Chelly Privacy Policy

Chelly Privacy Policy

Last Updated: November 7th, 2025

Introduction

Welcome to Chelly. This Privacy Policy applies to the Chelly mobile software application (“Chelly APP”) provided, managed, and operated by Lenged Inc. (registered address: 16F, Front1, 122 Mapo-daero, Mapo-gu, Seoul, hereinafter the “Company”). This Privacy Policy explains how we collect, use, share, and process the personal information of users and other individuals in connection with our Services, unless otherwise stated in the “Supplementary Terms – Jurisdiction-Specific” section for your region.

Information We Collect

We may collect the following information about you:

Information You Provide

User Content. We may collect the content (“User Content”) you create, upload, produce, or access through the Services, including photos, images, and videos you upload; video templates you create or view; any comments you write; relevant metadata (e.g., when, where, and by whom the content was created); and other actions you take on the Services. If you create User Content, we may upload or import it to the Services (sometimes referred to as “pre-upload”) before you save or post it. You are not required to create an account to use our Services, but some features may be unavailable without an account. If you choose to use the Services without creating an account, we may still collect information about you, as described in this Privacy Policy.
Email Contacts. Where possible, if you are a registered user of our website, choose to sign up or log in to the Services using Google, and explicitly agree to sync your Google contacts, we will collect the Gmail addresses from your contacts.
Account Creation and Usage Information. In the process of creating an account, we may collect information required for account setup, such as your email address, mobile phone number, and verification codes sent to these, verification history information, name, nickname, gender, date of birth, and country. If you use a third-party service—such as ZEPETO, Roblox, Apple, Facebook, or Google—to create an account, we may collect login credentials (e.g., an ID), nickname or alias, profile photo, avatar (and its thumbnail), item information, email address, phone number, date of birth, gender, or other information that you or the third party provides.
Information When Contacting Us. When you contact us, we collect any information you send us, such as feedback or inquiries about your use of the Services, or information regarding potential violations of our , , or other policies.
Paid Service Subscription Information. If you subscribe to a paid service and make a payment or request a refund, we retain details related to that transaction (e.g., subscription items, transaction date and time, price, etc.). The specific information collected may vary depending on the payment method you choose (for example, Apple or Google ID, the name and number of your credit or debit card, your mobile phone number and carrier, etc.).
Other Information. If you choose to provide feedback, we may collect your feedback regarding the Services.

Information Collected Automatically

Technical Information We Collect About You. When you use the Services, we automatically collect certain information from you, such as a unique device identifier (device ID), network type and connection, your mobile or device model, application version number, operating system, system language, location, and usage data.
Location Information. We collect approximate information about your location based on your SIM card and/or IP address. For example, we may use this information to provide you with personalized content.
Usage Information. We collect information about how you engage with the Services. This may include usage frequency per feature, editing patterns, issues that arise when using the Services, and more.

Information From Other Sources

We may receive information described in this Privacy Policy from the following sources:

Login, Signup, or Linked Services. Where available, if you choose to sign up or log in to our Services using a third-party service such as ZEPETO, Roblox, Apple, Facebook, or Google, those third-party services may provide us with information. Depending on the service, they may share details about how you use their service.

Other. For instance, if you are included in or mentioned in User Content, complaints, objections, requests, or feedback submitted by a user or a third party, or if any user provides us with your contact information, we may receive information about you from others.

How We Use Your Information

We use your information for the following purposes:

To verify your age and identity.
To communicate with you, including notifications about changes to the Services.
To administer and provide the Services, including enabling you to create, edit, modify, and share User Content, interact with other users, and—if you choose—to participate in interactive features of the Services.
To promote your content to other users.
To provide customized or personalized information and content you may be interested in, such as marketing communications tailored to your preferences.
To enforce our , , and other terms and policies.
To respond to, handle, and process your inquiries, requests, applications, complaints, and feedback.
To ensure the Services’ tools are delivered in the most effective way for you and your device, and to improve and develop our Services by enhancing technologies such as machine learning models and algorithms.
For service management and internal operations, including troubleshooting, data analysis, testing, research, statistics, and surveys.
To detect abuse, fraud, and illegal activities on the Services and, where permitted by applicable law, to scan, analyze, and review User Content and related metadata for violations of our , , and other terms and policies to ensure your safety and security.
Where permitted, to provide personalized ads to you and to measure and understand the effectiveness of ads as part of our advertising services.
To comply with our legal obligations, or where necessary to perform a task in the public interest or protect the vital interests of our users or others.

We may also use your information for other purposes disclosed to you at the time of collection, subject to your consent or as otherwise permitted by law.

How We Share Your Information

This section describes how we may share your information with third parties.

Service Providers and Business Partners

For the purposes stated in this Privacy Policy, and to provide you with the Services, we may share the categories of personal information mentioned above—Information You Provide, Information Collected Automatically, and Information From Other Sources—with our service providers and business partners. These service providers and partners assist us by offering cloud hosting, content delivery, customer and technical support, content management, marketing, analytics, and online payment services.

Service Providers and Business Partners

[1] Amazon Web Services

Purpose: User authentication and management, serverless computing, storage, hosting services
Personal Data Transferred: User activity records, user-generated content, user credentials, user location information
Retention Period: Until the purpose of use is achieved or until the data processing contract is terminated/expires, whichever comes first
Country: Korea

[2] Unity Analytics

Purpose: User behavior analysis and data collection
Personal Data Transferred: IP address, user identifiers, device information, location data
Retention Period: Until the purpose of use is achieved or until the data processing contract is terminated/expires, whichever comes first
Country: United States

[3] Firebase

Purpose: Cloud messaging services
Personal Data Transferred: Device information, activity records, location data
Retention Period: Until the purpose of use is achieved or until the data processing contract is terminated/expires, whichever comes first
Country: United States

[4] Mixpanel

Purpose: User behavior analysis and data collection
Personal Data Transferred: IP address, user identifiers, device information, in-app activity
Retention Period: Until the purpose of use is achieved or until the data processing contract is terminated/expires, whichever comes first
Country: United States

[5] OneSignal

Purpose: Cloud messaging services
Personal Data Transferred: Device information, activity records, location data
Retention Period: Until the purpose of use is achieved or until the data processing contract is terminated/expires, whichever comes first
Country: United States

[6] Amplitude

Purpose: User behavior analysis and data collection
Personal Data Transferred: IP address, user identifiers, device information, in-app activity
Retention Period: Until the purpose of use is achieved or until the data processing contract is terminated/expires, whichever comes first
Country: United States

Our Corporate Group

Certain entities within our global corporate group may help support the Services. When necessary to provide essential functions such as storage, content delivery and optimization, security, research and development, analytics, online payment, customer and technical support, and content management, these entities may process Information We Collect on our behalf. We may also share your information with members of our corporate group to improve our Services, to allow you to access other services provided by our corporate group, or for our internal business operations.

Third-Party Social Network Services, Other Third-Party Services, and Affiliate Services

If you choose to sign up for or log in to our Services using the credentials of another social network or third-party service, or if you choose to connect your account for our Services to another social network account, such third-party service may collect information about you—including information about your activities on our Services—and notify you (under their privacy policy) that you are connected to their service while using ours. If you allow a third-party service to access your account, we may share certain information about you (e.g., app ID, access token, referring URL) with that third-party service as needed for you to use it. Depending on the permissions you grant, the third-party service may obtain your account information and other information you choose to provide. If you decide to share User Content you create or upload on our Services with other social media services, your User Content, username, and any attached text (if applicable) will be shared on those services.

Legal Obligations and Rights

Where required by law, or when we in good faith believe it is reasonably necessary for the following purposes, we may share any Types of Information We Collect with law enforcement, public authorities, or other organizations:

To comply with applicable laws, regulations, codes of practice, government guidelines, or other legal and regulatory obligations, consistent with internationally recognized standards.
To enforce our and other agreements, policies, and standards, including investigating potential violations.
To respond to subpoenas, court orders, legal processes, law enforcement requests, legal claims, or government inquiries.
To detect, prevent, or otherwise address security, fraud, or technical issues.
To protect the rights, property, or safety of us, our users, third parties, or the public, as permitted or required by law (including exchanging information with other companies and organizations for fraud prevention).

Sale or Merger

We may also disclose your information to third parties in the following circumstances:

In the event that we sell our business or assets, we may disclose your information to a prospective buyer of such business or assets.
If we sell, acquire, or merge with another company or business, if another entity acquires us, if we enter into a partnership with another company or business, or if we sell all or a portion of our assets, then your user information may be part of the transferred assets in such a transaction.

With Your Consent

We may share your information with third parties when we have your consent or at your direction.

Your Rights

Depending on the laws of the country in which you reside, you may have certain rights regarding your personal information, such as the right to access, correct, delete, or restrict its processing. You can exercise these rights by sending us a written request or email, and we will respond promptly upon receiving your request. However, these rights may be subject to limitations under country-specific laws. Such rights may also be exercised through a duly authorized representative who has legal authority from you or your legal guardian. We will verify the identity of the individual making the request in accordance with applicable laws.

View personal information. You have the right to access your personal information processed by us.

Deletion of personal information. You have the right to request the deletion of personal information about you; however, certain information cannot be deleted where retention is legally required.

Restriction of processing of personal data. You have the right to request a restriction on the processing of your personal information.

Right to object. If we use your personal information, you have the right to object to its processing.

Right to portability of personal information. You have the right to request that we provide information related to you.

To exercise these rights or submit a request, please contact us at . However, we may decline your request if there is a specific legal provision permitting us to do so.

Data Security

We take measures to ensure that your information is handled securely and in accordance with this Privacy Policy. Unfortunately, no data transmission over the internet can be guaranteed to be completely secure. Therefore, we cannot guarantee the security of any information transmitted via the Services.

We maintain appropriate technical, administrative, and physical security measures designed to protect your information from unauthorized access, theft, disclosure, modification, or loss. We periodically review and update these measures to improve the overall security of our systems.

Occasionally, our Services may contain links to third-party websites. If you follow a link to such a website, please note that these websites have their own privacy policies and we assume no responsibility for them. Before submitting any information to these websites, please review their privacy policies.

Data Retention

We retain your information for as long as necessary to provide you with our Services and for the other purposes described in this Privacy Policy, or as required by law. Retention periods vary based on the type of information and the purpose for which we use it. Once the purpose for collecting or receiving the information has been fulfilled, we securely destroy it without undue delay. Examples of typical retention and destruction timelines include:

Account Information: When an account is terminated or deactivated.
Paid Service Usage Information: Upon the end of paid service usage or expiration of the statutory limitation period for debt claims.
Information Retained with Your Separate Consent: Until the expiration of the agreed retention period.
Information Required for Potential Legal Disputes: Until the reason for retention no longer applies.

If there is a legal obligation to retain certain information under applicable laws, we will retain such data for the period mandated by law. During this period, the information will not be used for any other purpose.

Information About Minors

Chelly is not intended for children under the age of 14. The minimum age for using the Services may vary depending on your country or region. If you believe we have collected personal information from a minor below the minimum age, please contact us at .

Updates to Our Privacy Policy

We may amend or update this Privacy Policy from time to time. If we update the Privacy Policy, we will update the “Last Updated” date at the top of this Privacy Policy and notify you of any material changes by posting the new Privacy Policy or providing other notices required by law. We recommend that you review this Privacy Policy regularly to stay informed about our privacy practices.

Contact Us

We welcome any questions, comments, or requests regarding this Privacy Policy. Please direct your inquiries to:

Lenged Inc.

Email:

Address: 16F, Front1, 122 Mapo-daero, Mapo-gu, Seoul

Supplementary Terms – Jurisdiction Specific

If there is a conflict between the provisions of the Supplementary Terms - Jurisdiction-Specific, which apply to the jurisdiction in which you access or use the Services, and the remaining provisions of this Policy, the Supplementary Terms - Jurisdiction-Specific, for that jurisdiction , will supersede, and this Supplement. It is governed by terms and conditions.

European Economic Area (“EEA”), Switzerland and the United Kingdom

If you use the Service from the EEA, Switzerland or the United Kingdom (“European Region”), the following additional terms and conditions apply.

Legal basis for processing

We only use your personal data where we are legally permitted to do so. Our legal bases for the processing of your personal data described in this policy are set out in the table below.

International transfer of data

If you are normally located in Europe, the personal data we collect about you may be transferred back to and stored at destinations outside of Europe. For example, we may store the information we collect on secure servers located in the Republic of Korea.

When we transfer your information outside the European region, we rely on the following to ensure that an appropriate level of data protection applies to that information:

Determination of adequacy. This is a decision of the European Commission pursuant to Article 45 of the GDPR (or an equivalent decision under other laws) recognizing that a country provides an adequate level of data protection. We transfer your information to some countries where adequacy decisions exist. or
Standard Contract Clauses. The European Commission has approved contractual provisions enabling companies within the EEA to transfer data outside the EEA under Article 46 of the GDPR. These clauses (and, in the case of the UK and Switzerland, their own approved equivalents) are incorporated into standard contractual clauses ( standard contractual clauses). contractual clauses ). We transfer your information under standard contractual clauses to certain entities within our corporate group and to third parties in countries for which we have not made an adequacy decision.

For more information about these safeguards, please contact support@chelly.app .

Your rights

You have the following rights:

Free of charge, ( i ) confirmation as to whether we are processing your personal data and ( ii ) access to a copy of the personal data we hold about you.
The right to request appropriate rectification or erasure of your personal data, or restriction of processing of your personal data.
Where the processing of your personal data is based on your consent or is necessary for the performance of a contract with you and the processing takes place by automated means, we will receive personal data relating to you in a structured, widely used and machine-readable format or may be technologically advanced. The right to have your personal data transferred directly to another entity (data portability), where feasible.
If the processing of your personal data is based on your consent, the right to withdraw your consent at any time (withdrawal will not affect the lawfulness of data processing activities that occurred before such withdrawal).
Automated communications, including profiling, that have legal consequences or similarly materially affect you, unless we obtain your consent, or are authorized by the law of the European Union or its Member States or are necessary for the performance of a contract. Right not to be subject to the decision ;
The right to object to processing of your personal data where we rely on our legitimate interests, unless we can demonstrate compelling legitimate grounds which override your rights. If you object to such processing, we will review the processing of your personal data and ask you to state the grounds for that objection in order to balance our legitimate interests in the processing and your objection to such processing. request.
In case where a ) you contest the accuracy of the information; ( b ) you believe the information has been processed unlawfully and you object to its erasure; (c) we require retention of the information for the pursuit or defense of legal claims; , or ( d ) if you object to the processing and is waiting for the said request’s result, you have the right to request restriction of that processing.
The right to object to processing of your personal data for direct marketing purposes.
The right to lodge a complaint with your local data protection authority

Before we can respond to your request to exercise one or more of the rights listed above, we may need to verify your identity or account details.
To exercise your rights, please email support@chelly.app .

GDPR representative

LENGED Co., Ltd

16F, 122, Mapo-daero, Mapo-gu, Seoul, Republic of Korea

support@chelly.app