install prompt visibility - Analytics and performance measurement: Google Tag Manager/Analytics, Microsoft Clarity, Ahrefs Web Analytics, Vercel Analytics, and Speed Insights You can restrict or clear cookies and browser storage through your browser settings, but doing so may affect sign-in persistence, language preference, recent review prompts, PWA install prompts, or some analytics features. KorMarathon applies Google Consent Mode defaults so analytics tag behavior can adjust based on region and configuration.

Users may request the following rights at any time. - Access - Correction - Deletion - Suspension or restriction of processing - Withdrawal of consent - Data portability or explanations about automated decisions, where applicable under law Promotional email consent can be changed directly in My Account. If promotional emails are sent, they will also include a way to unsubscribe or change the setting. For other requests, please send requests to contact@kormarathon.com. The Service does not currently provide self-service account withdrawal, so account deletion and membership termination requests are handled manually by the Operator after verification. Requests related to public reviews or event submission materials may be sent through the same channel.

When the retention period ends or the processing purpose has been fulfilled, we delete or de-identify personal information without undue delay. - Electronic files are deleted or made inaccessible using methods intended to make restoration difficult. - Printed or separate documents are destroyed by shredding, disposal, or equivalent methods. - Information needed for legal retention or dispute handling may be stored separately until that reason no longer applies.

KorMarathon applies the following measures to help protect personal information. - Minimizing administrator privileges and access permissions - Allowing access to personal data only through authenticated environments - Using encrypted communications such as HTTPS - Leveraging security features provided by cloud infrastructure vendors - Maintaining logs and change history to the extent needed for operations - Hiding or correcting public reviews that may contain personal information

KorMarathon does not make fully automated decisions that have legal or similarly significant effects on users. The Service does not require sensitive information or unique identifying information such as resident registration numbers. Please do not enter such information in reviews, inquiries, or submission materials. If discovered, we may delete, mask, or hide it as needed for service operations.

For privacy questions, complaints, or rights requests, please contact: - Privacy and complaint handling: KorMarathon Operations Team - Email: contact@kormarathon.com For additional consultation or remedies, users may use public channels such as the Korean Privacy Portal, the Personal Information Infringement Report Center, and the Personal Information Dispute Mediation Committee. This Privacy Policy may be updated to reflect changes in laws, service features, or security practices. If a material change is made, we will provide notice through the Service or this policy page.