Tarot Sinbak Privacy Policy

Last Updated: 2025-10-29

Tarot Sinbak (hereinafter referred to as "Company" or "Service") complies with relevant laws such as the Personal Information Protection Act, and collects and uses user personal information minimally and protects it safely. This policy is written on the premise of the current service scope without login or membership registration functions.

1. Scope of Application

This policy applies to all Tarot Sinbak services provided through mobile apps such as Android/iOS. When navigating to websites or third-party services, the policies of each service may apply.

2. Items of Personal Information Processed and Collection Methods

Tarot Sinbak operates without account creation or login, and processes only the following items minimally.

2.1 Based on User Input (Optional, for Functional Purposes)

  • Date of Birth, Gender: Personalization of reading results (daily fortune, etc.)
    • Storage Form: Processed locally on device in principle, no server transmission or storage
    • Retention Period: Until app deletion or user reset (when stored locally)
  • Language/Region Settings: Providing multilingual UI
    • Storage Form: Device settings reference or in-app preferences

2.2 Automatically Collected Items (Service Stabilization & Quality Improvement)

  • Device Information (OS version, app version, device model, etc.)
  • Error and crash logs (stack trace on app crash, using Firebase Crashlytics)
  • Network status information (connection type, etc., for diagnostic purposes)
  • Push token (for sending push notifications such as daily fortune using Firebase Cloud Messaging) - token use and storage cease when notifications are turned OFF
  • Advertising Identifier (AAID/IDFA): For providing personalized advertising (using Google Mobile Ads)
    • Android: AAID (Google Advertising ID)
    • iOS: IDFA (Identifier for Advertisers)

3. Purpose of Processing

  • Providing and personalizing tarot reading functions (calculations based on date of birth/gender, etc.)
  • Improving service quality and analyzing errors (app stabilization, incident response)
  • Providing essential announcements and optional push notifications (daily fortune, etc., controlled by notification settings)

4. Retention and Destruction

  • Server Storage Principle: Sensitive personalization inputs such as date of birth/gender are not stored on servers.
  • Local Data: Stored and processed only on user devices, destroyed upon app deletion or reset.
  • Logs/Push Tokens: Destroyed without delay upon purpose achievement.
    • Error and crash logs: Automatically destroyed after a maximum of 90 days on Firebase Crashlytics
    • Push tokens: Destroyed upon notification deactivation or app deletion
  • Retained for the required period when there is a separate legal obligation to retain.

5. Third-Party Provision and Processing Delegation

Third-Party Provision: Not provided in principle.

Processing Delegation: May be delegated only when necessary for service operation, and the trustee, delegated work, and retention/use period are disclosed and management/supervision is performed.

Delegation Status and Overseas Transfer

TrusteeDelegated WorkTransfer CountryTransfer ItemsRetention/Use Period
Google LLC (Firebase Crashlytics)App crash reporting and error analysisUnited StatesDevice information, error logs, stack tracesMaximum 90 days
Google LLC (Firebase Cloud Messaging)Push notification deliveryUnited StatesPush tokens, device informationUntil notification deactivation or app deletion
Google LLC (AdMob)Advertising service provisionUnited StatesAdvertising identifier (AAID/IDFA), device information, ad impression/click informationAccording to advertising policy

6. User Rights

Users can exercise the following rights.

In-App Settings

  • Refuse notification reception: App bottom menu > Settings (⚙️) > App section > "Push Notifications" toggle
  • Manage local data: Personalization inputs such as date of birth/gender can be modified at any time on the settings page
  • App deletion: All local data stored on the device is automatically deleted when the app is deleted

Personal Information Management Requests

You can request the inspection, correction, deletion, and processing suspension of personal information from the Company, and the Company will take action without delay as prescribed by law.

7. Protection of Children's Personal Information

Tarot Sinbak recommends use for ages 14 and above. The Company does not intentionally collect personal information of children under 14, and will destroy it without delay if such facts are recognized.

8. Security Measures

The Company applies the following protective measures.

  • Minimal processing of personal information and principle of no server storage (personalization inputs are processed locally)
  • HTTPS Communication: All network communication is encrypted with TLS/SSL
  • Token encryption storage: Authentication tokens are encrypted and stored on devices via flutter_secure_storage
  • Log minimization: In production environment, only logs of Warning level or higher are collected, and sensitive information is not logged
  • Access control: Minimization of log and personal information access rights and internal inspection
  • Trustee management/supervision: Contractual security obligations imposed and regular management/supervision performed

9. Cookies and Similar Technologies

Due to the nature of mobile apps, web browser cookies are not used. However, advertising identifiers (AAID/IDFA) are utilized for providing advertising services.

How to Disable Personalized Advertising

Users can limit personalized advertising through OS settings.

Android (AAID Management)

  1. Open Settings app
  2. Google > Ads (or Privacy > Ads)
  3. Enable "Opt out of Ads Personalization"

iOS (IDFA Management)

  1. Open Settings app
  2. Privacy > Tracking
  3. Disable "Allow Apps to Request to Track"
  4. Or deny tracking permission per individual app

※ Even if you limit personalized advertising, ads will continue to be displayed, but non-personalized general ads will be provided.

10. Privacy Protection Officer and Contact

If you have any privacy-related inquiries, please contact us through the GitHub Issues above and we will respond promptly.

Privacy Infringement Remedy and Consultation

Users can request remedy consultation for privacy infringement through the following organizations.

  • Privacy Infringement Report Center: (Without area code) 118 / www.privacy.go.kr
  • Personal Information Dispute Mediation Committee: (Without area code) 1833-6972 / www.kopico.go.kr
  • Supreme Prosecutors' Office Cybercrime Investigation Unit: (Without area code) 1301 / www.spo.go.kr
  • National Police Agency Cyber Safety Bureau: (Without area code) 182 / cyberbureau.police.go.kr

11. Notification Obligation

This policy may be revised according to changes in laws and services, and revision details will be announced through app notices or front page notifications. Important changes will be announced 7 days before implementation.

Addendum

  • Announcement Date: 2025-10-29
  • Effective Date: 2025-10-29