Privacy Policy
SenseZero Co., Ltd. (hereinafter “the Company”) complies with the Personal Information Protection Act of Korea (PIPA) and related laws, and is committed to protecting the personal information of data subjects. The Company establishes and publishes this Privacy Policy as follows.
Article 1 (Purpose)
This Privacy Policy describes the items, purposes, retention and use periods, third-party disclosures, processing entrustments, and data subject rights regarding personal information processed by the Company in connection with the “WorkerManager” mobile application and related web services (hereinafter the “Service”).
Article 2 (Items and Methods of Personal Information Collected)
1. Account creation and management
- Required: email, password (stored as a one-way hash), name, mobile phone number, affiliated company / site / position
- Optional: emergency contact, profile photo
- When using social login: identifier and email provided by Kakao / Google / Naver
2. Automatically collected during service use
- Device information: device ID, OS type and version, app version
- Push notification token (FCM)
- Access logs, IP address, service usage records
3. Industrial-safety and health monitoring data
- BLE beacon identifiers (helmet / safety belt / zone beacons) and signal strength
- Location data: GPS coordinates (latitude / longitude), Bluetooth-based indoor location, including background location
- Check-in / check-out times, entry and exit records for work zones
- Wearable biometric signals (collected, with the user’s explicit consent, via Android Health Connect / Apple HealthKit): heart rate, heart rate variability (HRV), step count, distance, walking speed, active / basal / total calories burned, exercise time, blood oxygen (SpO₂), blood pressure, body temperature, blood glucose
- Risk-inspection (TBM) photos
- Emergency call (SOS) records and incident location
4. Methods of collection
- Direct input by the user during account creation
- Automatic generation and collection during service use
- Integration with external health platforms (Health Connect / HealthKit) — only when the user has granted permission
- Bluetooth beacon reception and GPS measurement
Article 3 (Purposes of Collection and Use)
- Member identification and authentication; verification of service eligibility
- Industrial-site safety monitoring (zone entry / exit, PPE wearing status, access control)
- Early detection of worker emergencies (fall, hyperthermia, abnormal heart rate) and environmental response (heatwave, cold-wave alerts)
- Notifying administrators and transmitting incident location upon SOS events
- Work scheduling, training, inspection management, and statutory record keeping under the Occupational Safety and Health Act
- Service-improvement statistics (processed in a non-personally-identifiable form)
- Notice and safety-alert delivery (in-app push, email)
- Fraud prevention and security incident response
Article 4 (Retention and Use Period)
As a rule, personal information is destroyed without delay once the purpose of collection and use has been achieved. However, the following items are retained for the periods specified.
| Item | Retention period | Legal basis |
|---|---|---|
| Account creation and management records | Until membership withdrawal | Internal policy |
| Industrial-safety activity records (attendance, TBM, SOS) | 5 years | Enforcement Rules of the Occupational Safety and Health Act |
| Records of location-information collection / use / disclosure | 6 months | Act on the Protection and Use of Location Information |
| Records of unlawful use | 1 year | Internal policy |
Article 5 (Provision of Personal Information to Third Parties)
The Company processes personal information within the scope set forth in Article 3 and, as a rule, does not provide it to external parties without the data subject’s prior consent, except in the following cases:
- Where the data subject has given separate consent
- Where required by law
- Where deemed necessary in an emergency to protect the life, body, or property of the data subject or a third party (e.g., transmitting an SOS event to emergency medical or public-safety agencies)
For the operation of the Service, the Company makes the following information viewable by the administrator of the data subject’s affiliated company (employer):
- Check-in / check-out times and work history
- Industrial-safety monitoring data (zone entry, safety-equipment usage, emergency calls, etc.)
- Selected biometric signals (limited to those relevant to detecting health anomalies during work)
This is conducted to support the employer’s safety obligations under the Occupational Safety and Health Act, and separate consent is obtained from the user during account creation.
Article 6 (Entrustment of Personal Information Processing)
The Company entrusts the processing of personal information to the following parties for the operation of the Service.
| Trustee | Entrusted task | Entrusted information |
|---|---|---|
| Google LLC (Firebase, Google Cloud Platform) | Push notification delivery (FCM), cloud infrastructure (DB / storage), authentication | FCM token, service-processed data |
| Kakao Corp. | Kakao social login | Kakao identifier, email |
| NAVER Corp. | NAVER social login | NAVER identifier, email |
| Google LLC | Google social login | Google identifier, email |
Pursuant to Article 26 of the Personal Information Protection Act, the Company takes the measures necessary to ensure the safe processing of personal information when entering into an entrustment agreement.
Article 7 (Rights of the Data Subject and How to Exercise Them)
The data subject may exercise the following rights against the Company at any time:
- Request access, correction, deletion, or suspension of processing of personal information
- Withdraw consent and terminate membership
- Exercise any other rights regarding the processing of their personal information
These rights may be exercised through the “Settings → Account” menu in the app, or by emailing the Privacy Officer below. The Company will act on such requests without delay.
Article 8 (Measures to Ensure the Security of Personal Information)
- Administrative: minimization of access rights, regular employee security training, access-log retention
- Technical: one-way encryption of passwords, TLS 1.2+ encryption in transit, access control (firewall, separation of permissions), periodic security audits
- Physical: data is stored in the Google Cloud Platform Korea region (Seoul / asia-northeast3) with access controls in place
Article 9 (Installation and Refusal of Automatic Data-Collection Devices)
The app collects a device token for push-notification delivery. The user may refuse this through operating-system notification settings; doing so may limit certain safety-alert functions.
Article 10 (Processing of Location Information)
The Company processes location information in compliance with the Act on the Protection and Use of Location Information as follows:
- Items collected: GPS coordinates (latitude / longitude); Bluetooth beacon-based indoor location
- Purposes: management of work-zone entry / exit, identification of incident location during emergencies
- Retention: 6 months in principle. Records related to emergencies may be retained for up to 5 years under the Occupational Safety and Health Act.
- Background collection: location data may be collected even when the app is terminated or in the background, in order to detect BLE beacons and respond to emergencies. The user may revoke location permission at any time in the OS settings.
Article 11 (Processing of Health and Biometric Data)
The Company treats health data as sensitive information under Article 23 of the Personal Information Protection Act and processes it as follows:
- Source: collected from wearable devices via Android Health Connect / Apple HealthKit only when the user has explicitly granted permission
- Items: heart rate, heart rate variability (HRV), step count, distance, walking speed, active / basal / total calories burned, exercise time, blood oxygen (SpO₂), blood pressure, body temperature, blood glucose
- Purpose: early detection of work-related emergencies (heatstroke, fainting, abnormal heart rate, etc.) and risk alerts for environmental conditions (heatwave, cold-wave)
- Right to refuse: the user may revoke Health Connect / HealthKit permissions at any time, after which collection of the corresponding items stops. Doing so may limit certain safety-monitoring features.
Article 12 (Privacy Officer)
The Company designates the following Privacy Officer to oversee personal information processing and to handle data subjects’ complaints and grievances.
- Name: Min-soo Joo (Chief Technology Officer)
- Email: minsoo@sensezero.io
- Phone: +82-10-4799-1150
Article 13 (Remedies for Infringement of Rights)
Data subjects may contact the following agencies for dispute resolution and consultation:
- Personal Information Dispute Mediation Committee: 1833-6972, kopico.go.kr
- Korea Internet & Security Agency (KISA) Privacy Complaint Center: 118, privacy.kisa.or.kr
- Cyber Investigation Division, Supreme Prosecutors’ Office: 1301, spo.go.kr
- National Police Agency Cyber Bureau: 182, ecrm.cyber.go.kr
Article 14 (Amendments to this Privacy Policy)
This Privacy Policy is effective from the date set out below. Where amendments are made due to changes in law, policy, or security technology, the Company will provide notice through the announcement section at least 7 days prior to the amendment’s effective date.