Who We Are and What We Do

FluxToneLume provides financial data integration and synchronization services to businesses operating in South Korea. We help companies connect their financial systems, reconcile data across platforms, and maintain accurate records.

Our registered business address is 달동 1264-15번지 남구 울산광역시 KR, and you can reach us at +82535834488.

Information We Collect

The nature of our work means we handle several types of information. Here's what we collect and why:

Business Contact Information

When you inquire about our services or become a client, we collect basic business details: your company name, contact person, email address, phone number, and business address. We need this to communicate with you and provide our services.

Financial System Access Data

To integrate and synchronize your financial data, we need access credentials to your financial systems. This might include API keys, database connection strings, or authentication tokens. We encrypt all access credentials and store them in secure, isolated environments.

Transaction and Financial Records

Our integration services process financial transaction data, account information, and related records. The specific data depends on which systems you want us to connect and what you need synchronized.

Technical and Usage Information

We collect logs showing how our integration systems interact with your financial platforms. This includes timestamps, data volumes processed, error messages, and system performance metrics. These logs help us maintain service quality and troubleshoot issues.

How We Use Your Information

We use the information we collect for specific, defined purposes related to delivering our financial integration services:

• Connecting your financial systems and synchronizing data between platforms as specified in our service agreement
• Monitoring integration performance to catch errors before they affect your financial records
• Providing technical support when you encounter issues or have questions about the integration
• Maintaining security by monitoring for unauthorized access attempts or suspicious activity
• Improving our integration methods based on real-world usage patterns and technical challenges
• Meeting legal obligations under South Korean financial regulations and data protection laws
• Communicating about service status, system maintenance, and important updates

Legal Basis for Processing (South Korea Context)

Under South Korean data protection law, specifically the Personal Information Protection Act (PIPA), we process your information based on:

• Contractual necessity: Most of our data processing is essential to deliver the integration services you've contracted us to provide
• Legitimate business interests: We process certain data to maintain service quality, security, and operational efficiency
• Legal compliance: Financial regulations require us to maintain certain records and implement specific security measures
• Consent: For any processing outside these categories, we obtain your explicit consent before proceeding

Data Security Measures

Given the sensitive nature of financial data, we've implemented multiple layers of security protection:

Encryption

All data transmissions use TLS 1.3 or higher encryption. Financial data at rest is encrypted using AES-256 encryption. Access credentials are hashed and stored separately from other data using bcrypt with appropriate work factors.

Access Controls

Our team follows strict least-privilege principles. Staff members only access the specific data necessary for their role. All access is logged and regularly audited. We use multi-factor authentication for all system access.

Infrastructure Security

Our servers are hosted in secure data centers with physical security measures. We maintain isolated environments for different clients to prevent data mixing. Regular security patches and updates are applied systematically.

Monitoring and Response

We monitor our systems continuously for security threats. Automated alerts notify our team of suspicious activity. We maintain an incident response plan and conduct regular security drills.

Data Sharing and Third Parties

We keep data sharing to an absolute minimum. Here's who might access your information:

Service Providers

We work with a small number of carefully vetted service providers who help us deliver our services. This includes our cloud infrastructure provider and security monitoring service. These providers only access data necessary for their specific function and are bound by strict confidentiality agreements.

Legal Requirements

We may disclose information if required by South Korean law, court order, or regulatory authority. If we receive such a request, we'll notify you unless legally prohibited from doing so.

Business Transfers

If FluxToneLume is acquired or merges with another company, your information would transfer to the new entity. We'd notify you before this happens and inform you of any changes to how your data is handled.

What we never do: We don't sell data to brokers. We don't share financial information with marketing companies. We don't provide your data to analytics services for behavioral tracking.

Your Rights Regarding Your Data

Under South Korean law, you have specific rights concerning your personal and business information. Here's what you can do and how to do it:

How to Exercise Your Rights

Send requests to +82535834488 or write to us at 달동 1264-15번지 남구 울산광역시 KR. Include your company name and specific request details. We'll verify your identity before processing any requests.

We respond to most requests within 10 business days. Complex requests might take up to 30 days—we'll let you know if we need additional time and explain why.

Data Retention and Deletion

We don't keep data longer than necessary. Here's our approach to retention:

Active Service Period

While providing services, we retain all data necessary for system operation, security monitoring, and service delivery. This includes financial records being synchronized, system logs, and communication history.

After Service Termination

When our service agreement ends, we follow this timeline:

• Immediate (within 24 hours): Disable all system access credentials
• Within 30 days: Delete all cached financial data and temporary processing files
• Within 90 days: Remove operational logs and technical usage data
• Retained for legal periods: Contracts, financial invoices, and compliance documentation (typically 5 years under South Korean commercial law)

Legal Retention Requirements

Some records must be kept to comply with South Korean regulations. Financial transaction records related to tax matters are retained for 5 years as required by tax law. Records related to dispute resolution are kept until the matter is fully resolved plus applicable statute of limitations.

Requesting Early Deletion

You can request deletion of data not subject to legal retention requirements at any time. Contact us with your specific deletion request, and we'll process it within 30 days.

International Data Transfers

Our primary operations and data storage are based in South Korea. However, some situations involve international data movement:

Cloud Infrastructure

Our cloud service providers maintain data centers in multiple locations. While we configure our systems to keep data within South Korea whenever possible, some backup and redundancy systems may involve servers in other locations with equivalent data protection standards.

Cross-Border Integration Needs

If your financial systems are hosted outside South Korea, data necessarily moves between jurisdictions during synchronization. We only process data in jurisdictions with adequate data protection frameworks.

Safeguards for International Transfers

When data leaves South Korea, we implement appropriate safeguards including standard contractual clauses, encryption during transit, and verification that receiving jurisdictions maintain adequate protection standards.

Cookies and Tracking Technologies

Our website uses minimal tracking to function properly and provide basic analytics:

Essential Cookies

We use session cookies to maintain your login state and remember your preferences during a single visit. These are necessary for the website to work and can't be disabled.

Analytics

We collect basic analytics about website visits—pages viewed, time spent, general location (city level). This helps us understand how people use our site and where we can improve. We don't track individual behavior across websites or create detailed user profiles.

No Third-Party Advertising

We don't use advertising cookies or allow third-party advertisers to track you on our website. We don't participate in ad networks or behavioral advertising programs.

Children's Privacy

Our services are designed for businesses and are not directed at individuals under 18. We don't knowingly collect information from minors. If we discover we've inadvertently collected data from someone under 18, we'll delete it immediately.

Changes to This Privacy Policy

We update this policy occasionally to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we'll notify active clients directly via email at least 30 days before the changes take effect.

For minor updates—like clarifying existing language or fixing typos—we'll update the "Last Updated" date at the top of this page. We recommend reviewing this policy periodically to stay informed about how we protect your information.

Previous versions of this policy are available upon request if you want to see what changed over time.

Regulatory Compliance

FluxToneLume complies with South Korean data protection and financial services regulations, including:

• Personal Information Protection Act (PIPA)
• Act on Promotion of Information and Communications Network Utilization and Information Protection
• Credit Information Use and Protection Act
• Electronic Financial Transactions Act

We maintain documentation of our compliance measures and participate in regulatory examinations as required. If you have questions about our compliance practices, contact us directly.