Privacy Policy
Fotome Privacy Policy
BrainCheck values user privacy and complies with applicable privacy laws. This Policy explains how personal information is collected, used, retained, deleted, and protected when using Fotome.
1. Personal Information We Collect
Registration and Login
- Email address, name or profile name, and identifiers provided by social login providers
- Login session, authentication token, and account status information
Service Use and AI Photo Generation
- Photos, image files, filenames, file formats, and image metadata uploaded by users
- Generation settings such as gender, age range, hair color, and selected style
- Generation request history, albums, outputs, download history, and selection history
- Service logs, access time, IP address, browser and device information, and error logs
Payment and Support
- Plan name, order number, payment status, payment date, payment amount, and refund status
- Inquiry content and materials provided by users for troubleshooting
The Company does not directly store full card numbers, CVC codes, or other complete payment instrument details. Payments are processed by Polar Checkout or another external payment processor, and the Company may receive transaction information necessary for order confirmation and support.
2. Purposes of Collection and Use
- User identification, login maintenance, and account management
- AI profile photo generation, result album delivery, and download functionality
- Paid service payment confirmation, receipt confirmation, refund processing, and dispute handling
- Customer inquiry handling, error diagnosis, and service quality improvement
- Fraud prevention, security incident response, and investigation of legal or Terms violations
- Important service notices and policy update notifications
- Compliance with legal obligations and record retention requirements
3. Retention and Use Period
The Company generally deletes personal information without delay once the processing purpose has been fulfilled or the user requests account deletion. However, certain information may be retained separately for service operation, dispute handling, or legal retention obligations.
| Login records | 3 months under Korean communications privacy requirements |
|---|---|
| Display and advertising records | 6 months under Korean e-commerce consumer protection requirements |
| Consumer complaint or dispute records | 3 years under Korean e-commerce consumer protection requirements |
| Contract or withdrawal records | 5 years under Korean e-commerce consumer protection requirements |
| Payment and supply records | 5 years under Korean e-commerce consumer protection requirements |
| Uploaded Photos and Outputs | Stored only as needed for service provision and quality confirmation, and may be deleted 30 days after upload, generation, or final processing. |
4. Collection Methods
- Information directly provided by users during registration, login, photo upload, payment, and inquiries
- Authentication information provided by Google or other social login providers
- Automatically generated access records, device information, and error logs during service use
- Order and payment status information provided by Polar Checkout or another payment processor
5. User Rights and How to Exercise Them
Users may request the following regarding their personal information.
- Access to personal information
- Correction of errors
- Deletion
- Suspension of processing
Users may exercise these rights through administrator inquiry channels. The Company will verify identity and take action without undue delay in accordance with applicable laws. Users must not infringe another person's personal information or privacy in violation of privacy laws.
6. Deletion Procedures and Methods
When the processing purpose has been fulfilled, the Company deletes personal information without delay. Information subject to legal retention obligations is stored separately and deleted when the retention period ends.
- Electronic files: deleted in a way that makes recovery or reproduction difficult
- Paper documents: shredded or incinerated
7. Security Measures
- Encryption or secure handling of passwords and authentication information
- Encrypted communications such as SSL/TLS
- Access control and permission management for personal information
- Access control and security checks for servers and databases
- Security incident prevention using error logs and operation records
8. Cookies and Similar Technologies
The Company may use cookies or similar technologies to maintain login sessions, analyze service use, diagnose errors, and strengthen security. Users may refuse or delete cookies through browser settings, but some features such as login maintenance may be limited.
9. Third-Party Processing and External Services
The Company does not sell or arbitrarily disclose personal information. The Company may use the following external services as necessary for service provision, payment, security, and support.
| Supabase and cloud infrastructure | Authentication, database, file storage, and service operation |
|---|---|
| OpenAI and related AI APIs | AI photo generation and image processing |
| Polar Checkout | Payment processing, receipts, tax handling, refunds, chargebacks, and dispute handling |
| Sentry and monitoring tools | Error log collection, incident analysis, security, and quality improvement |
Information required for external services may be transferred to overseas servers. The Company takes necessary protective measures in accordance with applicable laws.
10. Children's Personal Information
Fotome is intended for users aged 19 or older. The Company does not permit users under 19 to register, pay, upload photos, or generate photos.
11. Privacy Officer and Contact
| Privacy Officer | Younghun Lee |
|---|---|
| Position | CEO |
| Contact | admin |
12. Changes to This Policy
This Privacy Policy may be amended due to changes in laws, policies, or the Service. Material changes will be announced through the website or Service before they take effect where reasonably possible.