個人資料處理政策
Privacy Policy
Last Updated: 03/12/2026 (UTC-7)
This privacy policy ("Policy") describes how COLOSO as Day1 Company Inc.’s CIC ("COLOSO ", "we", "us" or "our") collects, uses, shares and protects the personally identifiable information ("Personal Information") you ("User", "you" or "your") may provide on the COLOSO website and any of its products or services (collectively, "Website" or "Services").
It also describes the choices available to you regarding our use of your Personal Information and how you can access, update and restrict this information. This Policy does not apply to the practices of companies that we do not own or control or to individuals that we do not employ or manage.
This Privacy Policy applies to all users, including both users who are simply viewing the content available via the Services and users who have registered as members of COLOSO. By using any part of our Websites or our Services, you acknowledge that you have read this Policy and agree to this entire Privacy Policy and any other agreement that governs your use of the Websites and Services.
If you are a resident of California, this Policy incorporates and is intended to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"); if you reside in the European Economic Area ("EEA") or the United Kingdom, this Policy incorporates the requirements of the UK and EU General Data Protection Regulation ("GDPR"). For users outside of California and the EEA/UK, we apply a unified global privacy standard consistent with applicable local laws.
1. Definitions
Undefined terms in this Privacy Policy have the same definition as in our Terms of Use (“Terms”).
2. Personal Data We Collect
We collect personal data directly from you, automatically through your interactions with our Services, and from third-party partners. Personal data means any information relating to an identified or identifiable individual. The categories of personal data we collect include the following
2.1 Data You Provide Directly
The personal data you provide to us may vary depending on how you use our Services. Typical categories include the following:
2.2 Data Collected Automatically
Certain data is collected automatically when you interact with our Services. This includes:
2.3 Data from Third-Party Sources
We may receive additional information about you from third parties, such as social networks or service providers. This may include:
3. How Do We Use Your Personal Data
We use the personal data we collect for the following business and commercial purposes:
Note that we may be allowed to process information until you object to such processing (by opting out) under some legislations, without having to rely on consent or any other of the following legal bases below. In any case, we will be happy to clarify the specific legal basis that applies to the processing, particularly whether the provision of Personal Information is a statutory or contractual requirement or a requirement necessary to enter into a contract.
4. How We Share Personal Data
We may share your personal data with third parties in the following circumstances, subject to your consent where required by applicable law:
Sharing With Your Consent or at Your Direction: We share data when you instruct us to do so, such as when you participate in interactive features or integrate third‑party applications.
Where you provide consent, we share your information as described at the time of consent, such as when authorizing a third-party application or website to access your COLOSO account or participating in promotional activities by COLOSO partners or third parties.
a) when the user agrees to receive the information and updates of products and services of certain companies by sharing his or her personal information.
b) when the user selects to allow his or her personal information to be shared with the sites or platform of other companies such as social networking sites.
c) other cases where the user gives prior consent for sharing his or her personal information.
Service Providers (Processors): We engage third-party service providers (e.g., payment processors, IT infrastructure, analytics and marketing providers) to help operate, provide and improve the Services. These providers may access personal data only as needed to perform their functions and are contractually obligated to protect it.
* We are committed to protecting your personal information. All data processing by third-party service providers is conducted under strict contractual obligations, and in full compliance with applicable data protection laws in each relevant jurisdiction.
Corporate Affiliates: We share personal data within our corporate family to provide integrated services, ensure corporate governance and for legitimate business purposes.
Data Analytics and Enrichment Services: We may share certain contact information, Account Data, System Data, Usage Data (as detailed in Section 2), or de-identified data as needed. “De-identified data” means data where we’ve removed things like your name and email address and replaced it with a token ID. This allows these providers to provide analytics services or match your data with publicly-available database information (including contact and social information from other sources). We do this to communicate with you in a more effective and customized manner.
Administer Promotions and Services: We may share your data as necessary to administer, market, or sponsor promotions and surveys you choose to participate in, as required by applicable law (e.g. providing a winners list or making required filings), or in accordance with the rules of the promotion or survey.
Advertising: We may display online advertisements, and we may share aggregated and non-identifying information about our customers that we collect through the registration process or online surveys and promotions with certain advertisers to deliver and measure targeted advertising, subject to your cookie preferences. To opt out of our use of third-party cookies that share data with these partners, visit our cookie management tool, available in Cookies Settings.
Legal Compliance: We may disclose your information to courts, law enforcement, governmental or public authorities, tax authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or where disclosure is reasonably necessary:
a) to comply with our legal obligations.
b) to comply with a valid legal request or to respond to claims asserted against COLOSO.
c) to respond to a valid legal request relating to a criminal investigation to address alleged or suspected illegal activity, or to respond to or address any other activity that may expose us, you, or any other of our users to legal or regulatory liability.
d) to enforce and administer our Terms.
e) to protect the rights, property or personal safety of COLOSO, its employees, its Users, or members of the public.
Where appropriate, we may notify Users about legal requests unless: providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law.
We believe that providing notice would be futile, ineffective, or create or increase a risk of fraud upon or harm to COLOSO, our Users, or expose COLOSO to a claim of obstruction of justice.
Business Transfers: Suppose COLOSO undertakes or is involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event. In that case, we may sell, transfer or share some or all of our assets, including your information in connection with such transaction or contemplation of such transaction. In this event, we will notify you before your personal information is transferred and becomes subject to a different privacy policy.
After Aggregation or De-identification: We may disclose or use aggregated or de-identified data for any purpose.
5. Other Important Information
5.1 Third-Party Partners & Integrations
Parts of COLOSO may link to third-party services, not owned or controlled by COLOSO, Use of these services is subject to the privacy policies of those providers, COLOSO does not own or control these third parties and when you interact with them you are providing your information to them. We encourage you to be aware when you leave our Website and to read the privacy statement of each and every website that may collect Personal Information.
5.2 Do Not Track signals
Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform. As a result, this Website is not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this Policy, we limit our use and collection of your personal information.
6. Your Rights
You have certain rights around using your data, including managing, restricting, and deleting the information you previously provided. You can update or terminate your account from within our Services, choose the information you provide, and can also contact us for individual rights requests about your data. Parents who believe we’ve unintentionally collected personal data about their underage child should contact us for help deleting that information.
6.1 Decisions around the User of Your Data
You can choose not to provide certain data to us, but you may not be able to use relevant features of the Services. You can also make temporary suspension of treatment of your data. If you have any questions about your data, our use of it, or your right, contact us at privacy@coloso.global.
6.2 Managing Your Information
You can access, correct, delete and update some of your personal information through your Account settings. If you connected your COLOSO Account to a third-party service, like Facebook or Google, you can change your settings and unlink from that service in your Account Settings. You are responsible for keeping your personal information up to date.
6.3 Data Erasure
In certain jurisdictions, you can request that your personal information be deleted. To request to delete your personal information, please contact our customer support by emailing privacy@coloso.global. Please allow up to 30 days for a response. For your protection, we require that the request be sent through the email address associated with your account, and we may need to verify your identity before processing your request. Please note that even after you request the erasure of your personal information:
We may retain your data for legitimate purposes and/or in accordance with applicable law, including assisting with legal obligations, resolving disputes, and enforcing our agreements.
We may retain and disclose such data pursuant to this Privacy Policy after your account has been terminated.
6.4 Privacy of children
The Services are not intended for or directed to children under the following ages:
- United States: Under 13 years of age.
- European Economic Area (EEA) and the United Kingdom: Under 16 years of age.
- Other Jurisdictions: The minimum age required by applicable local laws in your country of residence.
If we become aware that we have inadvertently collected personal data from a child under the age of 13 (US), 16 (EEA/UK), or the relevant legal age in other regions without the necessary parental consent, we will take immediate and reasonable steps to delete such information and terminate the associated account.
If you are a parent or legal guardian and discover that your child has provided personal data to us without your consent, please contact us immediately at privacy@coloso.global. Upon verification of your identity and the relationship, we will take reasonable steps to permanently delete the account and any associated personal data from our systems.
7. Security
While no organization can guarantee perfect security, we continuously implement and update administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. However, it is always recommended to protect your password and contact us if you suspect any unauthorized access to your account.
7.1 Information Security
We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts.
7.2 Data breach
In the event we become aware that the security of the Website has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website, and send you an email.
8. Data Retention
We retain personal data for as long as required to engage in the uses described in this Policy, unless a longer retention period is required by applicable law. We determine retention periods based on:
- The length of time we have an ongoing relationship with you and provide Coloso products and services to you (for example, for as long as you have an account with us or keep using our products);
- Whether account owners modify or their users delete information through their accounts;
- Whether we have a legal obligation to keep the data (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to the enforcement of our agreements, the resolution of disputes, and applicable statutes of limitations, litigation, or regulatory investigation).
9. European Data Protection Specific Information
If you are located in the EEA, Switzerland or the United Kingdom, you have the following rights with respect to personal data we control:
- Right of Access and Portability: Obtain a copy of your personal data and, in some cases, request that we transfer it to another service provider.
- Right to Erasure: Request deletion of personal data when it is no longer necessary or if you withdraw consent.
- Right to Object: Object to our processing of your personal data for direct marketing or based on our legitimate interests.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Restrict Processing: Request that we limit processing if you contest the accuracy of the data or its lawful use.
- Right to Withdraw Consent: Withdraw any consent you have given us at any time without affecting the lawfulness of processing before withdrawal.
To exercise these rights, please email privacy@coloso.global. You also have the right to lodge a complaint with your local data protection authority.
9.1 Lawful processing of personal information under GDPR
Legal Bases for Processing: We process personal data under the following legal bases, depending on the context. The table below maps our key processing activities to their legal basis.
10. US State Privacy Policy Addendum
Effective Date: March 12, 2025
10.1 California - Notice at Collection
Under the California Consumer Privacy Act (as amended by the California Privacy Rights Act) and similar state laws, we provide the following notice regarding the categories of personal data we collect, the sources, business or commercial purposes, categories of third parties to whom we disclose personal data, and retention periods. We do not sell your personal data in the traditional sense, but we may share certain data for targeted advertising as described below.
Categories of Personal Information We Collect: We may collect Personal Information as set out in Section 2 of the Coloso Privacy Policy. Using California-specific terms, we have collected the following categories of Personal Information:
- Account credentials, including username, password, and other information for authentication or account access.
- Contact identifiers, including name, email address, and phone number.
- Characteristics or demographics, including age(date of birth), gender, and country.
- Commercial or transaction information, including records of products or services purchased or obtained.
- Device identifiers, including device IP address, device ID or other identifiers that identify a computer or mobile device.
- Device information, including device operating software and browser (e.g., type, version, and configuration), internet service provider, and regional and language settings.
- Internet activity, including information about browsing history and interactions, such as the features used, pages visited, content viewed, purchases made or considered, the time of day browsed, and referring and exiting pages.
- Non-precise location data, such as location derived from an IP address or data that indicates a city or postal code level.
- Payment information, including full name, credit card (last four digits only), and card expiration date.
- Content, including content within any messages sent to us (such as feedback, questions, or survey responses).
Categories of Sources: we collect personal information from you, automatically via our Services and from third‑party sources as described in Section 2.
Purposes for Collecting and Using Personal Information: we use your personal information for the business and commercial purposes described in Section 3 of this Policy.
Retention: we retain personal information, including sensitive personal information, only as long as necessary to provide our products, comply with legal obligations and protect our or others’ interests, in line with the criteria described in Section 8.
Categories of Personal Information Disclosed and types of Recipients: we disclose personal information for the business and commercial purposes described in Section 4 of this Policy.
Shine the Light: California residents may request a list of categories of personal information disclosed to third parties for their direct marketing purposes in the preceding calendar year. To make such a request, please email us at the address in the Contact Us section and specify that you are making a "California Shine the Light Request."
10.2 Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia
Residents of these states may have additional rights, including the right to:
- To confirm whether or not we are processing your personal data
- To access your personal data
- To correct inaccuracies in your personal data
- To delete your personal data
- To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format
- To obtain a list of third parties to which we have disclosed your personal data.
To exercise any of these rights, submit a request through our email: privacy@coloso.global. Please allow up to 30 days for a response. To verify your identity, we may require you to confirm receipt of an email sent to an email address that matches our records, provide us with details relating to your history with us, or provide additional information. If we are unable to verify your identity, we may deny your request.
Sales and Targeted Advertising: we may disclose personal data (e.g., identifiers and usage information) to advertising partners to provide you with personalised ads on third‑party platforms, which may constitute a “sale” or processing of your personal data for targeted advertising. You can opt out by using the cookie preferences tool on our website and selecting "Disagree." Opt‑out settings apply only to the browser and device from which you make the choice.
Appeal: You may have the right to appeal our decision if we deny your request. To appeal, please contact us at the email address set out in the Contact Us section above and specify what you wish to appeal. We will review and respond to your appeal in accordance with applicable law.
11. International Data Transfers
We operate globally, which means your personal data may be transferred to, stored and processed in countries other than your own. These countries may have data protection laws that differ from those in your jurisdiction. We implement appropriate safeguards, such as standard contractual clauses and other legal mechanisms, to protect personal data transferred internationally and ensure it remains subject to the protections described in this Policy.
12. Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time in accordance with applicable law. We will post the revised Privacy Policy and update the “Last Updated” date if we do so. In case of material changes, we will post a notification on the main page of our Website. We will also notify you in other ways at our discretion, such as through the contact information you have provided. Any updated version of this Privacy Policy will be effective immediately upon posting the revised Privacy Policy unless otherwise specified. If you disagree with the revised Privacy Policy, you can cancel your Account. Your continued use of the Website or Services after the effective date of the revised Privacy Policy (or such other act specified at that time) will constitute your consent to those changes. However, without your consent, we will not use your Personal Data in a manner materially different from what was stated at the time your Personal Data was collected.
13. How to Contact US
Company name: DAY1COMPANY
Address : 6&7th Fl, Teheran-ro 231, Gangnam-gu, Seoul, Republic of Korea
Tel.: +82-2-501-6222
E-mail: privacy@coloso.global
Designated Data Protection Officer
The Company designates the following Data Protection Officer (DPO) to protect customers’ personal information and deal with customer complaints.
DPO of the Company: Kangmin Lee
Address: 6&7th Fl, Teheran-ro 231, Gangnam-gu, Seoul, Republic of Korea
Tel.: +82-2-501-6222
E-mail: privacy@coloso.global
If required by law, we will designate a representative in the European Union and the United Kingdom to act on our behalf in relation to personal data processing. Contact details for the representative will be provided upon request.
▶ Privacy Policy (2025.05.21 ~ 2026.03.11)
▶ Privacy Policy (2024.11.13 ~ 2025.05.20)
▶ Privacy Policy (2023.05.23 ~ 2024.11.12)
▶ Privacy Policy (2021.09.13 ~ 2023.05.22)
This privacy policy ("Policy") describes how COLOSO as Day1 Company Inc.’s CIC ("COLOSO ", "we", "us" or "our") collects, uses, shares and protects the personally identifiable information ("Personal Information") you ("User", "you" or "your") may provide on the COLOSO website and any of its products or services (collectively, "Website" or "Services").
It also describes the choices available to you regarding our use of your Personal Information and how you can access, update and restrict this information. This Policy does not apply to the practices of companies that we do not own or control or to individuals that we do not employ or manage.
This Privacy Policy applies to all users, including both users who are simply viewing the content available via the Services and users who have registered as members of COLOSO. By using any part of our Websites or our Services, you acknowledge that you have read this Policy and agree to this entire Privacy Policy and any other agreement that governs your use of the Websites and Services.
If you are a resident of California, this Policy incorporates and is intended to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"); if you reside in the European Economic Area ("EEA") or the United Kingdom, this Policy incorporates the requirements of the UK and EU General Data Protection Regulation ("GDPR"). For users outside of California and the EEA/UK, we apply a unified global privacy standard consistent with applicable local laws.
1. Definitions
Undefined terms in this Privacy Policy have the same definition as in our Terms of Use (“Terms”).
2. Personal Data We Collect
We collect personal data directly from you, automatically through your interactions with our Services, and from third-party partners. Personal data means any information relating to an identified or identifiable individual. The categories of personal data we collect include the following
2.1 Data You Provide Directly
The personal data you provide to us may vary depending on how you use our Services. Typical categories include the following:
| Title of Service | Items to be collected (examples) |
|---|---|
| Internet Membership Serivce | Name, email address, date of birth, gender, country(national information), language of use |
| Online Payment Service | Name, address, telephone number, email address, Payment information(account number or card number), Information about bids, purchase and sales |
2.2 Data Collected Automatically
Certain data is collected automatically when you interact with our Services. This includes:
| Lists | Items to be collected (examples) |
|---|---|
| Device and System Information | Device identifier, operating system and hardware version, device setup and configuration, browser type and settings, usage information about the website or application |
| Log and Usage Information | IP address, log data, time of use, search terms entered, cookies and web beacons |
| Geo-Location Information | Approximate location data derived from GPS, Bluetooth or Wi-Fi (only where permissible under local law) |
| Other Information | Information about payment transactions, preferences, advertising settings and pages visited within our Services |
2.3 Data from Third-Party Sources
We may receive additional information about you from third parties, such as social networks or service providers. This may include:
| List | Items to be collected (examples) |
|---|---|
| Third-Party Services | If you link, connect, or sign-in to the COLOSO Platform via a third party service (e.g. Google, Facebook, Apple), you are directing the service to send us information. These information include but are not limited to your registration, profile information as controlled by that service or as authorized by you via your privacy settings at that service. |
| Other Sources | To the extent permitted by applicable law, we may receive additional information about you, such as references, demographic data, or information to help detect fraud and safety issues from third-party service providers. |
3. How Do We Use Your Personal Data
We use the personal data we collect for the following business and commercial purposes:
| Processing Purpose | Examples of Activities |
|---|---|
| Account creation & management | Creating and maintaining your user account; verifying your identity; managing memberships |
| Service delivery | Delivering courses, content, and digital products you purchase; processing payments and refunds |
| Personalization | Recommending courses and content based on your interests, behavior, profile |
| Communications | Sending transactional emails (receipts, account alerts); sending promotional emails where you have opted in or where permitted by law |
| Marketing & advertising | Delivering targeted advertising on our Services and third-party platforms (including retargeting and lookalike audience advertising) |
| Analytics & product improvement | Understanding how users interact with our Services; testing and improving features and content |
| Security & fraud prevention | Detecting, preventing, and responding to fraud, abuse, and security threats |
| Legal compliance | Complying with applicable laws, regulations, court orders and governmental requests; responding to legal requests and preventing harm |
| Promotions & competitions | Administering contests, surveys, and promotional programs you choose to participate in |
Note that we may be allowed to process information until you object to such processing (by opting out) under some legislations, without having to rely on consent or any other of the following legal bases below. In any case, we will be happy to clarify the specific legal basis that applies to the processing, particularly whether the provision of Personal Information is a statutory or contractual requirement or a requirement necessary to enter into a contract.
4. How We Share Personal Data
We may share your personal data with third parties in the following circumstances, subject to your consent where required by applicable law:
Sharing With Your Consent or at Your Direction: We share data when you instruct us to do so, such as when you participate in interactive features or integrate third‑party applications.
Where you provide consent, we share your information as described at the time of consent, such as when authorizing a third-party application or website to access your COLOSO account or participating in promotional activities by COLOSO partners or third parties.
a) when the user agrees to receive the information and updates of products and services of certain companies by sharing his or her personal information.
b) when the user selects to allow his or her personal information to be shared with the sites or platform of other companies such as social networking sites.
c) other cases where the user gives prior consent for sharing his or her personal information.
Service Providers (Processors): We engage third-party service providers (e.g., payment processors, IT infrastructure, analytics and marketing providers) to help operate, provide and improve the Services. These providers may access personal data only as needed to perform their functions and are contractually obligated to protect it.
| Service Provider | Stibee Inc. |
|---|---|
| Information Shared | Email address, Name |
| Purpose | To send emails regarding VIP benefits, event announcements, and other promotional content |
| Data Transfer Location | South Korea *Your personal information may be transferred to and processed in South Korea, where our email service provider is located. |
| Protection Measures | We have established contractual agreements and implemented appropriate technical and administrative safeguards to protect your data. |
| Retention Period | Until the service agreement ends or the purpose of email delivery has been fulfilled, whichever occurs first. |
| Service Provider | Braze, Inc. |
|---|---|
| Information Shared | Name, encrypted member number, email address, gender, age group, date of birth, country, service usage data(viewed pages, time spent, click events) |
| Purpose | Personalized course recommendations, behavioral messaging, promotional targeting |
| Data Transfer Location | United States |
| Protection Measures | We have established contractual agreements and implemented appropriate technical and administrative safeguards to protect your data. |
| Retention Period | Until the service agreement ends or the purpose of email delivery has been fulfilled, whichever occurs first. |
| Service Provider | Toss Payments Co., Ltd. |
|---|---|
| Information Shared | Payment information, Email address |
| Purpose | To process payments and refunds in connection with purchases made through our Services |
| Data Transfer Location | South Korea |
| Protection Measures | We have established contractual agreements and implemented appropriate technical and administrative safeguards to protect your data. |
| Retention Period | In accordance with applicable financial and tax regulations and internal retention policies. |
| Service Provider | PayPal Holdings, Inc. |
|---|---|
| Information Shared | Name, email address, telephone number, billing address, and payment information * When you choose to pay through PayPal, payment and identity verification information required under applicable laws may be collected and processed directly by PayPal in accordance with its own privacy policy. |
| Purpose | To process payments and refunds in connection with purchases made through our Services |
| Data Transfer Location | United States and other jurisdictions where PayPal operates |
| Protection Measures | We have established contractual agreements and implemented appropriate technical and administrative safeguards to protect your data. |
| Retention Period | In accordance with applicable financial and tax regulations and internal retention policies. |
* We are committed to protecting your personal information. All data processing by third-party service providers is conducted under strict contractual obligations, and in full compliance with applicable data protection laws in each relevant jurisdiction.
Corporate Affiliates: We share personal data within our corporate family to provide integrated services, ensure corporate governance and for legitimate business purposes.
Data Analytics and Enrichment Services: We may share certain contact information, Account Data, System Data, Usage Data (as detailed in Section 2), or de-identified data as needed. “De-identified data” means data where we’ve removed things like your name and email address and replaced it with a token ID. This allows these providers to provide analytics services or match your data with publicly-available database information (including contact and social information from other sources). We do this to communicate with you in a more effective and customized manner.
Administer Promotions and Services: We may share your data as necessary to administer, market, or sponsor promotions and surveys you choose to participate in, as required by applicable law (e.g. providing a winners list or making required filings), or in accordance with the rules of the promotion or survey.
Advertising: We may display online advertisements, and we may share aggregated and non-identifying information about our customers that we collect through the registration process or online surveys and promotions with certain advertisers to deliver and measure targeted advertising, subject to your cookie preferences. To opt out of our use of third-party cookies that share data with these partners, visit our cookie management tool, available in Cookies Settings.
Legal Compliance: We may disclose your information to courts, law enforcement, governmental or public authorities, tax authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or where disclosure is reasonably necessary:
a) to comply with our legal obligations.
b) to comply with a valid legal request or to respond to claims asserted against COLOSO.
c) to respond to a valid legal request relating to a criminal investigation to address alleged or suspected illegal activity, or to respond to or address any other activity that may expose us, you, or any other of our users to legal or regulatory liability.
d) to enforce and administer our Terms.
e) to protect the rights, property or personal safety of COLOSO, its employees, its Users, or members of the public.
Where appropriate, we may notify Users about legal requests unless: providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law.
We believe that providing notice would be futile, ineffective, or create or increase a risk of fraud upon or harm to COLOSO, our Users, or expose COLOSO to a claim of obstruction of justice.
Business Transfers: Suppose COLOSO undertakes or is involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event. In that case, we may sell, transfer or share some or all of our assets, including your information in connection with such transaction or contemplation of such transaction. In this event, we will notify you before your personal information is transferred and becomes subject to a different privacy policy.
After Aggregation or De-identification: We may disclose or use aggregated or de-identified data for any purpose.
5. Other Important Information
5.1 Third-Party Partners & Integrations
Parts of COLOSO may link to third-party services, not owned or controlled by COLOSO, Use of these services is subject to the privacy policies of those providers, COLOSO does not own or control these third parties and when you interact with them you are providing your information to them. We encourage you to be aware when you leave our Website and to read the privacy statement of each and every website that may collect Personal Information.
5.2 Do Not Track signals
Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform. As a result, this Website is not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this Policy, we limit our use and collection of your personal information.
6. Your Rights
You have certain rights around using your data, including managing, restricting, and deleting the information you previously provided. You can update or terminate your account from within our Services, choose the information you provide, and can also contact us for individual rights requests about your data. Parents who believe we’ve unintentionally collected personal data about their underage child should contact us for help deleting that information.
6.1 Decisions around the User of Your Data
You can choose not to provide certain data to us, but you may not be able to use relevant features of the Services. You can also make temporary suspension of treatment of your data. If you have any questions about your data, our use of it, or your right, contact us at privacy@coloso.global.
6.2 Managing Your Information
You can access, correct, delete and update some of your personal information through your Account settings. If you connected your COLOSO Account to a third-party service, like Facebook or Google, you can change your settings and unlink from that service in your Account Settings. You are responsible for keeping your personal information up to date.
6.3 Data Erasure
In certain jurisdictions, you can request that your personal information be deleted. To request to delete your personal information, please contact our customer support by emailing privacy@coloso.global. Please allow up to 30 days for a response. For your protection, we require that the request be sent through the email address associated with your account, and we may need to verify your identity before processing your request. Please note that even after you request the erasure of your personal information:
We may retain your data for legitimate purposes and/or in accordance with applicable law, including assisting with legal obligations, resolving disputes, and enforcing our agreements.
We may retain and disclose such data pursuant to this Privacy Policy after your account has been terminated.
6.4 Privacy of children
The Services are not intended for or directed to children under the following ages:
- United States: Under 13 years of age.
- European Economic Area (EEA) and the United Kingdom: Under 16 years of age.
- Other Jurisdictions: The minimum age required by applicable local laws in your country of residence.
If we become aware that we have inadvertently collected personal data from a child under the age of 13 (US), 16 (EEA/UK), or the relevant legal age in other regions without the necessary parental consent, we will take immediate and reasonable steps to delete such information and terminate the associated account.
If you are a parent or legal guardian and discover that your child has provided personal data to us without your consent, please contact us immediately at privacy@coloso.global. Upon verification of your identity and the relationship, we will take reasonable steps to permanently delete the account and any associated personal data from our systems.
7. Security
While no organization can guarantee perfect security, we continuously implement and update administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. However, it is always recommended to protect your password and contact us if you suspect any unauthorized access to your account.
7.1 Information Security
We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts.
7.2 Data breach
In the event we become aware that the security of the Website has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website, and send you an email.
8. Data Retention
We retain personal data for as long as required to engage in the uses described in this Policy, unless a longer retention period is required by applicable law. We determine retention periods based on:
- The length of time we have an ongoing relationship with you and provide Coloso products and services to you (for example, for as long as you have an account with us or keep using our products);
- Whether account owners modify or their users delete information through their accounts;
- Whether we have a legal obligation to keep the data (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to the enforcement of our agreements, the resolution of disputes, and applicable statutes of limitations, litigation, or regulatory investigation).
9. European Data Protection Specific Information
If you are located in the EEA, Switzerland or the United Kingdom, you have the following rights with respect to personal data we control:
- Right of Access and Portability: Obtain a copy of your personal data and, in some cases, request that we transfer it to another service provider.
- Right to Erasure: Request deletion of personal data when it is no longer necessary or if you withdraw consent.
- Right to Object: Object to our processing of your personal data for direct marketing or based on our legitimate interests.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Restrict Processing: Request that we limit processing if you contest the accuracy of the data or its lawful use.
- Right to Withdraw Consent: Withdraw any consent you have given us at any time without affecting the lawfulness of processing before withdrawal.
To exercise these rights, please email privacy@coloso.global. You also have the right to lodge a complaint with your local data protection authority.
9.1 Lawful processing of personal information under GDPR
Legal Bases for Processing: We process personal data under the following legal bases, depending on the context. The table below maps our key processing activities to their legal basis.
| Processing Activity | Legal Basis (GDPR Art. 6) | Notes |
|---|---|---|
| Account registration & identity verification | Art. 6(1)(b) — Contract | Necessary to enter into and perform our Terms of Use |
| Processing payments & fulfilling orders | Art. 6(1)(b) — Contract | Necessary for performance of the purchase contract |
| Sending promotional emails (opt-in markets) | Art. 6(1)(a) — Consent | You may withdraw consent at any time |
| Sending promotional emails (opt-out markets, e.g., US) | Art. 6(1)(f) — Legitimate Interests | Balanced against your interests; opt-out available at any time |
| Personalized content & course recommendations (Braze) | Art. 6(1)(f) — Legitimate Interests | You may object to profiling at any time |
| Targeted advertising & retargeting | Art. 6(1)(a) — Consent (EEA/UK) | Consent obtained via Cookie Preference Banner for non-essential cookies |
| Analytics & product improvement | Art. 6(1)(f) — Legitimate Interests | Data minimized and anonymized where possible |
| Security & fraud prevention | Art. 6(1)(f) — Legitimate Interests / Art. 6(1)(c) — Legal Obligation | Overriding legitimate interest to protect users |
| Compliance with legal obligations | Art. 6(1)(c) — Legal Obligation | E.g., tax records, law enforcement requests |
| Business transfers | Art. 6(1)(f) — Legitimate Interests | Notice provided before transfer |
10. US State Privacy Policy Addendum
Effective Date: March 12, 2025
10.1 California - Notice at Collection
Under the California Consumer Privacy Act (as amended by the California Privacy Rights Act) and similar state laws, we provide the following notice regarding the categories of personal data we collect, the sources, business or commercial purposes, categories of third parties to whom we disclose personal data, and retention periods. We do not sell your personal data in the traditional sense, but we may share certain data for targeted advertising as described below.
Categories of Personal Information We Collect: We may collect Personal Information as set out in Section 2 of the Coloso Privacy Policy. Using California-specific terms, we have collected the following categories of Personal Information:
- Account credentials, including username, password, and other information for authentication or account access.
- Contact identifiers, including name, email address, and phone number.
- Characteristics or demographics, including age(date of birth), gender, and country.
- Commercial or transaction information, including records of products or services purchased or obtained.
- Device identifiers, including device IP address, device ID or other identifiers that identify a computer or mobile device.
- Device information, including device operating software and browser (e.g., type, version, and configuration), internet service provider, and regional and language settings.
- Internet activity, including information about browsing history and interactions, such as the features used, pages visited, content viewed, purchases made or considered, the time of day browsed, and referring and exiting pages.
- Non-precise location data, such as location derived from an IP address or data that indicates a city or postal code level.
- Payment information, including full name, credit card (last four digits only), and card expiration date.
- Content, including content within any messages sent to us (such as feedback, questions, or survey responses).
Categories of Sources: we collect personal information from you, automatically via our Services and from third‑party sources as described in Section 2.
Purposes for Collecting and Using Personal Information: we use your personal information for the business and commercial purposes described in Section 3 of this Policy.
Retention: we retain personal information, including sensitive personal information, only as long as necessary to provide our products, comply with legal obligations and protect our or others’ interests, in line with the criteria described in Section 8.
Categories of Personal Information Disclosed and types of Recipients: we disclose personal information for the business and commercial purposes described in Section 4 of this Policy.
Shine the Light: California residents may request a list of categories of personal information disclosed to third parties for their direct marketing purposes in the preceding calendar year. To make such a request, please email us at the address in the Contact Us section and specify that you are making a "California Shine the Light Request."
10.2 Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia
Residents of these states may have additional rights, including the right to:
- To confirm whether or not we are processing your personal data
- To access your personal data
- To correct inaccuracies in your personal data
- To delete your personal data
- To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format
- To obtain a list of third parties to which we have disclosed your personal data.
To exercise any of these rights, submit a request through our email: privacy@coloso.global. Please allow up to 30 days for a response. To verify your identity, we may require you to confirm receipt of an email sent to an email address that matches our records, provide us with details relating to your history with us, or provide additional information. If we are unable to verify your identity, we may deny your request.
Sales and Targeted Advertising: we may disclose personal data (e.g., identifiers and usage information) to advertising partners to provide you with personalised ads on third‑party platforms, which may constitute a “sale” or processing of your personal data for targeted advertising. You can opt out by using the cookie preferences tool on our website and selecting "Disagree." Opt‑out settings apply only to the browser and device from which you make the choice.
Appeal: You may have the right to appeal our decision if we deny your request. To appeal, please contact us at the email address set out in the Contact Us section above and specify what you wish to appeal. We will review and respond to your appeal in accordance with applicable law.
11. International Data Transfers
We operate globally, which means your personal data may be transferred to, stored and processed in countries other than your own. These countries may have data protection laws that differ from those in your jurisdiction. We implement appropriate safeguards, such as standard contractual clauses and other legal mechanisms, to protect personal data transferred internationally and ensure it remains subject to the protections described in this Policy.
12. Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time in accordance with applicable law. We will post the revised Privacy Policy and update the “Last Updated” date if we do so. In case of material changes, we will post a notification on the main page of our Website. We will also notify you in other ways at our discretion, such as through the contact information you have provided. Any updated version of this Privacy Policy will be effective immediately upon posting the revised Privacy Policy unless otherwise specified. If you disagree with the revised Privacy Policy, you can cancel your Account. Your continued use of the Website or Services after the effective date of the revised Privacy Policy (or such other act specified at that time) will constitute your consent to those changes. However, without your consent, we will not use your Personal Data in a manner materially different from what was stated at the time your Personal Data was collected.
13. How to Contact US
Company name: DAY1COMPANY
Address : 6&7th Fl, Teheran-ro 231, Gangnam-gu, Seoul, Republic of Korea
Tel.: +82-2-501-6222
E-mail: privacy@coloso.global
Designated Data Protection Officer
The Company designates the following Data Protection Officer (DPO) to protect customers’ personal information and deal with customer complaints.
DPO of the Company: Kangmin Lee
Address: 6&7th Fl, Teheran-ro 231, Gangnam-gu, Seoul, Republic of Korea
Tel.: +82-2-501-6222
E-mail: privacy@coloso.global
If required by law, we will designate a representative in the European Union and the United Kingdom to act on our behalf in relation to personal data processing. Contact details for the representative will be provided upon request.
▶ Privacy Policy (2025.05.21 ~ 2026.03.11)
▶ Privacy Policy (2024.11.13 ~ 2025.05.20)
▶ Privacy Policy (2023.05.23 ~ 2024.11.12)
▶ Privacy Policy (2021.09.13 ~ 2023.05.22)