Privacy Policy

1. Who We Are

WhatsMySaju is operated by Plain Potato (d/b/a What's My Saju), based in the Republic of Korea. For the purposes of applicable data protection laws (including the EU General Data Protection Regulation), we are the data controller responsible for your personal data. This Privacy Policy is part of our Terms of Service.

Contact: potatojoayo@gmail.com

2. Information We Collect

We collect the following personal information to provide our service:

• Account data: email address and display name, collected when you create an account.
• Birth information: date of birth, time of birth, and gender \u2014 required to generate your Saju reading.
• Relationship data: names and birth details of people you add for compatibility readings. You are responsible for having the consent of those individuals.
• Transaction data: records of Tteok purchases and reading history. Payment card details are handled entirely by our payment partner and are never stored on our servers.
• Technical data: IP address, browser type, and device information collected automatically when you visit our site. This is used solely for security and service functionality.

3. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

• Contract: processing your birth data to deliver the Saju reading you purchased.
• Legitimate interest: improving the service, preventing fraud, and ensuring security.
• Consent: where required, such as for optional marketing communications (we do not currently send marketing emails).

4. How We Use Your Data

• To generate personalized Saju readings
• To manage your account and Tteok balance
• To process payments and provide customer support
• To detect and prevent fraud or abuse
• To improve the accuracy and quality of readings
• To comply with legal obligations (e.g., tax reporting through our payment partner)

5. Third-Party Services

We share data with the following providers, each of which operates under its own privacy policy:

• Supabase \u2014 authentication and database hosting. Your account and birth data are stored on Supabase's servers.
• Anthropic \u2014 the AI model that generates Saju readings. Your birth date, time, and gender are sent to Anthropic's API for each reading. Anthropic does not retain input data beyond the duration of the API request.
• Paddle \u2014 payment processing for Tteok purchases. Paddle acts as the Merchant of Record and handles all payment card data. We never see or store your card details.

We do not sell, rent, or share your personal data with any other third parties for advertising or marketing purposes.

6. International Data Transfers

Our service is operated from the Republic of Korea, and our third-party providers may process data in the United States and other countries. If you are located in the EEA/UK, your data may be transferred outside your jurisdiction. These transfers are protected by appropriate safeguards, including the standard contractual clauses adopted by the European Commission where applicable.

7. Cookies & Local Storage

We use essential cookies and local storage for authentication (session tokens) only. We do not use tracking cookies, advertising cookies, or third-party analytics services.

8. Data Retention

• Active accounts: your data is retained for as long as your account is active.
• Deleted data: when you delete a person or your account, we perform a soft delete (marking data as deleted). Soft-deleted data is retained for up to 30 days for recovery purposes, after which it is permanently removed.
• Transaction records: purchase records may be retained for up to 5 years as required for tax and legal compliance.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: view all your personal data within the app at any time.
• Correction: update your personal information through the app.
• Deletion: request permanent deletion of your account and all associated data.
• Data portability: request a copy of your data in a machine-readable format.
• Restriction: request that we limit how we process your data.
• Objection: object to processing based on legitimate interest.

To exercise any of these rights, contact us at potatojoayo@gmail.com. We will respond within 30 days. If you are in the EEA/UK and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection authority.

10. California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect and how it is used, to request deletion of your data, and to opt out of the sale of personal information. We do not sell your personal information. To exercise your CCPA rights, contact us at the email above.

11. Children's Privacy

WhatsMySaju is not intended for anyone under the age of 18. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA). If we become aware that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us immediately.

12. Security

We use industry-standard security measures to protect your data, including encrypted connections (HTTPS), secure authentication via Supabase, and row-level security policies on our database. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a new "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

14. Contact

For privacy-related inquiries, contact us at potatojoayo@gmail.com.