Privacy Policy
Final Update: September 17, 2025
1. Overview
Spoon Finance prioritizes user privacy protection and security above all else. This Privacy Policy (the "Privacy Policy") describes how we collect, use, store, and provide personal information when using our Platform and Services.
By agreeing to the Spoon Finance Terms of Service, you are deemed to agree to this Privacy Policy. Terms not separately defined in this Privacy Policy shall have the same meaning as in the Terms of Service.
We process personal information in accordance with applicable laws and regulations, particularly the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection. By using or accessing Spoon Finance Services, you agree to this Privacy Policy. If you do not agree to this Privacy Policy, please discontinue use of the Services.
2. Collection and Purpose of Use of Personal Information
2.1 Categories of Personal Information Collected
Spoon Finance may collect the following personal information to safely provide our core values.
a. Required Information
Basic Personal Information: Name, date of birth, nationality, country of residence, phone number, email address
Identity Verification Information: Government-issued identification (resident registration card, passport, driver's license, etc.), utility bills (address verification), business registration certificate (for corporate customers)
Financial Service Provision Information: Account numbers, financial institution names, transaction history, deposit/withdrawal information
Service Usage Information: Login ID, password, service usage records, access IP address, browser type
b. Blockchain-Related Information
Wallet Information: Wallet addresses, encrypted information related to private keys
Transaction Information: Staking transaction history, token holdings, profit distribution records
Public Blockchain Data: On-chain transaction records, smart contract interaction history
c. Additional Service Information
Risk Assessment Information: Investment propensity, survey responses for risk measurement
Customer Support Information: Inquiry history, consultation records, complaint handling-related information
2.2 Methods of Personal Information Collection
a. Direct Collection: Information directly entered by users during membership registration, KYC authentication, and service application
b. Automatic Generation: Log data automatically generated or collected during service usage
c. Third-Party Provision: Information provided by financial institutions, identity verification agencies, etc.
d. Blockchain Networks: Transaction information collectible from public blockchain networks
2.3 Purposes of Personal Information Use
Spoon Finance uses collected personal information for the following purposes:
a. Core Service Provision
Crypto Asset Staking Service: Provision of secure staking products
Member Management: Confirmation of membership intent, member identification and authentication, maintenance and management of member qualifications
Establishment and Maintenance of Trading Relationships: Service usage contract conclusion, contract content changes, trading relationship termination processing
Profit Distribution: Staking reward calculation, profit distribution and payment processing
b. Risk Management and Security
Identity Verification and Authentication: Performance of KYC (Know Your Customer) procedures, identity authentication processing
Fraud Prevention: Detection of abnormal trading patterns, fulfillment of Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) obligations
System Security: Prevention of service misuse, blocking of account hijacking and hacking attempts
Price Volatility Risk Management: Data analysis for establishing and executing hedging strategies
c. Customer Support and Service Quality Improvement
Customer Consultation: User inquiry processing, complaint resolution, technical support provision
Service Improvement: Service quality enhancement through usage pattern analysis, new product development
Customized Services: Product recommendations suited to user investment propensity, personalized portfolio management
d. Legal Obligation Fulfillment
Regulatory Compliance: Financial authority reporting, regulatory agency cooperation, compliance with relevant laws and regulations
Record Keeping: Transaction record maintenance, accounting audit response, tax filing-related operations
Dispute Resolution: Trading dispute investigation and resolution, legal procedure response
e. Marketing and Communication (Optional Consent)
Service Information: New product launch notifications, service update announcements
Event Information: Promotion and event participation opportunities
Educational Content: DeFi-related educational materials, investment guide provision
2.4 Legal Basis for Personal Information Processing
a. Contract Performance: When necessary for the performance of staking service provision contracts
b. Legal Obligations: Compliance with relevant laws and regulations such as the Financial Real Name Act and the Act on Reporting and Using Specified Financial Transaction Information
c. Legitimate Interests: Service security, fraud prevention, risk management for principal protection
d. Express Consent: When separate consent is required for marketing information provision, additional service usage, etc.
Our company minimizes personal information processing so that even DeFi beginners can use our services with confidence, and collected information is only used within the scope of the stated purposes. Spoon Finance collects and processes only the minimum information necessary to realize our core values.
3. Legal Basis for Personal Information Processing
We process personal information based on the following legal grounds:
a. Contract Performance: When necessary for service provision and fulfillment of contractual obligations
b. Legal Obligations: When necessary for compliance with relevant laws and regulations
c. Legitimate Interests: When necessary for service security, fraud prevention, and service improvement
d. Consent: When explicit consent is required for marketing information provision, etc.
4. Third-Party Provision of Personal Information
We may provide personal information to third parties only in the following cases:
a. Service Providers: Blockchain analysis services, identity verification services, cloud service providers
b. Legal Obligations: Requests from investigative agencies, courts, and regulatory agencies under law
c. Business Transfer: Personal information may be transferred together during business transfers such as mergers, acquisitions, bankruptcy, etc.
d. Security and Safety: When necessary for service security and user safety
e. Professional Consultation: When necessary for audit, legal, accounting, and other professional consultation
5. Retention and Destruction of Personal Information
5.1 Retention Period
a. Account-Related Data: During account maintenance period
b. Legal Obligations: Period prescribed by relevant laws and regulations (e.g., 5 years under E-Commerce Act)
c. Dispute Resolution: Period necessary for dispute resolution or contract performance
5.2 Destruction Method
Personal information whose retention period has expired or whose processing purpose has been achieved shall be destroyed without delay. However, transaction records on the blockchain cannot be deleted due to the immutable nature of blockchain.
6. Technical and Administrative Measures for Personal Information Protection
We take the following measures to protect personal information:
a. Technical Measures
Personal information encryption (transmission and storage)
Regular security audits and vulnerability assessments
Access authority management
Utilization of secure storage solutions
b. Administrative Measures
Minimization and education of personal information processing staff
Management of personal information processing system access records
Establishment and implementation of personal information protection-related regulations
7. User Rights and Exercise Methods
Users have the following rights:
a. Right to Access: Request for access to personal information processing status
b. Right to Correction/Deletion: Request for correction or deletion of personal information
c. Right to Suspend Processing: Request to suspend personal information processing
d. Right to Claim Damages: Claim for damages due to personal information infringement
To exercise these rights, please contact the Personal Information Protection Officer.
8. Cookies and Automatic Collection Devices
8.1 Purpose of Cookie Use
We use cookies for the following purposes:
Service usage statistics analysis
Provision of personalized services
Authentication and security
8.2 Types of Cookies
a. Essential Cookies: Cookies essential for service provision
b. Functional Cookies: Convenience functions such as remembering user settings
c. Analytics Cookies: Service usage pattern analysis
d. Marketing Cookies: Customized advertising provision (only with consent)
8.3 Cookie Management
Cookies can be managed through browser settings, and some service usage may be restricted when cookies are rejected.
9. International Data Transfer
Personal information may be transferred overseas for service provision, and in such cases, appropriate protective measures are taken in accordance with relevant laws and regulations.
10. Protection of Personal Information of Children Under 14
Our services are not directed at children under 14 years of age, and we do not intentionally collect personal information from children under 14.
11. Changes to the Privacy Policy
When this Privacy Policy is changed, we will post the changes on our website or notify through other appropriate methods. For significant changes, separate individual notice may be provided.
12. Personal Information Protection Officer
Contact: [email protected]
Please contact us at any time if you have any inquiries regarding personal information processing.
This Privacy Policy is effective as of September 17, 2025.
Last updated