Privacy Policy
Last updated: April 26, 2026
1. Information We Collect
We collect the following data. Account / sign-in (Google OAuth): email, name, profile image URL, Google account identifier. Account metadata: tier (Seed / Regular / VIP), join date, last sign-in. Community (comments / discussions / live chat): account or nickname information used to identify authors and manage their own posts. We never request real names, payment information, or government-issued ID.
2. Purposes of Use
Collected data is used solely for: (a) member identification and tier management, (b) tier-based content access control, (c) members' management of their own posts, (d) service stability (anti-spam, anti-abuse), and (e) responding to inquiries. Beyond ad revenue, we derive no commercial benefit and never use member data for marketing, behavioral profiling, or personalized advertising.
3. Retention Period
Member information (email, name, profile image, tier) is permanently deleted immediately upon account deletion, with no backup retained. Body content of comments and posts authored by the member may be retained in anonymized form (with author identifiers removed) for discussion continuity. Server access logs (IP / User-Agent) are retained up to 30 days for security incident response, then automatically purged.
4. Transfer of Personal Data Outside Korea
We entrust the following overseas providers with the processing of personal data: (a) Neon, Inc. — PostgreSQL hosting in AWS Singapore (ap-southeast-1), processing all member identifiers for database storage. (b) Vercel Inc. — application hosting (US headquarters, global edge network), processing member identifiers in transit during server execution. (c) Google LLC — OAuth 2.0 authentication, in the United States, processing identifiers for sign-in. Users may decline this policy; proceeding with Google sign-in constitutes consent to the international transfer above. All processors hold their own security certifications (SOC 2 Type II, etc.). The operator retains supervisory responsibility over them.
5. No Third-Party Sharing
We do not provide, sell, or trade member personal information to advertisers, data brokers, or other third parties. The processing entrustments listed in Section 4 are infrastructure entrustments necessary to operate the service and are not third-party transfers. Disclosures to law enforcement or supervisory authorities pursuant to lawful legal process may be made as required by law.
6. Automatically Collected Data
(a) Google Analytics (GA4) and Vercel Web Analytics aggregate anonymous visit statistics (page views, time on site, device, country). These are aggregate, non-identifying metrics used only to improve the site. (b) Server operation captures technical logs (IP address, User-Agent) used solely for security incident response. (c) Advertisements may be served on this site; cookies and identifiers used for ad delivery are governed by each ad provider's policy. Currently active ad provider: **Google AdSense** (cookie opt-out: adssettings.google.com). If direct sponsorships, newsletter ads, or other ad networks are introduced in the future, the provider name and opt-out path will be added here at least 7 days before the effective date, per Section 11 (Changes to This Policy). Users may opt out of personalized ads via each ad provider's settings page or by adjusting browser cookie settings; non-personalized generic ads may still appear.
7. Cookies
We use the following cookies. Strictly necessary: NextAuth login session (HttpOnly, Secure), language and theme preference. Analytics: GA4 and Vercel Analytics (anonymous). Advertising: Google AdSense (configurable in browser). Users may decline cookies via browser settings; declining strictly necessary cookies prevents sign-in.
8. Your Rights
Users may exercise the following rights at any time. Access / correction: review your data instantly on the [My Account] page. Name and profile image sync from Google on next sign-in. Deletion / withdrawal of consent: delete your account permanently and immediately via [My Account → Delete Account] — this has the same effect as withdrawing consent. Other rights (suspension of processing, etc.): contact the operator at hgkim0146@gmail.com.
9. Security Measures
(a) All traffic is encrypted via HTTPS (TLS 1.2+). (b) Database access is TLS-authenticated and direct access is restricted to the sole operator. (c) Google OAuth access and refresh tokens are cleared from the database immediately after authentication and never stored long-term because the service does not call any Google APIs. (d) Anonymous passwords for content comments and live chat are stored only as bcrypt hashes; plaintext is never recorded.
10. Data Protection Officer
Operator: haelangdal (individual). Email: hgkim0146@gmail.com. This service is a non-commercial technical demonstration project run by an individual rather than a registered legal entity. The operator personally handles all data subject requests.
11. Changes to This Policy
This policy may be updated to reflect changes in law or service operation. Updates will be posted on this page with the effective date. For material changes (new collected items, additional processors, extended retention), notice will be provided at least 7 days in advance.