The Operator processes personal information for the following purposes only, and not for any other purpose:
(1) Received from external authentication providers at sign-up
The Operator receives information only within the scope consented to by the user from external authentication providers ("SSO Providers") such as Apple, Google, and Kakao.
(2) Information voluntarily entered or created by the user
Nickname, username, bio, profile picture, region, reviews (star rating, text, photos), comments, direct messages, search queries, bookmarks, follow relationships, block and report records, notification settings.
(3) Automatically collected information
IP address, access time, OS version, device model, app version, device identifiers, push tokens, crash logs, service usage records.
Only when the user explicitly grants location permission, the user's current GPS coordinates are processed temporarily for the sole purpose of sorting nearby restaurant search results, and are not stored separately after the response is returned. Location coordinates that the user voluntarily registers (e.g., to reviews or wishlist items) are stored as part of that content. The user may revoke location permission at any time through their operating system settings.
The Operator retains personal information until the purpose of processing is achieved or until the user withdraws membership, at which point it is destroyed without delay. However, where applicable law requires retention for a certain period, the information is retained for the period required by such law.
The Operator processes personal information only within the scope of the purposes set forth in Article 1, and does not regularly provide personal information to third parties. The Operator does not sell personal information to any third party.
However, the Operator may provide personal information to the minimum extent required by applicable law in the following cases: when the data subject has given separate consent; when required by law or to comply with legal obligations; when requested by investigative authorities through lawful procedures; or when urgently necessary to protect the life, body, or property of the data subject or a third party.
The Operator entrusts the processing of personal information as follows for the smooth provision of the Service. Any changes to the entrusted business or trustees will be disclosed through this Policy.
| Trustee | Entrusted Business |
|---|---|
| Supabase Inc. | Authentication, database, file storage |
| Google LLC (Firebase) | Push notifications, crash logs, usage analytics |
| Functional Software, Inc. (Sentry) | Error diagnostics and performance monitoring |
| Apple Inc. | Push notifications (APNs), Apple Sign in authentication |
| Google LLC | Google Sign-In authentication, Google Maps |
| Kakao Corp. | Kakao Login authentication, Kakao Map |
| NAVER Corp. | Restaurant search API |
Some of the trustees are located overseas, and personal information may be transferred internationally to the extent necessary for service operation. By agreeing to this Policy, the user is deemed to have consented to such international transfers. When entrusting personal information processing, the Operator stipulates necessary protective measures in contracts in accordance with PIPA Article 26.
Data subjects may exercise the following rights against the Operator at any time:
Rights may be exercised through the relevant in-app menu or by emailing the Operator. The Operator processes such requests in accordance with applicable law. The Operator may take reasonable steps to verify the identity of the requester.
However, the exercise of rights may be restricted where required by law, where there is a risk of unjustly infringing on the life, body, property, or other interests of others (e.g., messages sent to the user by other users, report contents created by other users), or where retention is required until the conclusion of dispute proceedings involving content that has been reported by others.
The Operator destroys personal information without delay when the retention period has expired or the purpose of processing has been achieved. Electronic files are deleted or anonymized in a manner that prevents restoration, and backup copies are sequentially deleted according to the backup retention cycle.
Upon withdrawal of membership, identifying information is immediately anonymized. Data that is combined with interactions of other users (e.g., posts on which other users have commented) may be retained in anonymized form to protect the rights of other users and to maintain the integrity of the Service.
The Operator takes the following measures in accordance with PIPA Article 29:
The Operator implements commercially reasonable protective measures at the level required by applicable law. However, due to the nature of the Internet as a medium, the Operator cannot guarantee absolute safety against all risks. This provision shall not be construed as exempting or limiting any obligation or liability of the Operator as required by law.
The Operator does not operate its own cookies, but uses automatic identifiers such as push tokens and device identifiers. Trustees may use anonymous identifiers within their own SDKs. Users may refuse such automatic collection through their operating system settings or in-app notification settings, although doing so may limit some Service features.
The Operator does not accept membership registration from children under the age of 14, and if it is confirmed that a child under 14 has registered through improper means, the Operator will immediately destroy the account and related personal information.
The Service is a social networking service in which users directly post or transmit content (reviews, comments, photos, direct messages, etc.).
The Operator designates the following Personal Information Protection Officer to oversee personal information processing and to handle data subject inquiries and complaints:
Data subjects may contact the above for inquiries, and the Operator will respond and act without delay.
Data subjects may contact the following institutions for consultation and remedy regarding personal information infringement:
All disputes arising in connection with this Policy shall be governed by the laws of the Republic of Korea, and the court of first instance jurisdiction shall be the Seoul Central District Court. However, mandatory consumer protection rights guaranteed under applicable law shall not be limited by this provision.
The Operator may amend this Policy in response to changes in law, policy, or security technology. Such amendments will be announced on this page at least 7 days before the effective date. Amendments that materially affect data subjects' rights or obligations will be announced at least 30 days in advance, and separate consent will be obtained from data subjects for matters requiring such consent under PIPA. For amendments that take effect through mere notice, a user who continues to use the Service without expressing objection by the effective date is deemed to have agreed to the amended Policy.
The previous version of this Policy (effective October 24, 2023) shall cease to be effective as of the effective date of this Policy (May 29, 2026).
Supplementary Provision
This Policy is effective from May 29, 2026.