Privacy Policy

1. Overview

CheckLab (the "Company") values the privacy of CheckLab Food service (the "Service") users and complies with applicable laws and regulations. This Privacy Policy explains what information we collect, how we use it, how we store it, and your rights.

2. Information We Collect

We may collect the following information when you use the Service:

• Account information: Email address, display name, profile photo (public profile information provided via Google Sign-In)
• Usage records: Analysis request history, credit usage records, service access timestamps
• Payment information: For paid services, payments are processed through a third-party payment service. We do not directly store sensitive payment information such as credit card numbers
• Uploaded photos: Photos uploaded for food analysis are not stored on our servers after processing

3. How We Use Your Information

Collected information is used only for the following purposes:

• Service delivery: Account management, analysis features, storing analysis history
• Service improvement: Usage statistics analysis, quality enhancement
• Customer support: Responding to inquiries, delivering notices

We process personal information based on user consent, performance of a contract for service provision, and compliance with legal obligations.

4. Data Storage & Security

User data is stored encrypted on Supabase (AWS ap-northeast-2, Seoul region). We apply industry-standard security measures (SSL/TLS encryption, RLS policies, access controls). However, no data transmission over the internet can be guaranteed to be completely secure, and users should also take care to manage their account credentials.

5. Third-Party Services

We use the following third-party services to operate. Each service follows its own privacy policy:

• Supabase: Authentication and data storage (supabase.com/privacy)
• Google: OAuth social login (policies.google.com/privacy)
• Payment service: Details will be announced when paid services are introduced

5-1. Cross-Border Data Transfer

We may transfer personal information outside of the country for service provision as follows:

• Recipient: Supabase Inc.
• Country: United States
• Data transferred: Account information, usage records
• Purpose: User authentication and data storage
• Method: Encrypted network transmission during service use
• Retention: Until account deletion or as required by applicable law

We comply with applicable laws when transferring personal information internationally and take necessary measures to protect users' personal information.

6. Data Retention

Analysis records are retained for 30 days for free users and for as long as necessary for service provision for users with credits. When you delete your account, all personal information and analysis records are immediately and permanently deleted. Deleted data cannot be recovered.

7. Your Rights

You have the following rights:

• Request to access, correct, and delete personal information
• Request to suspend processing and withdraw consent
• Account deletion: You can request account deletion on My Page, and all data will be deleted immediately
• Inquiries: For privacy-related inquiries, please contact spazio79@gmail.com

8. Cookies & Local Storage

The Service uses cookies for maintaining authentication sessions and localStorage for tracking free usage counts for non-logged-in users. These are essential technical measures for service operation. We do not use advertising tracking cookies.

9. Children's Privacy

This Service is not intended for children under 14 years of age, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 14, we will promptly delete that information.

10. Changes to This Policy

This Privacy Policy may be updated due to changes in laws or the Service. Significant changes will be communicated through in-service notices.