Privacy Policy
Your privacy matters. This policy explains what data we collect, why, and your rights β written in plain language as required by Korean PIPA (κ°μΈμ 보 보νΈλ²) and GDPR.
π Quick summary: We collect only what's needed for bookings. We never sell your data. You can delete your account anytime. We use Supabase (database), Toss Payments (payments), Resend (email), and OpenAI (AI translation) β that's it.
1. Data Controller
MADEINPEOPLE Co., Ltd. ((μ£Ό)λ©μ΄λμΈνΌν) β κ°μΈμ 보μ²λ¦¬μ / Data Controller
μ¬μ
μλ±λ‘λ²νΈ (Business Registration No.): 371-81-01481
Representatives: μ€λμ, μ₯λͺ
μ
Address: λꡬκ΄μμ λꡬ μ‘λΌλ‘ 78-1, 4μΈ΅
κ°μΈμ 보 보νΈμ± μμ (Privacy Officer)
- Name: λ©λ¦¬ (맀λμ )
- Email: mary@madeinpeople.co.kr
- Phone: 010-9553-1729
2. What we collect
When you sign up
- Email, name, password (hashed), country, date of birth
- Optional: phone number, profile photo, bio
- Google OAuth: email, name, profile photo (with your consent)
When you book
- Booking details (experience, dates, participants)
- Payment information (handled by Toss Payments β we only see last 4 digits and card brand)
- Special requests you provide
Automatically collected
- IP address, browser, device type (for security & analytics)
- Cookies (essential, functional, analytics β you can opt out of analytics)
3. Why we use your data
We process your data only for these purposes (legal basis: Article 15 PIPA / Article 6 GDPR):
- To provide the service β process bookings, payments, communicate with you
- Legal obligations β tax records (5 years), consumer protection (3 years)
- Security β prevent fraud, abuse, hacking attempts
- With your consent β marketing emails, newsletter, AI translation
4. Who we share data with
We share data only with these processors (κ°μΈμ 보 μ²λ¦¬μν):
- Supabase (USA) β database hosting
- Toss Payments (Korea) β payment processing
- Resend (USA) β transactional emails
- OpenAI (USA) β AI-powered translations (text only, no personal data)
- Hosts β your name, email, phone (only after booking, only for active host)
We never sell your data to third parties. Government requests handled per Korean law.
5. International transfers
Some processors are based outside Korea (USA). We use Standard Contractual Clauses (SCC) and ensure equivalent privacy protection. If you're in EU/UK, you can request more details.
6. How long we keep your data
- Account data: until you delete your account
- Bookings & payments: 5 years (Korean tax law requirement)
- Refunds: 3 years (consumer protection law)
- Marketing consent: until you unsubscribe
7. Your rights
Under PIPA and GDPR, you can:
- Access all data we have about you (download from My Page)
- Correct inaccurate data
- Delete your account (some legal records kept anonymized)
- Withdraw consent for marketing/optional uses anytime
- Object to processing
- Data portability β export in machine-readable format
- Lodge a complaint with Korean PIPC (κ°μΈμ 보보νΈμμν) at 1833-6972
To exercise these rights: email mary@madeinpeople.co.kr or use My Page settings.
8. Cookies
We use 3 types of cookies:
- Essential β login, security, cart (cannot be disabled)
- Functional β language preference, recent searches
- Analytics β usage statistics (anonymous, opt-out available)
You'll see a cookie banner on your first visit. Manage preferences anytime via the footer.
9. Children
We don't allow accounts for children under 14 (Korean PIPA Article 22). If you're 14β18, you need legal guardian consent. We don't knowingly collect data from minors without consent.
10. Security
We protect your data with:
- HTTPS/TLS encryption everywhere
- Passwords hashed (bcrypt/scrypt β we never store plaintext)
- Card data handled only by PCI DSS Level 1 processor (Toss)
- Limited employee access (role-based, audited)
- Regular security audits
11. Changes
Material changes to this policy will be notified 7 days in advance via email and website banner. Date at top shows last update.