Privacy Policy

1. Introduction

This Privacy Policy sets out how we, Korea Smart Authentication Corp. (“Company” or “KoSAC”), use and protect your personal data that you provide to us, or that is otherwise obtained or generated by us, in connection with your use of our collaborative decision making platform (the “Services” or “Defora”). For the purposes of this Privacy Policy, ‘we’‘us’ and ‘our’ refers to Company, and ‘you’ refers to you, the user of the Services.

     1.1. Privacy Principles

KoSAC has three fundamental principles when it comes to collecting and processing private data:

  • We only store the data that Defora needs to function as a secure and feature-rich service.
  • We promise that we’ll tell you how we use your data to make your Service experience safe and easy. 
  • Plus, we’ll make sure we collect and store your data securely.

     1.2. Terms of Service

This Privacy Policy forms part of our Terms of Service, which describes the terms under which you use our Services (Terms of Service). This Privacy Policy should therefore be read in conjunction with those terms. 

     1.3. Table of Contents

This Privacy Policy explains the following:

  • the legal basis for processing your personal data;
  • what personal data we may collect from you;
  • how we keep your personal data safe;
  • what we may use your personal data for;
  • who your personal data may be shared with; and
  • your rights regarding your personal data. 

     1.4. EEA Representative

If you live in a country in the European Union or European Economic Area (EEA), you can request: 1) a copy of personally identifiable information, or; 2) correction or deletion of personally identifiable information. For this, please contact Please be advised that the personally identifiable information in our possession is limited to your phone number, group display name, and eligibility information you have provided to us. We are unable to provide your activities since we cannot link it to your personally identifiable information due to our encryption system. 

2. Legal Ground for Processing Your Personal Data

We process your personal data on the ground that such processing is necessary to further our legitimate interests (including providing effective and innovative Services to our users), unless those interests are overridden by your interest or fundamental rights and freedoms that require protections of personal data. 

3. What Personal Data We Collect

     3.1. Basic Account Data

Defora is a communication service for people. To make sure that everyone is able to participate in an equal manner, we need to check that you are a real, unique person. This process is currently done by checking your ownership of a unique mobile number, which you will provide to us to create a Defora account. We store them away in an encrypted database in a hashed form so that the uniqueness check can be carried out without ever revealing the plaintext form of your mobile number. 

To ensure the trust and legitimacy of decisions reached, Defora enables that only the eligible stakeholders can participate. We check this by authenticating your eligibility data through your own organization or a relevant 3rd party that your Group has chosen as an eligibility check service provider. 

Your actions on the service will not be linked to your mobile number as we issue new random anonymized addresses for your actual interactions with other users, further securing your privacy. 

In anonymous mode, random nicknames are issued for you for each Activity. You can choose to have a discussion in real name, which each member can set themselves. We do not require your Group display name to be your real name unless your Group has specified otherwise.

Your mobile number, eligibility data, and Group display names are the only data we collect, and they will be deleted upon your request. 

     3.2. Your Language Content

Your opinions, comments, likes, reviews, and voting activities (collectively referred to as “Content”) are recorded, but cannot be traced back to both your mobile number, eligibility information, or other personally identifiable information. Therefore your language information is not personal data. However, you must be aware that you may include personally identifiable information in the Contents. In such a case, you can request for its deletion by reaching out to us. Also, please be advised that other users may search for, see, use, or share any of your Language Content that you make publicly available through Defora, consistent with the terms and conditions of this Privacy Policy and our Terms of Service. 

     3.3. Feedback Information

When you rate or give feedbacks to Defora, we collect them to gain better insights to improve our Service. Again they are not linked to your personally identifiable data, so we take them as simply feedbacks for reference for future developments.  

4. Keeping Your Personal Data Safe

     4.1. Storing Data

All personal data is immediately encrypted when you register for our Services, and we store and/or process this data in South Korea. If you engage in a monetary transaction with us for customized features, you may be retried to provide billing information, including your name, address, phone number and credit card data. Please be advised that Defora utilizes third party payment services to effectuate these transactions. As such, we will not have access to any of this billing information, nor will we be able to connect them with your Contents and activities on our Service. 

     4.2. Data Retention

Unless stated otherwise in this Privacy Policy, the personal data that you provide us will only be stored for as long as it is necessary for us to fulfill our obligations in respect of the provision of the Services.

We maintain our office in South Korea. We do not have a physical presence outside of the country. We do not have a physical presence in the European Union, any EU-Member country or any member of the European Economic Area. 

We use commercially reasonable safeguards and take reasonable steps to keep the information pertaining to your personal data and contents. Please be advised that our retention of all data and information obtained in connection with our Services, including personally identifiable information, is consistent with industry-accepted practices and security standards. We implement these security practices for the safekeeping of your data.

5. Processing Your Personal Data

     5.1. Our Services

Defora is a communication service, where we process your data to Groups and Activities of your choosing in secure and anonymous manner. 

     5.2. Advanced Features

Defora only stores the information it needs to function as a secure and feature-rich service for better deliberative democracy.

6. Who Your Personal Data May Be Shared With

     6.1. Other Defora Users

Other users of our Services with whom you choose to communicate with and share certain information, who may be located outside the EEA. Note that by entering into the Terms of Service and choosing to communicate with such other users of Defora, you are instructing us to transfer your personal data, on your behalf, to those users in accordance with this Privacy Policy. We employ all appropriate technical and organizational measures (including encryption of your personal data) to ensure a level of security for your personal data that is appropriate to the risk. 

     6.2. Defora’s Group Companies

We may share Content data with Aardvark, a non profit foundation to conduct research to craft better deliberative democratic structures and environment. We will implement appropriate safeguards to protect the security and integrity of that Content. 

     6.3. Law Enforcement Authorities

Notwithstanding anything to the contrary in this Privacy Policy or controls we may otherwise offer to you, we may preserve, use, or disclose your personal data or other safety data if we believe that it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to protect the safety or integrity of our platform, including to help prevent spam, abuse, or malicious actors on our services; to address fraud, security, or technical issues; or to protect our rights or property or the rights or property of those who use our services. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your personal data. However, client log information and what we do not control cannot be disclosed to the authorities.

7. Your Rights Regarding the Personal Data Your Provide to Us

     7.1. Your Rights

Under applicable data protection legislation, in certain circumstances, you have rights concerning your personal data. You have a right to: (1) request a copy of all your personal data that we store and to transmit that copy to another data controller; (2) delete or amend your personal data; (3) restrict, or object to, the processing of your personal data; (4) correct any inaccurate or incomplete personal data we hold on you; and (5) lodge a complaint with national data protection authorities regarding our processing of your personal data.

     7.2. Exercising Your Rights

If you wish to exercise any of these rights, kindly contact us using the details in section 10 below.

     7.3. Data Settings

Sadly, if you‘re generally not OK with Defora’s modest requirements, it won’t be possible for us to provide you with our Services. You can delete your Defora account in My menu.

8. Deleting Data

     8.1. Accounts

f you would like to delete your account, you can do this on the app My Menu > Delete Defora. Deleting your account removes your mobile number hash on our system, and also the access to all of your activities locally. This action must be confirmed via your Defora account and cannot be undone.

     8.2. Contents

Your non personally identifiable data will remain as record of deliberation. However, if you believe your contents are potentially personally identifiable data, contact us to take it down. 

9. Policy Pertaining to Children

Defora does not knowingly collect or solicit any information from anyone under the age of consent established by the data protection law of their applicable country. Defora does not knowingly allow such persons to register for the Services. The Service is not directed to anyone under the age of consent established by the data protection law of their applicable country

10. Changes to this Privacy Policy

We will review and may update this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on this page. Please check our website frequently to see any updates or changes to our Privacy Policy, a summary of which we will set out below. 

Important changes made to this Privacy Policy will be notified to you via Defora System notification. 

11. Questions and concerns

If you have any questions about privacy and our data policies, please contact, which we will answer at the earliest opportunity.

The Team




©2020 All Rights Reserved. Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. Google Play and the Google Play logo are trademarks of Google LLC.