Novelhaus logo
Collaborative novel platform – Beta testing
KOR ENG
My page

Novelhaus Privacy Policy

Last Updated: 2026-01-02 Effective Date: 2026-01-01 Operator: Immersekool
Immersekool (the “Company”) operates the story creation platform “Novelhaus” (the “Platform”) and complies with the Personal Information Protection Act of Korea and other applicable laws. The Company collects, uses, stores, and deletes personal data only to the extent necessary to provide the services.
1. Data Collected & Purposes 2. Collection Methods 3. Retention Period 4. Third-Party Sharing 5. Processing Outsourcing 6. Cross-Border Transfer 7. Destruction 8. User Rights 9. Security Measures 10. Cookies 11. Breach Notice 12. Contact 13. Changes 14. Miscellaneous

1. Personal Data Collected and Purposes

1) Data Categories

  • Required: Email address, password (stored as a hash), nickname
  • Optional: Name, phone number, profile image
  • Authors / Revenue sharing (if applicable): bank account details for settlement
  • Automatically collected: IP address, access logs, service usage records, cookies, limited device/browser info

2) Purposes of Use

  • Registration and account management (identity verification when required)
  • Service operation (viewing/evaluation/author features)
  • Settlement and tax processing (authors only, when revenue sharing applies)
  • Customer support and inquiries
  • Security, abuse prevention, and quality improvement
  • Legal compliance and dispute handling

2. Methods of Collection

  • User input during sign-up/login/profile/author & settlement info
  • Automatic collection during use (access logs, cookies, etc.)
  • Voluntary provision via support inquiries or events
  • From third parties only with consent or legal basis

3. Retention and Use Period

In principle, we retain personal data only until the purpose is fulfilled, unless retention is required by applicable law.

  • Account data: destroyed without undue delay upon deletion, unless retention is required by law
  • Access logs (IP, etc.): retained for a limited period for security/abuse prevention, then deleted
  • Settlement/tax: retained for statutory periods where applicable
  • Examples:
    • Consumer protection / e-commerce laws (if applicable): up to 5 years
    • Tax laws (if applicable): up to 5 years
Note: Retention periods may change due to service structure or legal updates, and will be reflected in this Policy.

4. Sharing with Third Parties

We do not share personal data with third parties without user consent, except where permitted or required by law.

  • With consent: where the user has provided prior consent
  • Legal basis: where required for investigations or legal proceedings
  • De-identified: for statistics/research in de-identified form

5. Outsourcing of Processing

We may outsource certain processing tasks to provide the services, and we contractually supervise vendors to ensure safe processing.

  • Examples: hosting, email delivery, payments (if introduced), support, security monitoring, backups
  • We minimize scope and enter into contracts that include data protection obligations.
Vendor name / scope / retention / storage country will be disclosed via this Policy or separate notice when applicable.

6. Cross-Border Transfer

We may use overseas vendors/servers for hosting, delivery, security, email, analytics, or AI features. Where required, we will take necessary steps such as notice/consent under applicable law.

  • Where cross-border transfer occurs, we disclose the recipient/vendor, country, method, data categories, purpose, retention period, and user rights as required by law.
  • Where consent is required, we will obtain it.

7. Destruction Procedure and Method

  • Destroyed promptly upon expiration or fulfillment of purpose
  • Methods:
    • Electronic: irrecoverable deletion
    • Paper: shredding or incineration
  • Statutorily required data is stored separately and destroyed after the period ends.

8. User Rights and How to Exercise Them

Users may request access, correction, deletion, restriction, or withdrawal of consent regarding their personal data.

  • How: via “My Page” or by email (samcheonghaus@gmail.com)
  • We will process requests within a reasonable time after verification.
  • Withdrawing consent or requesting restriction may limit certain features.

9. Security Measures

  • Passwords stored as hashes (not in plain text)
  • Access control and least-privilege management
  • Security updates, vulnerability checks, malware prevention
  • Log management and anomaly monitoring where appropriate
  • Transport encryption (HTTPS) where feasible

10. Cookies and Similar Technologies

  • We may use cookies or similar technologies for UX improvement and security.
  • You can block cookies via browser settings; some features may be limited.

11. Breach Notification

In case of a personal data breach, we will notify users without undue delay and report to relevant authorities where required by law.

  • Notice may include: impacted data, timing/cause, mitigation steps, user guidance, and contact details.
  • We will report to authorities where required and take measures to prevent recurrence.

12. Contact for Privacy Inquiries

For privacy-related inquiries, please contact:

13. Changes to this Policy

  • This Policy may be amended due to changes in law, policy, or service operations.
  • Material changes will be announced in advance, and become effective on the stated date.

Appendix This Privacy Policy is effective from 2026-01-01.

14. Miscellaneous

  • Matters not stated herein are governed by applicable laws and the Platform’s terms/policies.
  • Disputes are governed by Korean law and handled by the court with jurisdiction over the Company’s principal office.
© 2026 Novelhaus · Contact  ·  Terms  ·  Legal