PLOPI Privacy Policy

1. Information We Collect

Category	Examples	Purpose
Account Information	Social login identifier, email address, nickname, profile image, account status, registration, withdrawal, suspension, and restriction records	User authentication, account management, and fraud prevention
User Content	Entries, photos, attachments, creation, edit, and deletion times, diary participants, invite, acceptance, rejection, preservation, and deletion status, and voice content or related metadata if such features are provided and the user uploads or enters the information	Providing diary, invitation, sharing, preservation, and deletion features
Purchase Information	App marketplace transaction IDs, order or receipt identifiers, product IDs, subscription status, trial, discount, renewal, cancellation, refund, revocation, restoration, entitlement, and access records	Verifying purchases, managing subscriptions and entitlements, and processing refund, cancellation, revocation, and restoration events
Support and Reports	Inquiry or report content, category, attachments, response history, reported content or account information, contact details, app version, platform, OS, device model, language or region setting	Customer support, rights reports, dispute response, and user protection
Device Information	IP address, User-Agent, device model, OS version, app logs, advertising identifiers where permitted by law, platform policy, and user settings, push notification tokens, notification settings and delivery records, crash logs, analytics data	Security, analytics, personalized features, service stability, and abuse prevention

Paid products, including PLOPI PASS and stickers, are processed only through supported app marketplace in-app purchases such as Apple App Store or Google Play. We do not collect or store full card numbers, bank account numbers, payment passwords, or similar direct payment credentials.

Entries and uploaded content are controlled by users and may include sensitive information, so users should avoid uploading sensitive personal information unless necessary.

2. How We Use Information

To provide and operate the Service
To authenticate users and manage accounts
To provide diary creation, invitation, sharing, preservation, and deletion features
To process subscriptions, purchases, refunds, cancellations, and entitlement restoration
To handle support inquiries, rights reports, disputes, notices, and important change notifications
To improve app performance, analyze errors, and improve service quality
To provide AI-based content analysis, automated recommendations, or personalization only if such features are offered and only to the extent necessary for those features
To analyze aggregated or de-identified statistical data that cannot reasonably identify a user
To prevent fraud, abuse, rights infringement, misuse of paid content, and unauthorized access

We will provide separate notice or obtain consent where a new purpose or applicable law requires it. We do not use entry content to train AI models without separate notice or consent.

2-1. Paid Content Protection and Security Logs

To prevent unauthorized access, bulk downloading, redistribution, and other abuse of paid sticker files, the Company may process the following information.

Information Processed	Purpose	Retention
User identifier, sticker code, download ticket or session ID, request time and result, event type, download completion status, and byte length	Verifying purchases or entitlements, providing downloads, troubleshooting, detecting abuse, and operator review	Security events are retained for up to 180 days
User-specific fingerprint or watermark identifier, one-way hashes of IP address and User-Agent, rate limit records, automatic block records, manual suspension reasons, and review history	Tracing unauthorized sharing of paid files, blocking repeated abnormal access, handling objections, and responding to disputes	Request block records are retained for 30 days after expiration; account restriction and review records are retained as necessary for operational audit and dispute response

Where reasonably possible for security purposes, the Company uses one-way hashes instead of raw IP addresses and User-Agent values. The information above is used only for paid content protection and Service security.

3. Service Providers

Provider	Countries	Purpose
Google Firebase	United States and other countries where Google operates infrastructure	Authentication-related integration, push notifications, analytics, crash logging, and processing of device, app, log, and Push Token information
Supabase	United States and other countries where Supabase operates infrastructure	Database management, backend services, file storage, and processing of account, diary, entitlement, support, and service log data
Apple App Store / Google Play	United States and other countries where each app marketplace provider operates infrastructure	In-app purchase, subscription, refund, cancellation, restoration, and entitlement processing
Kakao, LINE-related providers	Korea, Japan, and other countries where each provider operates infrastructure	Social login identifier and profile processing

4. Sharing of Information

We do not sell your personal information. We may share information only with your consent, to comply with legal obligations or lawful requests, to protect users, rights, safety, security, and the Service, or with trusted service providers acting on our behalf.

5. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy.
Some information may be retained longer where required for legal compliance, dispute response, security, settlement, protection of another user’s rights, or service operation.

Item	Retention Standard
Purchase and contract records	For periods required by applicable e-commerce, tax, accounting, consumer protection, app marketplace, and dispute laws or policies
Access logs	For the period required by applicable telecommunications or security laws, generally 3 months where Korean law applies
Entry content	According to the diary status and entry preservation/deletion rules in the Terms of Service. A shared diary may not be fully deleted immediately solely because one user deletes an account or removes the diary from that user’s archive.
Preserved read-only diaries	A 7-day grace period applies after preservation conversion. After the grace period, we may retain only the most recent 30 days of content and delete or de-identify older content.
Push Tokens	Until logout, account deletion, token revocation, app reinstallation, or when the token is reasonably determined to be invalid

If both diary participants delete a shared diary, the diary may be fully deleted, subject to records required for legal, dispute, security, or operational reasons. Backups and system logs may be deleted according to normal retention cycles.

6. User Rights

You may request access, correction, deletion, restriction or suspension of processing, and withdrawal of consent.
You may withdraw consent by deleting your account.
Where applicable law provides, you may request a copy or portability of your personal information.
You may contact us at support@plo-pi.com regarding privacy-related requests.

We may verify the requester’s identity and will respond as required by applicable law. Some requests may be limited where retention is required by law, security investigation, settlement, dispute response, protection of another user’s rights, or the shared nature of a diary. We are a Korea-based operator and may not be subject to every regional privacy law, but where applicable law grants rights to know, access, correct, delete, restrict, object, opt out of sale or sharing, or appeal a privacy decision, users may contact us. We do not use marketplace payment data for advertising.

7. Children’s Privacy

The Service is intended for users who are at least 14 years old and is not directed to children under 13. We do not knowingly collect personal information from children who are not eligible to use the Service. If we learn that such information has been collected, we may restrict the account, delete the account, delete related information, or take other measures required by law. Parents or guardians may contact support@plo-pi.com about a child’s information.

8. Security Measures

Restricted access to personal information
Encrypted communication and storage where appropriate
Monitoring and logging for security purposes
Use of trusted cloud infrastructure providers

No mobile or internet service can eliminate all risk. If a security incident occurs, we will take notices and measures required by applicable law.

9. International Data Transfers

Your information may be processed and stored in regions outside your country of residence, including the Republic of Korea, the United States, and Japan, where our infrastructure or service providers operate. Transfers occur through network transmission during service use or storage in provider cloud infrastructure. If you do not want such processing, you may stop using the Service or request account deletion, but essential features may not be available without required processing.

10. Changes to This Policy

We may update this Privacy Policy when laws, the Service, processing purposes, or providers change. We will notify users of material changes through the Service or another reasonable method before they take effect, and will obtain consent where required by law. Users who do not agree may stop using the Service or request account deletion.

11. Business Information and Privacy Contact

Item	Details
Operator	Beyond Imagine
Address	8 Eun-gyejungang-ro, Siheung-si, Gyeonggi-do, Republic of Korea
Privacy Officer	Representative
Privacy Contact	Customer Support
Email	support@plo-pi.com