Waitcle
Language

Privacy Policy - Waitcle App

Waitcle Privacy Policy Effective Date: February 4, 2026 Company: Waitcle Representative / Data Protection Officer (CPO): KIM JI MIN (CEO) Support & Privacy Contact: help@waitcle.com Business Contact: team@waitcle.com Address: 3rd Floor, Suite E53, New Center Building, 18 Jeonggak-ro, Namdong-gu, Incheon 21557, Republic of Korea 1) Scope & Compliance This Policy applies to the Waitcle application (the “App”) and its backend. We comply with applicable laws including Korea’s PIPA, GDPR/UK GDPR, and U.S. CCPA/CPRA. The Policy is presented at first run and at points of collection. 2) Data We Process & Where It Lives (1) User input / on-device data User-entered prompts and other inputs may contain personal information (e.g., date of birth). We do not use such inputs for general review, usage analytics, marketing, or model/AI training. - Request data (including prompts) is stored only within the scope of security, incident analysis, and abuse prevention, and is deleted 30 days after collection. However, when abuse is reasonably suspected or security-incident response is required, related data may be retained for up to one year. - History/Favorites/Notes: Stored only on the device (not sent to the server). (2) Feedback & quality data - Like/Dislike/Report events and report/feedback text: stored with pseudonymized identifiers for statistics and quality management, and we apply technical/organizational measures to prevent re-identification. (3) Subscription / auth, device, and logs - Firebase UID & Sign-in (Anonymous/Google/Apple): to manage Premium eligibility and service usage. - Advertising ID (AAID/IDFA), online identifiers (e.g., IP address), network information, approximate location (network-based), device/app information, and ad impression/click data: collected by Google AdMob and its mediation partners (such as Pangle, Liftoff (Vungle)) (EEA/UK require consent). Advertising may also be delivered through Google AdMob and its mediation partners (such as Pangle, Liftoff (Vungle)). The above online identifiers and basic usage data may be shared with those partners and processed under their own privacy policies. - Firebase Analytics/Crashlytics: events/diagnostics with pseudonymized identifiers for performance and stability. We do not use this to directly identify you. - Daily usage counts (usage_daily): date‑based totals and feature counts for service operation/abuse prevention, retained for 30 days. - Usage event logs: store per-call time, function name, function category, and (if applicable) plan/billing status and (if applicable) content/request identifiers. Request data (including prompts) is stored only within the scope of security, incident analysis, and abuse prevention, and is deleted 30 days after collection. However, when abuse is reasonably suspected or security-incident response is required, related data may be retained for up to one year. - Infrastructure logs: basic service logs from cloud providers are handled under their policies; we do not store or use them separately. - Security event logs: if abuse/hacking or abnormal use is suspected, related logs may be retained for up to 12 months. (4) Cloud sync & backup - Signed-in users (Google/Apple): Saved people profiles / Custom Personas / Custom Templates (e.g., name, nickname, relationship, notes, date of birth, and other user-entered content) are automatically synced to the server. (5) In-app purchases (RevenueCat / App Stores) - We process product IDs, order numbers/purchase tokens, subscription state, purchase/expiration time. We do not store payment card details. Summary transaction data is kept in server to satisfy legal retention duties. (6) What we do NOT collect - We do not collect sensitive data (health/biometric/race/religion, etc.) or precise geolocation. If features change, we will update this Policy. 3) Purposes (Legal Bases) - Contract: core functionality of the App; Premium verification (RevenueCat/Firebase). - Legitimate interests: anonymous statistics, performance improvements, error analysis. - Consent/Opt-out: personalized ads depending on region and user choice (EEA/UK require consent; see §6). - Legal obligations: record retention and dispute handling. - Legal Notice and Dispute Resolution: Retention of records for user protection, abuse prevention, and resolution of legal disputes - This processing is based on performance of our contract to provide the service and our legitimate interests in service stability and abuse prevention. - Exclusion: Collected user input data is never used as training data for artificial intelligence (AI) and machine learning models under any circumstances. - Automated decision-making: we do not use your personal data for automated decisions that produce legal/similar significant effects. - Abuse prevention and security: when necessary, we may restrict or block certain accounts/devices/networks. 4) Retention & Deletion (1) Normal usage logs (daily usage counts) are not reviewed and are used only for security. If no anomalies are found, they are automatically deleted after 30 days. (2) Only when abnormal use (abuse/hacking/unauthorized third‑party use) is reasonably suspected or a security incident is confirmed, a minimal number of personnel may review related logs as needed. (3) Security event logs related to (2) may be retained for up to 12 months for blocking measures, recurrence prevention, incident analysis, and dispute handling, and are deleted without undue delay once the purpose is achieved. - Daily usage counts (usage_daily): retained for 30 days. - Usage event logs: retained for 30 days. - Security event logs: if abuse/hacking or abnormal use is suspected, related logs may be retained for up to 12 months. - Feedback/Report events and text: retained for 7 days, then deleted (aggregate statistics may remain). - Subscription/transaction summaries: retained for the period required by tax, e‑commerce, and accounting laws, then deleted (typically within a 5–10 year range depending on region, transaction type, and applicable law). - Local (on-device) data: removed when you uninstall or reset the App. - Cloud-synced data (saved people profiles / Custom Personas / Custom Templates): retained while the account is active; deleted upon request or account deletion. - Snapshots/Backups: monthly snapshots may be created; snapshots do not outlive the source’s retention period. 5) Processors, Third-Party Sharing, and International Transfers (US/us-central1) 5-1) Processors - Processors: Google (Firebase, Analytics, Crashlytics), RevenueCat, Google Play / Apple App Store. - Purpose: authentication/subscription management, performance analytics, app distribution and billing. - Retention: follows each processor’s policies and applicable legal retention periods. 5-2) Third-Party Sharing (Advertising) - Recipients: Google AdMob and mediation partners (Pangle, Liftoff, etc.). - Items: Ad IDs (AAID/IDFA), IP/online identifiers, device/app and network information, approximate location (network-based), ad impression/click data, basic usage data. - Purpose: ad delivery and measurement. - Retention: per each recipient’s policies. 5-3) International Transfers - Timing/Method: transferred via encrypted TLS channels during API calls when you use the Service. - Recipients: Google LLC, RevenueCat, Inc., Apple/Google and other service providers (contact details in their privacy policies). - Countries: United States and other locations where providers’ servers are located. - Items/Purpose: same as in §5-1 and §5-2. - Legal basis: performance of our contract to provide the Service and, where required, your consent for personalized ads. - Right to refuse: you may refuse international transfers, but doing so may limit login, sync, personalized ads, or payments. - Safeguards: Standard Contractual Clauses (SCCs) and appropriate measures. 6) Regional Rights (incl. U.S.) - Privacy Options (UMP): manage ads/measurement choices via App → Settings → Privacy Options (Google UMP). In eligible regions (incl. certain U.S. states) this also covers “Do Not Sell or Share / Targeted Advertising Opt-out.” - Under 16: we do not sell/share personal information without prior opt-in consent. - Non-discrimination: we do not discriminate for exercising privacy rights. 7) Your Rights & How to Exercise Request deletion/access/correction/portability/restriction/objection via the App’s data-deletion feature or email help@waitcle.com. We respond within a reasonable time (up to 30 days). Legally required records are deleted after their retention period. Anonymous statistics may not be subject to deletion because they cannot be re-identified. Authorized agent requests and an appeal process are available. 8) Children’s Privacy - Korea: users under 14 are restricted. - U.S. (COPPA regions): users under 13 are restricted. - EU/UK and other regions: we follow local age thresholds and parental-consent requirements (typically 13–16 depending on country). We do not knowingly collect personal data from children under the applicable age, and if we learn we have, we delete it. We do not sell/share data of users under 16 without opt‑in consent. 9) Security We use industry-standard safeguards, including HTTPS/TLS in transit and cloud encryption at rest, and apply least-privilege access. Where required, we notify of breaches without undue delay (within 72 hours under GDPR, if applicable). Access to input content and security logs is restricted under the least‑privilege principle, and we maintain access logs and internal control policies. 10) Changes to this Policy We provide advance in-App alerts (at least 7 days) or official website notices for material changes. In unavoidable cases we may notify after the fact. 11) Supervisory Authorities & EU/UK Representatives EU/UK residents may contact us at help@waitcle.com for privacy-related inquiries. EU/UK users may also lodge complaints with their supervisory authority. We have not appointed an EU/UK representative at this time. If we determine that the GDPR/UK GDPR representative requirement applies, we will appoint an EU/UK representative and promptly update this Policy with the representative’s contact details. 12) Governing Law & Venue This Policy is governed by the laws of the Republic of Korea. Disputes are subject to the courts of Seoul (mandatory local laws of your residence take precedence where applicable). 13) Reference Links - Google AdMob: https://policies.google.com/technologies/ads - Firebase: https://firebase.google.com/support/privacy - RevenueCat: https://www.revenuecat.com/privacy - Google Play / Apple App Store: respective platform policies