Highway Heroes Inc.
Privacy Policy
1. General Provisions
Highway Heroes Inc. (hereinafter referred to as the “Company”) values the User’s personal information and complies with the Personal Information Protection Act and other relevant laws and regulations of the Republic of Korea. This Privacy Policy informs Users about the purpose of processing personal information, the items collected, retention periods, third-party provision, delegation of processing, overseas transfer, and the rights of Users and methods to exercise them.
2. Items of Personal Information Collected and Methods of Collection
2.1 Items of Personal Information Collected
The Company collects the minimum amount of personal information necessary to provide the Services.
① Automatically Collected Information (Generated/collected during service use):
- Advertising Identifiers: ADID (Android), IDFA (iOS), etc.
- Device Information: OS version, device model, language/country settings, app version, network information, IP address (may be collected by certain SDKs/servers).
- Service Usage Records: Access logs, gameplay logs, error/crash logs, records of misconduct, payment/refund records, logs related to advertisement exposure/clicks/conversions (for measurement, fraud prevention, and frequency capping).
② Information Provided by the User (When necessary):
- Customer Support Inquiries: Email address, inquiry details, and attachments (if voluntarily provided by the User).
- Events/Promotions: Collected after separate notice if needed for winner verification or prize delivery.
③ External Platform (Social) Linking (If selected by the User):
- Public profile information (name/nickname, email, profile image, etc.) provided by Google, Apple, Facebook, Twitter, Line, etc.
- ※ The Company only processes information within the scope permitted by the external platform.
2.2 Methods of Collection
- Automatic collection during application execution and service use.
- Voluntary provision by the User (Inquiries, event participation, etc.).
- Provision from partners/platform operators (SDK providers, store payment processors, etc.) within the scope necessary for measurement or payment verification.
3. Purpose of Collection and Use of Personal Information
The Company uses the collected personal information for the following purposes:
- Service Provision and Operation: Account identification, gameplay data storage/synchronization, delivery of notices, customer support, and prevention of security breaches/misconduct.
- Payment and Refund Processing: Verification of purchase history, processing of withdrawal of subscription/refunds, and dispute resolution.
- Service Quality Improvement and AI-based Optimization: Analysis of gameplay logs and statistics for balancing, difficulty adjustment, error diagnosis, and improvement.
- Marketing and Advertising (Based on selection/settings): Campaign performance measurement, ad delivery/frequency control, retargeting, and efficiency analysis of personalized advertisements.
4. Retention and Usage Period of Personal Information
In principle, the Company destroys personal information without delay once the purpose of collection is achieved or when the Member withdraws from the service. However, if retention is required by relevant laws, the information will be stored for the periods specified below:
- Records on contracts or withdrawal of subscription: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.)
- Records on payment and supply of goods: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.)
- Records on consumer complaints or dispute resolution: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.)
- Records on service use (Login logs): 3 months (Protection of Communications Secrets Act)
- Records on labels/advertisements: 6 months (Act on the Consumer Protection in Electronic Commerce, etc.)
- Records of misconduct/unauthorized use: 1 year (Company’s internal policy)
5. Provision of Personal Information to Third Parties
The Company does not provide the User’s personal information to third parties without the User’s prior consent, except as required by law or requested by legal procedures.
6. Delegation of Personal Information Processing and Overseas Transfer
The Company may delegate the processing of personal information or transfer certain information to overseas entities to provide seamless services.
6.1 Delegation of Processing (Domestic and Overseas)
- Payment Processing: Store operators such as Google Play and Apple In-App Purchase.
- Analysis/Measurement/Advertising/Attribution/Mediation: Firebase, Google Analytics, Airbridge, AppsFlyer, Google AdMob, Unity Ads, ironSource, Meta (Audience Network, etc.), Mintegral, Pangle, etc.
- Data Storage/Infrastructure (Company Server): The Company may use cloud infrastructure (e.g., AWS or Google Cloud) for service operations. The specific region/country may vary depending on the operational environment (Unspecified/To be determined). Detailed information can be provided through the Customer Center once finalized.
6.2 Information on Overseas Transfer of Personal Information (Main SDKs/Partners)
Transfers occur frequently via the network at the time of service use.
| Recipient (Service) |
Items Transferred |
Purpose of Transfer |
Location (Country/Server) |
Retention Period |
Method of Refusal |
| Google (Firebase/GA/AdMob) |
Ad identifiers, device info, logs, payment/ad performance data |
Analysis, measurement, error diagnosis, ad delivery |
Worldwide servers (e.g., USA) |
Per service policy |
Restrict ad settings on device |
| Airbridge (AB180) |
Ad identifiers, device info, conversion/event logs |
Attribution, performance measurement, deep linking |
Japan (AWS Tokyo) |
Until purpose achieved |
Refuse tracking in-app |
| AppsFlyer |
Ad identifiers, device info, conversion/event logs |
Attribution, performance measurement |
EU / Germany (AWS/GCP) |
Until purpose achieved |
Restrict ad settings on device |
| Unity Ads |
Ad identifiers, IP, device info, ad logs |
Ad delivery and measurement |
Worldwide servers (e.g., USA) |
Per service policy |
Adjust app/device ad settings |
| ironSource |
Ad identifiers, device info, ad/mediation logs |
Mediation and ad delivery |
USA (AWS) |
Per service policy |
Restrict ad settings on device |
| Meta (Facebook, etc.) |
Ad identifiers, device info, ad performance data |
Ad delivery and measurement |
Worldwide servers (e.g., USA) |
Per service policy |
Adjust app/device ad settings |
| Mintegral |
Ad identifiers, device info, ad performance data |
Ad delivery and measurement |
Multiple countries (Global) |
Per service policy |
Restrict ad settings on device |
| Pangle (Bytedance) |
Ad identifiers, device info, ad performance data |
Ad delivery and measurement |
USA and Singapore |
Per service policy |
Restrict ad settings on device |
7. Rights of Users and Legal Representatives
- Users may request to access, correct, delete, suspend processing, or withdraw consent for their personal information at any time through the Customer Center.
- For Users under the age of 14, their legal representative has the right to exercise these rights on behalf of the child.
- If a User requests the correction of an error in their personal information, the Company will not use or provide such information until the correction is completed.
8. Collection/Use of Behavioral Information (Personalized Ads) and Method of Refusal
The Company may collect Advertising Identifiers (ADID/IDFA) to provide personalized advertisements. Users can restrict this as follows:
- Android: Settings → Google → Ads → Reset/Delete Advertising ID or Opt-out of Ads Personalization.
- iOS: Settings → Privacy & Security → Tracking → Toggle off “Allow Apps to Request to Track.”
9. Procedure and Method for Destruction of Personal Information
- Destruction Procedure: Once the purpose is achieved, the information is stored in a separate database (if necessary) for a certain period according to laws before being destroyed.
- Destruction Method: Electronic files are deleted using technical methods that prevent recovery. Physical records (printouts, etc.) are shredded or incinerated.
10. Technical and Administrative Protection Measures
The Company implements reasonable measures for personal information protection, including access control, data encryption, operation of security programs, minimization of authorized personnel, and regular security training.
11. Chief Privacy Officer
• Name: Kyungmok Kwak (Ian)
• Title: CEO
• Email: ian@highwayheroes.co.kr
• Website: highwayheroes.co.kr
12. Remediation for Rights Infringement
- Personal Information Infringement Report Center: privacy.kisa.or.kr / Dial 118
- Personal Information Dispute Mediation Committee: kopico.go.kr / 1833-6972
13. Duty to Notify
If there are any additions, deletions, or modifications to this Privacy Policy, the Company will notify Users through in-game notices or the official website at least 7 days prior (30 days for significant changes) to the effective date.
Public Notice Date: January 23, 2026
Effective Date: January 30, 2026
Posting Location: Official website (highwayheroes.co.kr) and in-game settings.