Privacy Policy
Effective Date: 2025-12-18
1. Information We Collect
We collect the following types of personal information to provide our AI-powered diary service:
- Account Information: Name (or Nickname), email address, profile picture, and user ID provided by authentication providers (e.g., Google, Supabase Auth). Note: We do not store raw passwords; they are securely managed by our authentication provider.
- Service Usage Data: Diary text entries, AI-generated images, date and time of entries, mood data, device information, access logs, cookies, and IP address.
- Payment Information: Transaction history, order IDs, and payment method used. Important: We do not store full credit card numbers or bank account details. All financial transactions are processed securely by our payment processors (Toss Payments, PayPal).
2. Purpose of Data Use
We use personal information for the following specific purposes:
- To provide, operate, and maintain the "Picture Diary" service.
- To generate artwork: Your text entries are processed by AI models (Google Vertex AI) solely for the purpose of creating your diary images.
- To manage user accounts and authentication.
- To process payments and refund requests.
- To detect and prevent fraudulent activity (security).
- To comply with applicable laws and regulations.
3. Data Retention
We retain personal information only as long as necessary:
- Account & Service Data: Retained until you delete your account or request deletion. Upon deletion, data is removed from our live databases immediately (or within 30 days depending on backups).
- Payment Records: Retained for 5 years to comply with tax and financial regulations (e.g., Electronic Financial Transactions Act).
- Server Logs: Retained for 1 year for security monitoring and analytics.
4. Sharing and Outsourcing (Third-Party Processors)
We do not sell your personal data. To provide our service, we entrust specific data processing tasks to the following trusted third-party vendors:
| Vendor | Purpose | Country |
|---|---|---|
| Supabase | Database, Authentication, Storage | USA / Singapore |
| Google Cloud (Vertex AI) | AI Image Generation | USA / Global |
| Vercel | Web Hosting & Edge Network | USA |
| Toss Payments | Payment Processing (Korea) | South Korea |
| PayPal | Payment Processing (Global) | USA / Global |
5. User Rights
Depending on your location (including GDPR for EU, CCPA for California, and PIPA for Korea), you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your account and all associated data ("Right to be Forgotten").
- Withdraw Consent: Withdraw consent for data processing at any time.
- Portability: Request your data in a structured, machine-readable format.
To exercise these rights, please contact us at the email provided below.
6. Security Measures
We implement robust technical and organizational measures to protect your data:
- Encryption: All data in transit is encrypted via TLS/SSL (HTTPS). Data at rest in our database is encrypted.
- Access Control: Strict Row Level Security (RLS) policies ensure only you can access your private diary entries.
- Minimal Access: Only authorized personnel have access to system logs for maintenance purposes.
7. Data Protection Officer (Contact)
If you have any questions about this Privacy Policy or your data, please contact:
8. Policy Updates
We may update this Privacy Policy to reflect changes in our service or legal obligations. Significant changes will be notified via the website or email. The latest version will always be available on this page.