Privacy Policy

1. Legal Basis for Processing

We process personal data on the following legal bases:

• Consent: By signing in with Google OAuth, you consent to the collection and processing of your profile information.
• Contract performance: Processing necessary to provide the Service.
• Legitimate interests: Processing for security monitoring and service improvement.

2. Information We Collect

a) When you sign in

When you sign in with Google OAuth, we collect the following from your Google profile:

• Name
• Email address
• Profile photo URL

This information is used solely for authentication and displaying your profile within the Service.

b) Content you create

Information generated while using the Service:

• Bookmarked spots, streets, and cities

c) Automatically collected data

Information collected automatically when you access the Service:

• IP address
• Browser type and version
• Access date and time
• Pages visited and search queries

Server logs are used only for security monitoring and service maintenance, and are automatically deleted after 90 days.

3. How We Use Your Information

• Authenticating your identity and providing access to the Service
• Displaying your profile within the Service
• Storing and retrieving your bookmarks
• Security monitoring and service maintenance
• Analyzing usage statistics and improving the Service
• Responding to your inquiries and support requests

4. Retention

• Account data: retained while your account is active; permanently deleted upon account deletion.
• Server logs: retained for 90 days, then automatically deleted.
• Data required to be retained by applicable law is kept for the period specified by that law.

5. Third-Party Sharing and Sub-processors

We do not sell your personal data. We share data only with the following sub-processors required to operate the Service:

We may also disclose data when required by law or valid legal process.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your own:

• Supabase: data is stored on servers located in the United States.
• Google: authentication data is processed on Google’s global infrastructure.

These transfers are necessary to provide the Service. Appropriate safeguards are in place in accordance with applicable data protection law.

7. Cookies and Local Storage

We do not use cookies for tracking or advertising. We use browser local storage to store:

• Authentication tokens
• User preferences (e.g., theme)

This data is strictly necessary to provide the Service and is not used for advertising or analytics. Authentication tokens are deleted when you sign out.

8. Security

• All data in transit is encrypted with HTTPS/TLS
• Secure API access via authentication tokens (JWT)
• Row-level security (RLS) policies to isolate data between users
• Database access restricted to the application server only

9. Your Rights

You have the following rights regarding your personal data:

• Access: View your information at any time within the Service.
• Deletion: Permanently delete all your data by deleting your account.
• Withdrawal of consent: Withdraw your consent by deleting your account.

To exercise these rights, use the relevant features in the Service or contact us at jepilyun@gmail.com. We will respond within 10 business days.

10. Children’s Privacy

The Service is not directed at children under 14. We do not knowingly collect personal data from anyone under 14. If you believe a child under 14 has provided us with personal data, please contact us at jepilyun@gmail.com and we will delete it promptly.

11. Data Breach Response

In the event of a personal data breach, we will:

• Notify affected users by email within 72 hours of becoming aware of the breach
• Report to relevant authorities as required by applicable law
• Provide details including the nature of the breach, types of data affected, approximate number of individuals affected, and remediation measures taken

12. Privacy Contact

13. Changes to This Policy

We may update this Privacy Policy from time to time. For significant changes, we will provide at least 7 days’ notice via an in-service announcement. Continued use of the Service after the effective date of any update constitutes acceptance of the revised Policy.