1. Information We Collect
At sign-up/login β identifiers, nickname, profile image (optional), and email (when permitted) supplied by your OAuth provider (e.g. Kakao). During use β your legal name, date of birth, time of birth (optional), solar/lunar calendar indicator, friends' nicknames and birthdays, and free-text content you write (journals, oracle questions, etc.). Automatically collected β IP address, device/browser info, cookies (language, session, ads), and service-use logs (reading_logs β which feature you used and when).
2. Purpose of Collection and Use
(1) Identifying members and preventing duplicate sign-ups; (2) Generating saju and fortune content (which requires birth data and name); (3) Calling AI (LLM) APIs to produce personalized interpretations; (4) Powering social features like friend chemistry and sharing; (5) Analyzing usage patterns to improve the product (PMF measurement); (6) Showing ads and managing frequency; (7) Preventing abuse, ensuring security, and meeting legal obligations.
3. Retention and Deletion
We retain member data until you delete your account. Upon a deletion request, we permanently erase or irreversibly anonymize all identifiable data immediately or within a reasonable period (no later than 30 days). Items legally required to be preserved (e.g. e-commerce transaction records β 5 years) are kept separately for the mandated period and then destroyed. Reading_logs may be retained in pseudonymized or anonymized form for up to 2 years for statistics and product improvement.
4. Sharing and Sub-Processors
We do not share your personal data with third parties without consent. We do, however, use the following processors to operate the Service β (1) xAI Inc. (USA) β LLM calls for fortune interpretation; your birth data, name, and questions are transmitted transiently and not stored long-term; (2) Vercel Inc. (USA) β web hosting and CDN; (3) Fly.io (USA) β API hosting; (4) Google LLC (USA) β Google Analytics 4 (usage analytics) and Google AdSense (personalized advertising); (5) Kakao Corp. (Republic of Korea) β OAuth login. Each processor has its own privacy policy and is bound by our data-processing agreements.
5. Cookies, Local Storage, Analytics
We use cookies and browser local storage to improve your experience β language (oonse_lang), session state, ad-gate state (oonse.ad.*), and attendance markers. We use Google Analytics 4 to analyze pageviews and usage (with IP anonymization enabled). You may disable cookies in your browser, but some features may stop working correctly.
6. Personalized Ads
We serve ads through Google AdSense. During ad delivery, Google and its partners may use cookies, device identifiers, and IP addresses to show interest-based ads. You can disable or adjust personalized ads at https://adssettings.google.com. The rewarded-ad policy granting "stars" follows the AdSense Offerwall terms.
7. Your Rights
You may at any time (1) access, (2) correct or delete, (3) restrict processing of, or (4) delete (full account erasure) your personal data. Edit your data directly in your profile page or contact the Data Protection Officer below; we will verify identity and respond promptly. We do not knowingly collect personal data from children under 14.
8. Security Measures
We protect your data with β encryption in transit (HTTPS), database access controls, hashed/encrypted storage of sensitive credentials, regular vulnerability checks, least-privilege access, and audit logs.
9. International Transfers
Some processors listed in section 4 operate servers in the United States. They meet recognized security standards (e.g. SOC 2, ISO 27001), and we manage safeguards through processor agreements. By accepting this Policy, you consent to such international transfers.
10. Changes to This Policy
We may update this Policy as laws, services, or internal policies change. When we do, we will give in-Service notice with the reason, content, and effective date at least 7 days in advance (30 days for material changes).
Data Protection Officer β Flippers CEO (email: info@flip-ers.com). For privacy complaints or guidance, Korean residents may contact the Personal Information Protection Commission at privacy.go.kr (call 182 nationally), the Personal Information Dispute Mediation Committee at kopico.go.kr (1833-6972), or the Supreme Prosecutors' Office Cybercrime Division.