Privacy Policy.
Effective May 19, 2026 · Applies to uwonitkorea.com and all UWONIT GLOBAL services.
- · We collect what you give us to broker an introduction — your business email, company, country, and the match details.
- · We do not sell your data, run advertising profiles, or train AI models on it.
- · Match details are visible to UWONIT GLOBAL staff and the matched manufacturer (only after they accept).
- · Tokens for our internal Gmail tooling stay on our authorized operator's machine — never on a server, never shared.
- · You can ask us to access, correct, or delete your data anytime: uwonit2026@gmail.com.
1. Who we are
UWONIT GLOBAL ("we", "us") is a Seoul-based B2B introduction service connecting overseas buyers to verified Korean manufacturers. We are the data controller for personal data processed via uwonitkorea.com and our operator tooling.
Contact: uwonit2026@gmail.com. Korean business registration is in progress; this notice will be updated to include the registered company name, address, and BRN once issued.
2. Data we collect
We collect only what is necessary to provide our service:
- Business email, name, company name, country
- Match details: product of interest, quantity, target price, message
- Account uid (if you sign in with Google or email)
- Korean Business Registration Number (BRN), company name, contact person
- Email, phone, factory address
- Banking information (for settlement of matching fee — visible only to authorized UWONIT operators)
- Product catalog data (public listing fields)
- Firebase Authentication session token (essential cookie)
- Approximate country derived from request region (used to localize UI; not stored)
- Server logs (IP, user-agent, timestamp) — retained 30 days for security only
- Google OAuth tokens for our internal Gmail desktop tool, stored exclusively in the operator's macOS Keychain. Never transmitted to our servers; never accessible to other users.
3. Why we use it (legal basis)
- Performing the introduction — process buyer requests, propose matches, route warm-intro emails. Legal basis: legitimate interest (GDPR Art. 6(1)(f)) for buyers; contract performance (Art. 6(1)(b)) for registered manufacturers.
- Compliance & record-keeping — Korean accounting law requires retention of fee-settlement records (7 years). Legal basis: legal obligation (Art. 6(1)(c)).
- Fraud prevention & security — server logs, abuse detection. Legal basis: legitimate interest.
- Product updates & transactional notices — only emails directly related to your match (no marketing). Marketing communications, if any, are strictly opt-in.
5. International transfers
Personal data is stored in Firebase region asia-northeast3 (Seoul). Google processes our data globally under their Standard Contractual Clauses; we rely on Google Cloud's GDPR Data Processing Amendment and SCCs as the lawful transfer mechanism.
For EU/EEA/UK users, you can request a copy of the relevant transfer mechanism by contacting us.
6. How long we keep it
- Match requests (unmatched): 12 months from last activity, then deleted
- Match requests (matched, deal closed): 5 years (commercial record)
- Settlement and fee records: 7 years (Korean accounting law)
- Server logs: 30 days
- Account data: until you delete your account or 24 months of inactivity, whichever is sooner
7. Your rights
Under GDPR (EU/EEA/UK), Korean PIPA, and similar laws (CCPA, PIPEDA, LGPD), you have the right to:
- Access — request a copy of the data we hold about you
- Rectification — correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Restriction — pause processing pending resolution
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — where consent is the basis
- Lodge a complaint with your local supervisory authority (e.g., your national DPA in the EU, the PIPC in Korea)
To exercise any of these, email uwonit2026@gmail.com with the subject "Data Subject Request". We respond within 30 days (GDPR) / 15 days (PIPA), free of charge for reasonable requests.
9. Children
UWONIT GLOBAL is a B2B service for businesses and individuals aged 18 or older. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. Google API Services User Data Policy
UWONIT GLOBAL's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Our internal operator desktop tool requests the following Gmail scopes, used only by the authorized operator account (uwonit2026@gmail.com):
gmail.readonly— read replies sent to the operator's inbox in response to match introductions.gmail.compose— create draft emails with pre-filled match content so the operator can review and click send. No automatic sending; nothing is sent without explicit user click.
Data received from Google APIs is used solely to facilitate operator-to-counterparty correspondence about active matches. We do not:
- Transfer Gmail data to any other party
- Use Gmail data for serving ads or for any purpose other than the operator's match correspondence
- Use Gmail data to train any AI or machine-learning model
- Allow humans other than the authorized operator to read Gmail data, except for security investigations or as required by law
OAuth tokens are stored exclusively in the operator's macOS Keychain on a single authorized machine. Tokens are never transmitted to or stored on any UWONIT server.
11. How we protect your data
- TLS 1.2+ for all data in transit (HSTS preload)
- Encryption at rest via Google Cloud Platform
- Firestore security rules enforce row-level access — buyers cannot read other buyers' matches; manufacturers see only their own listings; banking and settlement records are operator-only
- OAuth tokens stored in macOS Keychain (never on disk in plaintext, never in our database)
- PKCE flow for our desktop OAuth — no client secret embedded in distributed binaries
- Content Security Policy + strict frame-ancestors on all production hosts
- Strict separation between staging and production environments
No system is perfectly secure. If we become aware of a breach affecting your data, we will notify affected users without undue delay (within 72 hours where required by GDPR Art. 33).
12. Updates to this policy
We may update this policy as our service evolves or as laws change. The "Effective" date at the top reflects the most recent update. For material changes — new data categories, new sub-processors, expanded sharing — we will notify registered users by email at least 14 days in advance, and display an in-app banner.
13. Contact
Questions, requests, or complaints:
- Email: uwonit2026@gmail.com
- Postal address: UWONIT GLOBAL, Seoul, South Korea (full registered address available on request)
See also: Terms of Service · Disclaimer