Privacy Statement

We use a limited set of processors to operate the site and programs, such as email delivery, analytics where permitted, and hosting providers. Processors are contractually required to use data only on our instructions and to assist with security and deletion requests. We do not sell personal information. If we add a new processor that materially changes risk, we will update this Privacy Statement and, where required, provide a notice or consent mechanism. You may contact us for a current list of categories of processors and the purposes for which they assist us.

We use personal data to respond to inquiries, administer programs, provide mentorship, improve curricula, and keep the site secure. Analytics data may help us understand navigation patterns in aggregate form. We do not use automated decision-making that produces legal effects about you. Marketing communications are sent only with consent where required. Telephone numbers collected through forms are used to coordinate scheduling, not for unrelated telemarketing. If you participate in live sessions, recordings may occur only where disclosed in advance and limited to educational replay windows described in program materials.

We retain contact form submissions long enough to respond and to maintain a record of communications, typically up to twenty-four months unless a longer period is needed for legal claims. Enrollment records, billing artifacts, and attendance notes are retained for periods consistent with Korean commercial and tax recordkeeping practice. Lab artifacts created by students in shared environments are deleted according to program schedules communicated at enrollment. Backup systems may retain deleted data for a limited technical window before overwriting. You may request deletion where applicable law grants a right to erasure, subject to exceptions such as unresolved disputes.

This Privacy Statement applies to personal data collected through boxvaultzone.one and related program portals we control. It does not apply to third-party sites linked from our pages; those sites have their own policies. If you apply for employment with us, separate notices may apply to recruiting data. If we process data as a processor on behalf of an organization, that organization’s agreement controls to the extent of any conflict, and you should contact them for requests.

We may collect identifiers such as name, email address, phone number, company name, and country. We collect program preferences, education history you choose to share, and technical data such as IP address, device type, and browser version when you use the site. Payment details are handled by payment partners where applicable; we do not store full payment card numbers on our servers. In live workshops, you may share screen or audio; do not share sensitive personal data unrelated to the exercise. Cookies and similar technologies are described in our Cookie Notice.

Depending on your location, you may have rights to access, correct, delete, or export personal data, and to object to certain processing. In Korea, you may request confirmation of processing, access, correction, deletion, and suspension of processing where applicable under the Personal Information Protection Act. We will verify requests to prevent fraud and may deny requests where the law permits, for example when retention is necessary to establish legal claims. You may lodge a complaint with the Personal Information Protection Commission or other competent authority. We will not retaliate for exercising privacy rights.

For privacy questions or requests, email hello@boxvaultzone.one with “Privacy” in the subject line. Please describe your request with enough detail for us to locate relevant records. We may ask for additional information to confirm identity. If you are dissatisfied with our response, you may contact your local supervisory authority where applicable. Our postal address for formal correspondence is listed on the Contact page.

We implement administrative, technical, and organizational measures appropriate to the risk, including access controls, encryption in transit for modern browsers, and vendor reviews. No method of transmission is completely secure; we encourage strong passwords and device updates. If we become aware of a breach that affects your personal data, we will notify you and regulators as required by law. Employees receive training on data handling and escalation paths for suspected incidents.

We may update this Privacy Statement to reflect new practices or legal requirements. Material changes will be highlighted by updating the last updated date and, where appropriate, by a site notice or email to enrolled participants. Continued use of the site after changes constitutes acknowledgment unless applicable law requires explicit consent for a new processing activity.