SOFTSPELL Inc. (the "Company") respects the privacy of its users and complies with the Personal Information Protection Act of the Republic of Korea, the EU General Data Protection Regulation (GDPR), and applicable laws of the countries in which the Service is provided.
1. Personal Data Collected and Purpose
| Data Collected | Purpose | Retention Period |
|---|---|---|
| Email address | Account registration, login, service notifications | 30 days after account deletion |
| Date of birth, birth time, gender | AI fortune and Four Pillars content generation | Deleted immediately upon account deletion |
| Payment information | Processing paid service payments | Handled by Paddle Inc. (not retained by Company) |
| Service usage logs, access logs, IP address | Service operation, security, abuse prevention | 3 months |
| Language settings, device and browser information | Multilingual service optimization and UX improvement | 1 year |
2. Sharing Personal Data with Third Parties
As a general principle, the Company does not share users' personal data with external parties. Exceptions include:
- Paddle Inc.: Minimum necessary information provided for payment processing (email address, purchase details)
- Lawful requests from law enforcement pursuant to applicable legislation
- Cases where the user has given explicit prior consent
3. Data Processing Sub-processors
| Sub-processor | Processing Activity | Location |
|---|---|---|
| Paddle Inc. | Payment processing, subscription management, tax handling | UK / US |
| Supabase | User data storage (PostgreSQL) | US |
| Upstash | Session cache, API response cache (Redis) | US |
| Railway | API server hosting (NestJS) | US |
| Vercel | Frontend hosting and CDN (Next.js) | US (Global Edge) |
| Cloudflare | DNS, DDoS protection, SSL | US (Global) |
| Google (Gemini API) | AI fortune content generation | US |
| Anthropic (Claude API) | AI chat, fallback fortune generation | US |
4. AI Content Generation and Personal Data
- Date of birth, birth time, and similar data entered by users are used solely for generating AI fortune results.
- This data is transmitted to Google Gemini API and Anthropic Claude API, and the respective provider's data processing policies apply.
- Input data is not used to train AI models and is not used for third-party advertising purposes.
- Data may be temporarily stored in Upstash Redis cache and is automatically deleted upon TTL expiry.
5. International Data Transfers (GDPR Users)
Personal data of EU/EEA residents may be transferred to third countries such as the United States. In such cases, the Company ensures compliance with GDPR requirements through Standard Contractual Clauses (SCCs) or other appropriate safeguards.
6. User Rights
- Right to access, rectify, or delete personal data
- Right to restrict processing of personal data
- Right to data portability (GDPR users)
- Right to withdraw from the Service and request full data deletion
To submit a request: privacy@myohan.app or via Settings in the Service.
Response time: within 10 business days of receiving the request.
7. Cookies and Analytics
The Service may use Vercel Analytics, Cloudflare Web Analytics, and similar tools to improve the user experience. You may refuse cookies through your browser settings; however, some features may be limited as a result.
8. Security Measures
- One-way encryption of passwords (bcrypt, etc.)
- HTTPS (TLS 1.2 or higher) for all data in transit
- Database access control via Supabase Row Level Security (RLS)
- Private network communication between the API server and the database
- Minimization of personal data access privileges with access logging
9. Data Protection Officer
SOFTSPELL Inc.
📧 privacy@myohan.app
10. Policy Changes
If this Policy is amended, users will be notified via an in-service announcement at least 7 days prior to the change. For significant changes, individual notification by email will be provided.