1. Introduction
SpaceCloud UK LTD (hereinafter referred to as the "Company") operates the SpaceCloud service (hereinafter referred to as the "Service"). This policy is applied in accordance with the privacy policy stated in the Service’s terms and conditions. It applies to all areas mentioned or displayed within the SpaceCloud Service.
For residents of the United Kingdom, this policy is governed by the UK General Data Protection Regulation (UK GDPR).
The Company is committed to protecting users’ personal data and has established, operates, and publicly discloses this Privacy Policy to address concerns regarding users’ personal information in an effective and transparent manner.
2. Definitions
The following key terms are defined as used in this Privacy Policy.
Terms not specifically defined herein shall have the meanings given to them in the Terms and Conditions of Service.
- Personal Data: “Personal Data” refers to any information relating to an identified or identifiable individual (“data subject”). This may include, but is not limited to, name, email address, phone number, IP address, and location data.
- Service: “Service” refers to all features and systems provided by the “Company” via its website, mobile application, and other online platforms that enable users to list and book spaces. The Service includes additional functions such as space search, booking, payment, reviews, messaging, and customer support.
- User: “User” refers to any person who accesses or uses the Service provided by the “Company”, including both registered and unregistered users.
- Member: “Member” means any individual or organisation that has registered to use the Service by following the “Company”’s designated procedures and agreeing to the applicable terms. Members are categorised as follows:
- Guest Member: A “Guest Member” is an individual or entity who completes registration and agrees to the terms to search for, book, and use spaces via the Service.
- Host Member: A “Host Member” is a Guest Member who, upon agreeing to the host terms through the “Company”’s designated procedures, registers a space and uses the Service to offer it for rental. Host Members retain all Guest Member rights but also bear additional responsibilities such as providing operational details, registering settlement accounts, and complying with applicable policies.
- Visitor: A “Visitor” refers to a person who uses certain features of the Service (e.g. browsing available spaces) without registering as a Member.
- Third Party: A “Third Party” refers to any individual, company, or organisation that receives personal data but is neither the Company nor the data subject.
3. Collecting Personal Information
The Company collects and manages users’ personal information in accordance with the following principles. We adhere to the principle of data minimization, collecting only the data that is necessary for the stated purposes.
3-1 Information That You Give Us
For Guests:
- Account Information: Name, date of birth(for age verification; information will be deleted once the purpose has been fulfilled), email address, phone number (including country code), etc.
- Booking Information: The name, email address, and contact information of the booker designated by the guest member, as well as the reservation date and time, number of attendees, purpose of use, payment method, and amount, etc.
- Communication Records: Inbox messages, email inquiries, and related communication records.
- Payment Information: Credit/Debit card number, card issuer, expiry date, etc., are collected directly by payment processors such as Stripe. The Company does not access this information. Payment-related information is managed in accordance with Stripe’s Privacy Policy.
For Hosts:
- Verification and Payout Information: Personal and business verification details required for Stripe Connect integration, including name, date of birth, address, business information, and bank account details, are collected and managed directly by Stripe. The Company either does not access or has limited access to this information. Stripe’s policy is outlined in its Privacy Policy.
- Contact Information: Email address, phone number.
- Space Information: Address and detailed information of the registered space.
- Booking Information: Date and time of bookings, payment method and amount, and contact details (name, email, phone number) provided at the time of booking.
3-2 Information That You Choose to Give Us
This refers to any additional information that you voluntarily provide while using the service.
- Additional information provided during sign-up:
- Gender, profile image, etc.
- Additional details entered during booking:
- Specific requests or requirements related to the space.
- Activities during service use:
- Reviews and feedback
- Survey responses
- Prize delivery information for event participation
- Activities during space registration:
- Additional information about the space provided by the host
3-3 Information That We Automatically Collect from Your Use of Our Platform
The company automatically collects certain information when you use our website, mobile app, or interact with our emails. This information is used to operate, maintain, and improve our services. It includes:
- Information necessary for service operation:
- IP address
- Cookies
- Date and time of access
- Records of misuse or unauthorised activity
- Device information (e.g. PC, mobile device, browser type)
3-4 Information That We Collect from Third Parties
The company may collect personal information about you from third-party platforms and partners. This includes the following:
- Third-party Account Linking
If you choose to sign in or use our services through third-party accounts such as Google, Apple, or Facebook, we may collect information that those platforms provide (e.g. your name, email address, profile picture, etc.). This collection is based on your explicit consent or the act of linking your account. You may unlink your account at any time through your account settings.
- Social Media Platforms
If you share content or use integration features via social media platforms such as Facebook, Instagram, or X (formerly Twitter), we may receive certain information from these platforms. The information we receive is subject to the privacy policies of the respective services and is processed only to the extent necessary.
We do not control how social media platforms collect or use your data. You are encouraged to review their privacy policies individually.
- Online Advertising Platforms
We may use online advertising networks, such as Google Ads or Meta Ads, to run search keyword ads, remarketing, or targeted campaigns. Advertising partners may collect or process non-identifiable data, such as website visits, behavioural patterns, or browser information, to deliver interest-based advertisements.
The collection and processing of this data are governed by the privacy policies of the respective advertising platforms. You can manage personalised advertising preferences via your browser settings or the advertising platform's settings.
4. Legal Basis for Processing Personal Data
The company processes personal data based on the following legal grounds and provides this information in accordance with Article 13(1)(c) of the UK GDPR:
- Contractual necessity: Processing is required to fulfil the contract with the user, including bookings, payments, and provision of spaces.
- Legal obligation: We process data to comply with obligations under laws such as tax, accounting, and auditing regulations.
- Consent: Where explicit consent is given—for example, for marketing purposes—we will process personal data accordingly. Users may withdraw consent at any time, although this may limit access to certain services.
- Legitimate interests: We process data to pursue legitimate interests such as fraud prevention, service improvement, and enhanced security, provided these interests do not override the user’s rights and freedoms.
- Public interest: Data may be processed to cooperate with public authorities or for compliance with legal obligations in the public interest (e.g. tax investigations).
- Vital interests: In emergency situations, data may be processed to protect someone’s life or physical safety.
5. Purposes for Which Personal Data Is Used
The company collects and processes only the minimum amount of personal data necessary for the following purposes, based on one or more of the legal grounds listed above:
- Provision of services and fulfilment of contractual obligations
- Customer support and dispute resolution
- Compliance with legal and regulatory obligations
- Delivery of marketing communications, promotions, and newsletters
- Service improvement and data analytics to enhance user experience
6. Retention Period for Personal Data
The company retains personal data only for as long as necessary to fulfil the purposes for which it was collected. Once these purposes have been achieved, data is securely deleted without undue delay. However, data may be retained for a longer period under the following circumstances:
- Data required to be retained under applicable laws:
- Data will be kept for the period specified by relevant laws and regulations, such as the UK E-commerce Regulations, tax laws, etc.
- Data retained for dispute resolution, fraud prevention, or service usage records:
- Contract and billing-related records: up to 5 years
- Login records: up to 6 months
- Anonymised data:
- Once the original purpose is achieved, certain data may be anonymised (so it is no longer identifiable) and retained for statistical analysis, research, or service improvement.
- Anonymised data may be kept without a specific retention limit.
- The company regularly reviews the necessity of retaining personal data and securely disposes of any data deemed no longer necessary.
7. Disclosure of Personal Information & Use of Third-Party Services
The company works with third-party service providers to deliver its services, and personal data may be shared in accordance with applicable laws and contracts.
- Personal data is only disclosed to third parties to the minimum extent necessary for service delivery. All vendors and partners are contractually obligated to implement adequate data protection safeguards.
- When changes are made to third-party service providers, the company will provide advance notice and update this privacy policy accordingly.
- For services such as payments via Stripe, their own privacy policies and terms of service will apply. Users are responsible for reviewing these policies, and the company is not liable for how such third-party platforms process data within their systems.
| Service Provider | Service Entrusted | Personal Data Retention and Usage Period |
|---|---|---|
| Google Workspace | Hosting services, email delivery | 5 years or until the purpose is fulfilled |
| Google Maps | Display of maps and location information | Until host service termination or end of contract |
| Stripe | Payment processing and settlement | During the period of service use and in accordance with Stripe’s privacy policy |
| Twillio | Mobile phone SMS verification | Until the purpose of verification is fulfilled |
8. Disclosure of Personal Data and In-Platform Information Sharing
Information voluntarily disclosed by users (e.g. reviews, ratings, profile details) may be made publicly available through the platform and may also be indexed by external search engines.
Such information may remain visible on the platform or through search engines for a certain period even after account deletion or a removal request. However, the company will honor deletion requests within a reasonable scope upon user request. To submit a request, please contact our policy team at office@spacecloud.city.
Users are advised to exercise caution when disclosing personal information in publicly visible areas and must be aware that such information may be accessible to an unspecified number of individuals.
The company does not share personal data externally without prior user consent, except where required by law or in response to legitimate requests by public authorities.
For convenience and improved user experience, optional information provided by users may be made visible within the service. Users are encouraged to verify any such disclosure beforehand.
Due to the nature of the service, certain personal data may be shared between parties involved in a transaction at the time of booking.
Management of third-party data sharing and processing
| Examples of Third-Party Disclosures | User Information Disclosed Within the Service |
|---|---|
| Requests from courts, investigative authorities, or through administrative orders | - Reviews and ratings submitted by guests with their consent - Space information provided by the host |
Management of Information Exchanged Between Users
| Recipient | Information Provided | Purpose of Disclosure | Retention Period |
|---|---|---|---|
| SpaceCloud Host | Booker’s name, contact details, email address, and payment information | For booking guidance and refund processing | 7 days (168 hours) after completion of use or 1 day (24 hours) after cancellation of booking |
| SpaceCloud Guest | Host’s name, contact details, space address, and email address | For using the space and receiving instructions | Deleted immediately upon completion of use or cancellation. |
9. International Data Transfers
SpaceCloud is headquartered in South Korea and operates services in multiple countries, including the United Kingdom. As a result, your personal data may be transferred to, accessed from, or processed in countries outside your country of residence in order to deliver our services.
In such cases, SpaceCloud takes all necessary measures to ensure an adequate level of data protection in accordance with Articles 44 to 50 of the UK GDPR and other relevant laws.
Although the legal frameworks of some countries to which data is transferred may differ from that of your own country, SpaceCloud implements appropriate safeguards to protect your rights and personal data. These safeguards may include the use of Standard Contractual Clauses (SCCs) and other legally recognised mechanisms.
10. Google Maps
The company uses Google Maps to provide location-related services. Please note that Google’s own Privacy Policy applies to the use of these service
11. Protecting Your Personal Information
The company implements a range of technical and organisational measures to prevent unauthorised access, data leakage, loss, or damage to your personal information. However, please be aware that no method of data transmission over the internet is 100% secure, and users should take appropriate precautions.
- Organisational safeguards: Internal data protection policies, regular staff training, and a dedicated data protection team.
- Technical safeguards: Access control for personal data, encryption of sensitive information, and the use of security software.
- Physical safeguards: Use of secure cloud storage and restricted access to sensitive information.
12. Your Rights
You have several rights regarding your personal data, including the right to access, amend, delete, and object to the processing of your data, as well as to opt out of receiving marketing communications.
You may exercise these rights by submitting a request via the company’s official email. All requests will be handled within the timeframe required by applicable law.
- Right of access: You have the right to request access to your personal data.
- Right to rectification and erasure: You can request corrections to inaccurate data or ask for your data to be deleted.
- Right to object to marketing: You may opt out of receiving marketing communications at any time.
- Right to data portability: You may request that your personal data be transferred to another service provider.
- Right to restrict processing: You have the right to request that we limit the processing of your personal data for specific purposes.
- Right to object: You can object to the processing of your personal data on certain grounds.
- Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time.
13. Third Party Websites
The SpaceCloud platform may contain links to third-party websites.
When accessing these external sites, their own privacy policies will apply, and the company accepts no responsibility or liability for their content or practices.
Users are advised to review the privacy policies of any third-party websites they visit.
14. Cookies
The company uses cookies and similar tracking technologies to improve website functionality, provide personalised content, and analyse advertising effectiveness. For more details, please refer to our Cookie Policy.
- Cookie Policy: https://www.dev.spacecloud.city/cookie-policy
15. Children’s Privacy
This service is intended for users aged 18 and over. The company does not knowingly collect information from children. Where unavoidable, parental or guardian consent is required.
16. Data Protection Registration
The company is registered with the Information Commissioner’s Office (ICO) as a data controller.
- ICO Registration Number: ZB961924
17. Amendments
This policy will take effect from 26 August 2025. Any changes will be notified at least 7 days in advance.
18. Contact
For any enquiries regarding personal data, please contact us at:
| Head Office Data Protection Team | UK Data Protection Team |
|---|---|
| Department : Head Team | Department: Policy Team |
| Email : socialjung@spacecloud.kr | Email : office@spacecloud.city |
Last updated: 26 August 2025