The Cast Privacy Policy
BlacksmithIO Co., Ltd. ("Company") values the personal information of users and complies with applicable laws, including the Personal Information Protection Act of Korea and the Act on the Consumer Protection in Electronic Commerce, in operating The Cast mobile application, website, live commerce services, feed and short-form product discovery, seller or store showcase pages, customer inquiries, and partnership inquiry services (collectively, the "Service").
The Company establishes and discloses this Privacy Policy to protect users’ rights and to smoothly handle privacy-related complaints.
Effective date: June 17, 2026
Article 1 (Items of Personal Information Collected and Collection Methods)
The Company collects the minimum personal information necessary to provide the Service and may collect the following information in connection with registration, orders, payments, delivery, customer support, partnership inquiries, events, and use of the Service.
- Registration and login: social account unique identifier, email address, profile name, nickname, profile photo (optional), and member identification information
- Profile and service use: profile information entered by the user, followed sellers or stores, viewing, clicking, and purchase-linked history for live, feed, and short-form content, inquiry or counseling history, and posted or uploaded content
- Orders, payment, delivery, cancellation, return, and refund: name of orderer or recipient, phone number, delivery address, ordered product information, payment approval information, and information necessary for refund processing
- Customer support and partnership or seller inquiries: name or manager name, brand or company name, phone number, email address, inquiry type, discovery path, inquiry details, and consent to collection and use of personal information
- Notification services: app push token, consent to receive Kakao channel-based messages such as AlimTalk or FriendTalk, app push settings, and notification history for followed sellers or live opening alerts
- Skin analysis feature information: facial photos, up to three images, taken or uploaded by the user when the user optionally uses the skin analysis feature
- Automatically collected information: IP address, cookies, access time, usage history, device identifiers, advertising identifiers such as ADID or IDFA, operating system information, browser information, app version, device model, and log records
The Company collects personal information through methods such as registration, service use, customer inquiries, order and delivery processing, and automatic collection through log analysis tools. Facial photos are collected only when the user optionally uses the skin analysis feature and chooses to take or upload such photos.
Article 2 (Purposes of Use of Personal Information)
The Company uses collected personal information for the following purposes.
- Member identification and account management: identity verification, member identification, prevention of fraudulent use, account security, and response to violations of service terms
- Provision of live commerce and shopping services: viewing live broadcasts, providing feed and short-form content, product discovery, order receipt, payment processing, delivery, cancellation, exchange, return, refund, and purchase history management
- Seller, store, and content linking: public profile display, following sellers, live opening alerts, content recommendations, and optimization of in-service exposure
- Customer support and dispute handling: responding to inquiries, delivering notices, handling complaints, and addressing purchase and delivery disputes
- Provision of the skin analysis feature: analyzing the user's skin condition using facial photos voluntarily provided by the user and providing customized skincare and cosmetic recommendations
- Service improvement and analytics: analysis of access frequency, feature improvement, error response, security monitoring, and service stability management
- Marketing and benefits notices: events, promotions, benefits, personalized recommendations, and live-opening or shopping-related notices. However, advertising or benefits-related messages through app push or Kakao channel-based messages such as AlimTalk or FriendTalk are sent only where separate consent is obtained as required by law.
The Company uses facial photos collected through the skin analysis feature solely to analyze skin condition and provide customized skincare and cosmetic recommendations, and does not use such photos for identity verification, facial recognition, biometric authentication, advertising, or user profiling.
Article 3 (Retention and Use Period of Personal Information)
The Company destroys personal information without undue delay when the purpose of collection and use has been achieved. However, where retention is required by law or consent has been obtained, the information may be retained for the applicable period.
- Member information: until account withdrawal. However, where retention is necessary for legal violations, fraudulent use, or dispute response, it may be retained until the relevant matter is resolved.
- Records on contracts or withdrawal of offers: 5 years
- Records on payment and supply of goods or services: 5 years
- Records on consumer complaints or dispute resolution: 3 years
- Electronic financial transaction records: 5 years
- Tax or legally required transaction evidence: for the period prescribed by applicable laws
- Access log records: 3 months
- Partnership or seller inquiry records: up to 3 years after completion of response or for any longer period required by law
- Facial photos used for the skin analysis feature: used only temporarily during skin analysis processing and deleted immediately upon completion of the analysis. Such facial photos are not stored on the server.
Article 4 (Dormant Accounts, Long-Term Inactive Users, and Lifetime or Long-Term Account Retention Policy)
Because Korean law no longer imposes a uniform statutory obligation to separate or convert long-term inactive user accounts, the Company manages long-term inactive accounts under the following principles for user protection and secure data management.
- The Company may provide prior notice to accounts with no login or service use for one year or longer in order to confirm whether the account is long-term inactive.
- If the Company operates or changes a dormant-account policy, separate-storage policy, integrated management policy, or a lifetime or long-term account retention policy, it will provide prior notice of the details, effective date, objection procedure, and withdrawal method.
- If the Company restores previously segregated accounts to ordinary status or converts them to lifetime or long-term retention status, it will do so only through the member’s express consent or renewed consent, identity verification, and any additional required notice procedures.
- Even where a member does not use the Service for a long period, information that must be retained by law will be stored securely and separately and destroyed without undue delay when the retention period expires.
- Members may request confirmation of account status, access to personal information, correction, deletion, or withdrawal at any time through service settings, customer support, or email.
Article 5 (Destruction Procedure and Method)
- Procedure: Personal information is destroyed without undue delay once the purpose is achieved unless separate retention is required by law, in which case it is stored separately and destroyed when the relevant period expires.
- Electronic files: destroyed using technical methods that make recovery or reproduction impossible.
- Paper documents: destroyed by shredding, incineration, or similar methods.
- Facial photos used for the skin analysis feature: used only temporarily during processing and deleted immediately upon completion of the analysis using methods that make recovery or reproduction impossible. Such facial photos are not stored on the server.
Article 6 (Provision of Personal Information to Third Parties)
The Company does not sell users’ personal information to outside parties or provide it for an independent third party’s marketing purposes without consent. However, the following minimum disclosures may occur as necessary for service provision.
- Seller Members or stores: orderer information, recipient information, and order details for order confirmation, customer support, exchange, return, and refund handling
- Delivery companies: recipient name, phone number, delivery address, and delivery instructions for shipment of goods
- Toss Payments and related payment institutions: information necessary for payment approval, payment method authentication, settlement, refund, electronic payment processing, and prevention of fraudulent transactions
- Authorities with lawful power to request information: information disclosed as required for investigations, supervision, taxation, dispute resolution, or similar legal requests
The Company does not sell or share facial photos collected through the skin analysis feature with third parties and does not provide such photos to third parties without the user's consent or a legal basis.
Article 7 (Entrustment of Personal Information Processing)
The Company directly develops and operates The Cast app and website and does not have a separate outsourced app operating company. However, the Company may connect to external services or entrust limited processing for the following functions in order to provide the Service smoothly.
- Toss Payments: electronic payment gateway processing, payment approval, cancellation, refund, and fraud prevention
- Kakao messaging integration: sending Kakao channel-based messages such as AlimTalk or FriendTalk, for users who have consented to receive them, regarding orders, delivery, live opening notices, and benefits information
App push notifications and Kakao channel-based messages such as AlimTalk or FriendTalk are sent only to users who have consented or enabled the relevant settings. The Company supervises external integrated services as required by law and will disclose any additional or changed entrusted or integrated service providers through this Policy or the Service screen.
Article 8 (Users’ Rights and Methods of Exercise)
Users may request access to, correction of, deletion of, suspension of processing of, withdrawal of consent for, or withdrawal from membership relating to their personal information at any time.
- Withdrawal from membership or withdrawal of consent may be requested through in-app or website account settings, customer support, or email.
- Order, payment, delivery, and other transaction-related information may not be deleted immediately if retention is required by law.
- These rights may also be exercised through a legal representative or authorized agent, in which case the Company may verify proper authority.
Article 9 (Cookies, Advertising Identifiers, and Behavioral Information)
The Company may use cookies, advertising identifiers, access logs, and similar information to improve convenience, maintain login status, analyze access statistics, and provide personalized services.
- Users may refuse or delete cookies through browser settings.
- Advertising identifiers and push notification settings on mobile devices may be changed through operating system settings.
- Where separate consent is required for advertising messages or personalized recommendations, the Company obtains such consent in accordance with applicable laws.
Article 10 (Security Measures)
The Company implements the following measures to protect personal information.
- Minimization of access rights and establishment of an internal management plan
- Access control to systems processing personal information, log management, and security monitoring
- Technical protection measures such as encryption in transmission sections
- Training and authority management for personnel handling personal information
Article 11 (Personal Information of Children Under 14)
In principle, the Company does not allow membership registration by children under 14 and does not intentionally collect personal information from children under 14. If a situation requiring parental or legal guardian consent arises, the Company will follow procedures required by applicable laws.
Article 12 (Chief Privacy Officer and Contact Information)
For privacy-related inquiries, complaints, or requests for relief, please contact the following.
- Chief Privacy Officer: Song Seongha
- Title: Chief Executive Officer
- Email: ceo@blacksmithio.com
- Customer Center: +82-2-6011-8989
- Address: S Factory B-219, 11 Yeonmujang 15-gil, Seongdong-gu, Seoul, Republic of Korea
Article 13 (Remedies for Infringement of Rights)
Users may contact the following institutions for reporting or consultation regarding privacy infringement.
Article 14 (Changes to this Privacy Policy)
The Company will notify users in advance through this page if material matters concerning personal information processing change, including laws, service contents, collected items, retention periods, or long-term inactive account policies.