Privacy Policy
Effective Date: May 23, 2026
Data Controller: DongHyuck Yang
DongHyuck Yang ("we," "us," or "our") respects your privacy and is committed to protecting your personal data in compliance with applicable data protection laws, including the Korean Personal Information Protection Act (PIPA).
1. Information We Collect
[Required Information]
- Social login identifier: unique ID from your Google, Apple, or Kakao account
- Device identifier: a UUID generated by the app
- Platform information: operating system (Android/iOS)
[Optional Information]
- Push notification token (when you enable notifications)
- Fortune-reading summary: for Saju, daily fortune, compatibility, tarot, and similar readings, a non-identifying summary derived from your Saju profile (five-elements distribution, day-master, luck keywords, daily score, etc.), or the dream text you type, or the names of the tarot cards you draw, sent to the Google Gemini API (no birth dates, names, or other identifying information is sent)
- Face/palm reading photos: for face reading and palm reading, a photo of your face or palm that you take or select, relayed through our server to the Google Gemini API (immediately deleted after analysis, not stored on our servers or by Google)
- Language preference (when changed in app settings)
- Feedback content and contact info (when you submit feedback)
[Automatically Collected]
- Access logs: login/logout timestamps, IP address, device info (retained for 3 months per the Protection of Communications Secrets Act)
- Error diagnostic logs: error messages, stack traces, OS version, app version, screen info
- Advertising data: advertising ID, device info, and ad interaction data via Google AdMob
- IP address: automatically collected by server infrastructure when submitting feedback
Note: Your Saju profile stays on your device
The Saju profile you enter (name, birth date and time, gender, birthplace, etc.) is stored only in the on-device database (SQLite) and is never transmitted to our servers. For fortune readings, only a non-identifying summary derived from this profile (five-elements distribution, day-master, luck keywords, etc.) is sent to Google Gemini to generate the reading; no birth dates, names, or other identifying information is sent. For face and palm readings, the photo you select is temporarily relayed through our server to Google Gemini for analysis, then deleted immediately after analysis and never stored on our servers.
⚠ Photo Upload Notice
For face and palm readings, only upload photos of your own face or palm, or those of a person who has duly authorized you. Do NOT upload photos containing sensitive personal information such as ID cards, passports, or financial documents. Any risk of personal data exposure resulting from uploading photos containing sensitive information lies with the user.
2. How We Use Your Information
- Account creation, authentication, and management
- Providing fortune readings (Saju, compatibility, date selection, dream interpretation, tarot, face reading, palm reading)
- Sending push notifications
- Error detection and service stability
- Displaying advertisements
- Responding to support inquiries
3. Data Retention
- We delete all server-side personal data immediately upon account deletion. Linked social login (Google, Apple, Kakao) app connections are also revoked.
- Feedback data is retained for 1 year from submission, then deleted.
- Error diagnostic logs are retained for 6 months from collection, then automatically deleted.
- Access logs (login/logout timestamps, IP address, device info) are retained for 3 months as required by the Protection of Communications Secrets Act, then automatically deleted. Access logs are retained for the full 3-month period even after account deletion.
4. Third-Party Sharing
- We do NOT sell your personal information.
- We do NOT share your data with third parties except when you give explicit consent, when required by law or legal process, or with service providers (see Section 5).
5. Service Providers (Data Processing Delegation)
We delegate personal data processing to the following service providers to operate Name Lab:
- Supabase (USA): Database hosting — Data delegated: user account info, consent records, access logs / Retention: deleted immediately upon account deletion (access logs retained 3 months)
- Cloudflare (USA): Server infrastructure — Data delegated: authentication session tokens, fortune-reading processing requests / Retention: deleted immediately after processing
- Expo (USA): Push notification delivery — Data delegated: push tokens, device identifiers / Retention: previous tokens deleted upon renewal
- Google / Apple / Kakao: Social login authentication — Data delegated: OAuth authentication tokens / Retention: app connection revoked upon account deletion
- Google AdMob (USA): Advertisement delivery — Data delegated: advertising ID, device info / Retention: per Google's data retention policy
- Google Gemini (USA): fortune readings — Data delegated: non-identifying reading summary text, dream text, tarot card names, face/palm photos / Retention: deleted immediately after analysis, not stored on our servers or by Google
All service providers are supervised to process personal data securely in accordance with applicable data protection laws. We have executed Data Processing Addendums (DPAs) with each provider, and Google Cloud Data Processing Addendum applies to all Google services. For overseas data transfers, users are notified herein, and the above providers maintain appropriate technical and organizational security measures.
6. Cross-border Data Transfer
Pursuant to Article 28-8 of the Korean Personal Information Protection Act (PIPA), we transfer personal data overseas as follows for the provision of our Service:
| Recipient | Country | Data Transferred | Purpose | Retention |
| Google LLC (Gemini) | USA | Non-identifying reading summary text, dream text, tarot card names, face/palm photos | fortune readings | Deleted immediately after analysis |
| Supabase Inc. | USA | Account info, consent records, access logs | Database hosting | Deleted upon account deletion (access logs: 3 months) |
| Cloudflare Inc. | USA | Auth tokens, reading requests | Server infrastructure | Deleted immediately after processing |
| Expo Inc. | USA | Push tokens, device identifiers | Push notifications | Deleted upon token renewal |
| Google LLC (AdMob) | USA | Advertising ID, device info | Ad delivery | Per Google's retention policy |
We implement the following safeguards for cross-border data transfers:
- All data is encrypted in transit using HTTPS/TLS.
- Google Cloud Data Processing Addendum (CDPA) applies, ensuring transferred data is not used for model training.
- Data Processing Agreements (DPAs) have been executed with each recipient.
- You may refuse consent to cross-border transfers; however, refusal may limit access to certain features such as fortune readings.
7. Data Destruction
Personal data whose purpose of collection has been achieved shall be destroyed without delay.
- Electronic files are deleted using methods that make recovery impossible.
- Face/palm photos relayed through our server for a reading are deleted immediately after analysis and are not stored on our servers.
8. Your Rights
You have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Request restriction of processing
- Withdraw consent at any time
Exercise these rights via Settings > Account in the app.
9. Data Security
- Encryption of sensitive data at rest and in transit (TLS/HTTPS)
- Minimal access controls with admin API access logging
- Biometric data processed locally on-device only (never sent to servers)
10. Children's Privacy
The Service is not directed at children under 14. We do not knowingly collect personal information from children under 14. If we become aware that personal information of a user under 14 has been collected, we will promptly delete it.
11. Cookies
As a mobile application, Name Lab does not use web cookies.
Affiliate Marketing (Coupang Partners)
As part of the Coupang Partners program, the service displays affiliate product links on some screens and may earn a commission through them. Only the product search keyword is sent to Coupang; no personally identifiable information about the user is transmitted. Responsibility for sales, shipping and refunds lies with Coupang and the respective sellers, and prices and stock may differ from real time. For Coupang's handling of personal data, please refer to the Coupang Privacy Policy (privacy.coupang.com).
12. Data Protection Officer
For privacy inquiries, please use the in-app feedback feature.
- Officer: DongHyuck Yang
- Email: n016yoyo@gmail.com
13. Remedies for Rights Infringement
For privacy complaints in Korea, you may contact the following organizations:
- KISA Privacy Center (privacy.kisa.or.kr / 118)
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
- Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / 1301)
- National Police Agency Cyber Bureau (ecrm.police.go.kr / 182)
14. Changes to This Policy
We may update this Policy and will notify you through the app before changes take effect.