K-Occult

Privacy Policy

Last Updated: December 26, 2025

1. Introduction

Welcome to K-Occult ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including our digital archive of Korean folklore and community features.

2. Information We Collect

A. Personal Information

When you register for an account or interact with our services, we may collect:

  • Account Information: Username, email address, and encrypted password (hashed using bcrypt).
  • Profile Information: Display name, profile image (if uploaded), and any additional information you choose to provide.
  • User Content: Text, images, or other content you post on our community boards (Discussion, Request, Report, Free, Notice), comments, and other user-generated content.
  • Activity Data: Posts, comments, contributions to content entries, and participation in community discussions. This data is used to calculate your contribution score and Mapae (마패) ranking tier.

B. Automatically Collected Information

When you access our website, we may automatically collect certain information about your device and usage, including:

  • Session Information: IP address, browser type (User-Agent), session tokens, and last activity timestamps. We track sessions for security purposes, including detection of suspicious activity.
  • Device Information: Operating system, device type, and browser version.
  • Usage Analytics: Pages visited, time spent on pages, referring URLs, and interaction data (clicks, navigation paths). IP addresses are hashed for privacy in analytics records.
  • Login Attempts: IP address and timestamps of login attempts for security monitoring and rate limiting.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, operate, and maintain our digital archive and community platform.
  • Account Management: To manage your account, authentication (including password recovery and email verification), and user preferences.
  • Community Features: To facilitate community interactions (comments, board posts, voting), display your contributions, and calculate your Mapae (마패) ranking tier based on activity.
  • Security & Fraud Prevention: To monitor login attempts, detect suspicious activity, prevent unauthorized access, and protect against security threats. Session information is analyzed to identify potential security risks.
  • Service Improvement: To analyze usage patterns, improve our website design, content, and user experience, and understand how visitors interact with our archive.
  • Communication: To send you account-related notifications, security alerts, password reset emails, email verification messages, and administrative messages.
  • Content Moderation: To review and moderate user-generated content in accordance with our Terms of Service and community guidelines.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Specifically:

  • Essential Cookies: Required for authentication (e.g., keeping you logged in) and security.
  • Functional Cookies: Remember your preferences (e.g., "Haunted Mode" toggle).
  • Analytics Cookies: Help us understand how visitors interact with our website.

You can control cookie preferences through your browser settings, but disabling cookies may affect the functionality of our services.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • With Service Providers: Third-party vendors who assist us in operating our website, including:
    • Email service providers (for password recovery and verification emails via Nodemailer)
    • Hosting and cloud infrastructure providers
    • Content delivery networks (CDNs) for static assets
    These service providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • For Legal Reasons: If required by law, court order, or government regulation, or to protect our rights, property, safety, or the rights of our users.
  • With Your Consent: If you explicitly agree to share your information for a specific purpose.
  • Public Content: Content you post on public boards and comments may be visible to all users of the Service. Your username and profile information may be displayed alongside your public posts.

Note on Third-Party Services: Our content automation system uses Google Custom Search API and Google Gemini AI (via self-hosted n8n workflows) for content research and drafting. These services process publicly available information only and do not receive your personal data.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Password Security: Passwords are hashed using bcrypt with a salt factor of 10. We never store passwords in plain text.
  • Encryption: Secure HTTP (HTTPS) for all data transmission between your browser and our servers.
  • Session Management: Secure session tokens with expiration times (6-12 hours depending on user role). Suspicious session activity is monitored and flagged.
  • Rate Limiting: Login attempts are rate-limited to prevent brute-force attacks. After multiple failed attempts, accounts may be temporarily blocked.
  • IP Privacy: IP addresses in analytics records are hashed to protect your privacy while maintaining security monitoring capabilities.
  • Access Controls: Role-based access control (USER, STAFF, ADMIN) restricts access to sensitive administrative functions.
  • Regular Security Assessments: We conduct regular security reviews and updates to address potential vulnerabilities.

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. We encourage you to use strong, unique passwords and to notify us immediately if you suspect any unauthorized access to your account.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active. Upon account deletion (soft delete), data is retained for 30 days before permanent deletion, except where legal retention requirements apply.
  • Session Data: Session tokens and metadata are retained until session expiration (6-12 hours) or until manually revoked.
  • User Content: Posts and comments may be retained even after account deletion if they are part of public discussions, unless you request deletion and we determine it does not affect the integrity of community discussions.
  • Activity Logs: Security-related logs (login attempts, suspicious activity) are retained for up to 1 year for security monitoring purposes.
  • Analytics Data: Hashed IP addresses and usage analytics are retained for up to 2 years for service improvement purposes.

8. Your Rights (GDPR & Personal Information Protection Act)

Under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Personal Information Protection Act of the Republic of Korea, you have the right to:

  • Right to Access: Request copies of your personal data that we hold.
  • Right to Rectification: Request correction of any inaccurate or incomplete information.
  • Right to Erasure: Request deletion of your personal data ("Right to be Forgotten"). You can delete your account through your profile settings, which will initiate the deletion process.
  • Right to Restriction: Request that we restrict the processing of your data in certain circumstances.
  • Right to Object: Object to our processing of your personal data for certain purposes, such as direct marketing.
  • Right to Data Portability: Request that we provide your data in a structured, commonly used format for transfer to another service.
  • Right to Withdraw Consent: Withdraw your consent for data processing at any time, where processing is based on consent.

To exercise these rights, please contact us using the information provided in Section 10. We will respond to your request within 30 days (or as required by applicable law). Please note that we may need to verify your identity before processing your request.

9. Children's Privacy

Our Service is not intended for individuals under the age of 13 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on this page with an updated "Last Updated" date
  • Sending an email notification to registered users for significant changes
  • Displaying a notice on our website for a reasonable period

We encourage you to review this policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

support@koccult.com

For users in the Republic of Korea, you may also file a complaint with the Personal Information Protection Commission (PIPC) if you believe your privacy rights have been violated.