Privacy Policy

Cutplay (the "Operator") processes personal information within the following scope to provide the Cutplay service.

• Member registration, authentication, and account management
• Providing the Service, including AI background removal, and managing usage records
• Granting and deducting points (usage units) and managing history
• Issuing and authenticating API keys and managing API usage
• Responding to customer inquiries and delivering notices
• Preventing abuse and maintaining security
• Improving service quality and responding to incidents

The Operator may process the following personal information.

• Member information: email, name, and profile photo provided through a Google account
• Service usage information: point balances and history, API key identifiers (prefix and hash), API and web job logs
• Technical information: IP address, browser and device information, cookies and session identifiers (including CSRF tokens)
• User-uploaded files: images temporarily transmitted for background removal (browser and API uploads)

The Operator deletes personal information without delay after the processing purpose is achieved. However, the following information may be retained under applicable law or operational policy.

• Member information: until account deletion. After deletion, it may be stored separately for up to one year for abuse prevention and dispute resolution, then deleted.
• Point history: may be retained for one year after account deletion for service operation and dispute resolution.
• Service logs: retained for up to one year for security and incident analysis, then deleted.
• Sign-up bonus points: valid for 30 days from the grant date (including unused amounts)
• Temporary inference session images: deleted when the session ends or is cleaned up (browser close or session cleanup API call)

In principle, the Operator does not provide users' personal information to third parties.

Exceptions may apply in the following cases.

• When the user has given prior consent
• When required by law or requested for investigation under procedures and methods prescribed by law

The Operator may outsource part of personal information processing when necessary for smooth service delivery and will enter contracts and supervise processors as required by law.

Google LLC authentication is currently used for Google OAuth sign-in. Google's Privacy Policy may also apply when signing in with Google.

Server operations may be outsourced to hosting and infrastructure providers. If outsourced parties or tasks change, notice will be given through this policy.

When using Google OAuth, user information may be transferred and processed abroad (e.g., Google LLC in the United States).

When cross-border transfer occurs, the Operator complies with procedures required by applicable law.

Users may request access, correction, deletion, or suspension of processing of their personal information at any time.

Information available on My page can be viewed there. Other requests may be sent by email to the privacy officer below.

If you request account deletion, Google linking will be removed and the account will be deactivated. Information that must be retained by law may be stored separately and then deleted.

Personal information is destroyed without delay after the retention period expires or the processing purpose is achieved.

Electronic files are deleted in an unrecoverable manner, and printed materials are shredded or incinerated.

The Operator takes the following measures to protect personal information.

• Hashing storage of sensitive information such as API keys
• Access control and authentication and session security (including CSRF protection)
• Encryption in transit (HTTPS)
• Security updates and access log management

The Service may use cookies and session storage for essential functions such as maintaining sign-in and CSRF protection.

Users may refuse cookies through browser settings, but some features such as sign-in may be limited.

The Service is not directed to children under 14, and registration by children under 14 is not permitted.

If the Operator learns that personal information from a child under 14 was collected, necessary measures including deletion will be taken without delay.

Cutplay is a free service operated by an individual without business registration or e-commerce reporting. We do not offer paid checkout, paid point purchases, or paid products or services. Points represent usage limits and promotions (such as sign-up bonuses) only; they have no cash value and are not refundable or transferable.

Privacy officer: 개인정보보호책임자

Email: vision11231@gmail.com

Users may contact the privacy officer above for inquiries, complaints, or remedies related to personal information during use of the Service.

For counseling and reporting on personal information violations, you may also contact the following organizations.

• Personal Information Dispute Mediation Committee: 1833-6972 (Korea) · www.kopico.go.kr
• Personal Information Infringement Report Center: 118 (Korea) · privacy.kisa.or.kr
• Supreme Prosecutors' Office Cyber Investigation Division: 1301 (Korea) · www.spo.go.kr
• Korean National Police Agency Cyber Bureau: 182 (Korea) · ecrm.cyber.go.kr

If this policy changes, the changes and effective date will be announced within the Service.

This policy applies from 2026-06-18.