Privacy Policy

Effective Date: March 8, 2026
Data Controller: DongHyuck Yang

DongHyuck Yang ("we," "us," or "our") respects your privacy and is committed to protecting your personal data in compliance with applicable data protection laws, including the Korean Personal Information Protection Act (PIPA).

1. Information We Collect

[Required Information]

Social login identifier: unique ID from your Google, Apple, or Kakao account
Device identifier: a UUID generated by the app
Platform information: operating system (Android/iOS)

[Optional Information]

Push notification token (when you enable notifications)
Receipt images (temporarily sent for OCR processing, immediately deleted after)
AI image analysis: receipt images you capture or select, sent to Google Gemini API for automatic food recognition (immediately deleted after analysis, not stored on our servers or by Google)
Language preference (when changed in app settings)
Feedback content and contact info (when you submit feedback)

[Automatically Collected]

Access logs: login/logout timestamps, IP address, device info (retained for 3 months per the Protection of Communications Secrets Act)
Error diagnostic logs: error messages, stack traces, OS version, app version, screen info
Scan failure logs: OCR method, confidence score, duration (collected only on failure)
App analytics: usage events, session info, and device info via Google Firebase Analytics
Advertising data: advertising ID, device info, and ad interaction data via Google AdMob (non-personalized ads only)
IP address: automatically collected by server infrastructure when submitting feedback

Note: On-Device Storage
Food data (product names, brands, expiry dates, storage methods, images, memos) and consumption history are stored only in the on-device database (SQLite). However, when AI image analysis consent is granted, images are temporarily relayed through our server to Google AI (Gemini) and deleted immediately after analysis.

⚠ Image Upload Notice
This Service processes only receipt and food images. Do not upload images containing sensitive personal information such as ID cards, passports, or financial documents. Any risk of personal data exposure resulting from uploading images containing sensitive information lies with the user.

2. How We Use Your Information

Account creation, authentication, and management
Providing receipt/food image recognition (OCR) service
Sending expiry reminders and push notifications
Error detection and service stability
Service improvement through analytics
Displaying advertisements (non-personalized)
Responding to support inquiries

3. Data Retention

We delete all server-side personal data immediately upon account deletion. Linked social login (Google, Apple, Kakao) app connections are also revoked.
Feedback data is retained for 1 year from submission, then deleted.
Error diagnostic logs and scan failure logs are retained for 6 months from collection, then automatically deleted.
Access logs (login/logout timestamps, IP address, device info) are retained for 3 months as required by the Protection of Communications Secrets Act, then automatically deleted. Access logs are retained for the full 3-month period even after account deletion.

4. Third-Party Sharing

We do NOT sell your personal information.
We do NOT share your data with third parties except when you give explicit consent, when required by law or legal process, or with service providers (see Section 5).

5. Service Providers (Data Processing Delegation)

We delegate personal data processing to the following service providers to operate Fridgi:

Supabase (USA): Database hosting — Data delegated: user account info, consent records, access logs / Retention: deleted immediately upon account deletion (access logs retained 3 months)
Cloudflare (USA): Server infrastructure — Data delegated: authentication session tokens, OCR processing requests / Retention: deleted immediately after processing
Expo (USA): Push notification delivery — Data delegated: push tokens, device identifiers / Retention: previous tokens deleted upon renewal
Google / Apple / Kakao: Social login authentication — Data delegated: OAuth authentication tokens / Retention: app connection revoked upon account deletion
Google Firebase (USA): App usage analytics — Data delegated: app events, session info, device info / Retention: per Google's data retention policy
Google AdMob (USA): Advertisement delivery — Data delegated: advertising ID, device info (non-personalized ads only) / Retention: per Google's data retention policy
Google Gemini (USA): Image OCR — Data delegated: receipt and food images / Retention: deleted immediately after analysis, not stored on our servers or by Google

All service providers are supervised to process personal data securely in accordance with applicable data protection laws. We have executed Data Processing Addendums (DPAs) with each provider, and Google Cloud Data Processing Addendum applies to all Google services. For overseas data transfers, users are notified herein, and the above providers maintain appropriate technical and organizational security measures.

6. Cross-border Data Transfer

Pursuant to Article 28-8 of the Korean Personal Information Protection Act (PIPA), we transfer personal data overseas as follows for the provision of our Service:

Recipient	Country	Data Transferred	Purpose	Retention
Google LLC (Vertex AI/Gemini)	USA	Receipt and food images	AI OCR (text & food info recognition)	Deleted immediately after analysis
Supabase Inc.	USA	Account info, consent records, access logs	Database hosting	Deleted upon account deletion (access logs: 3 months)
Cloudflare Inc.	USA	Auth tokens, OCR requests	Server infrastructure	Deleted immediately after processing
Expo Inc.	USA	Push tokens, device identifiers	Push notifications	Deleted upon token renewal
Google LLC (Firebase)	USA	App events, sessions, device info	App analytics	Per Google's retention policy
Google LLC (AdMob)	USA	Advertising ID, device info	Ad delivery	Per Google's retention policy

We implement the following safeguards for cross-border data transfers:

All data is encrypted in transit using HTTPS/TLS.
Google Cloud Data Processing Addendum (CDPA) applies, ensuring transferred data is not used for AI model training.
Data Processing Agreements (DPAs) have been executed with each recipient.
You may refuse consent to cross-border transfers; however, refusal may limit access to certain features such as AI image analysis.

7. Data Destruction

Personal data whose purpose of collection has been achieved shall be destroyed without delay.

Electronic files are deleted using methods that make recovery impossible.
Receipt images sent for OCR are deleted immediately after processing and are not stored on our servers.

8. Your Rights

You have the right to:

Access your personal data
Request correction of inaccurate data
Request deletion of your data
Request restriction of processing
Withdraw consent at any time

Exercise these rights via Settings > Account in the app.

9. Data Security

Encryption of sensitive data at rest and in transit (TLS/HTTPS)
Minimal access controls with admin API access logging
Biometric data processed locally on-device only (never sent to servers)

10. Children's Privacy

The Service is not directed at children under 14. We do not knowingly collect personal information from children under 14. If we become aware that personal information of a user under 14 has been collected, we will promptly delete it.

11. Cookies

As a mobile application, Fridgi does not use web cookies.

12. Data Protection Officer

For privacy inquiries, please use the in-app feedback feature.

Officer: DongHyuck Yang
Email: n016yoyo@gmail.com

13. Remedies for Rights Infringement

For privacy complaints in Korea, you may contact the following organizations:

KISA Privacy Center (privacy.kisa.or.kr / 118)
Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / 1301)
National Police Agency Cyber Bureau (ecrm.police.go.kr / 182)

14. Changes to This Policy

We may update this Policy and will notify you through the app before changes take effect.