Republic of Korea
Privacy Policy Addendum — Effective May 8, 2026
This Privacy Policy Addendum for users in Korea (the “Addendum”) provides additional disclosures required by the Personal Information Protection Act (PIPA). This Addendum should be read in conjunction with our Privacy Policy, which describes Thrivania's practices regarding the collection and use of personal data of members residing in Korea. In the event of any conflict between the Privacy Policy and this Addendum, the provisions of this Addendum shall prevail.
1. How We Store Personal Data
To provide our services to you, we store your personal data outside Korea on our overseas servers located in the United States.
| Country | United States |
| Purpose of Use | Please refer to Section 2 of the Privacy Policy |
| Transfer Method | Transferred on submission for storage and processing |
| Data Transferred | Please refer to Section 1 of the Privacy Policy |
| Retention Period | Please refer to the Data Retention section of the Privacy Policy |
2. Delegation of Personal Information Processing
Certain third-party service providers may perform functions on behalf of Thrivania and may have access to your personal data as needed to perform those functions, as described below:
| Service Provider | Function |
|---|---|
| Google Cloud Platform | Cloud infrastructure and hosting |
| Microsoft Azure OpenAI | AI-powered features (matching, profile generation) |
| MongoDB Atlas | Database services and data storage |
| Sentry | Error monitoring and performance tracking |
3. Overseas Transfer of Personal Data
Certain third-party service providers located outside Korea may perform functions on behalf of Thrivania and may have access to your personal data as needed:
| Recipient | Purpose | Country | Transfer Method |
|---|---|---|---|
| Google Cloud Platform | Hosting, storage, CDN | United States | Continuous via API |
| Microsoft Azure | AI services | United States | Continuous via API |
| MongoDB Atlas | Database services | United States | Continuous via API |
| Authentication Providers | OAuth sign-in | United States | On authentication |
4. Procedures and Methods of Destruction of Personal Data
As described in our Privacy Policy, we will destroy your personal data when it is no longer needed and there is no longer any legal or business need to maintain the data. When we destroy your data, we will take commercially reasonable and technically feasible measures to make the personal data irrecoverable or irreproducible. Electronic files are permanently deleted using secure deletion methods, and physical documents (if any) are shredded.
5. Department in Charge of Protecting Personal Data
For questions or complaints regarding the handling of your personal data:
You may also contact the Personal Information Protection Commission (PIPC) at pipc.go.kr if you believe your rights under PIPA have been violated.