BookJab

Legal

Privacy Policy

BUJA FARM ('Operator') publishes this policy in accordance with Article 30 of the Personal Information Protection Act of the Republic of Korea (PIPA) to protect users' personal information and to handle related concerns promptly.

1. Information we collect

We collect only the minimum required to operate our features.

  • Account info (required): identifier and email address provided by your social login (Kakao, Naver, Google, Apple).
  • Profile (optional): nickname, gender, age range.
  • Usage data (auto-generated): reading session duration, saved quotes, your bookshelf, in-app activity log.
  • Technical info (auto-collected): device type, OS version, app version, connection IP.

We do not access precise location, camera, photo library, microphone, or contacts.

2. Purposes of processing

  • Identifying users and maintaining sign-in sessions.
  • Storing and syncing your reading log and saved quotes across your devices.
  • Generating book recommendations and personalized statistics (core service feature).
  • Improving service quality via anonymous aggregate statistics.
  • Complying with legal obligations and responding to disputes.

We do not sell or share your data for advertising.

3. Use of information for recommendations

Your saved quotes and bookshelf, together with your profile gender and age range, are collected and used to provide book recommendations and personalized statistics suited to you. This recommendation feature is a core part of the Service and is therefore covered by your 'Collection and Use of Personal Information' consent in §1, with no separate opt-out or revocation toggle. If you do not wish to use the recommendation feature, you may use [Account] → [Delete account] to remove all your data immediately.

4. Retention period

  • Account info and usage data: until you delete your account.
  • Items required by law to be retained: kept for the period mandated by that law (e.g., connection records under the Protection of Communications Secrets Act — 3 months).
  • Upon account deletion, all data except the items above is permanently deleted immediately.

5. Destruction procedure and method

  • Trigger: immediately upon your deletion request, or when the retention period expires.
  • Procedure: CASCADE DELETE from the database; automated backups are purged within 30 days.
  • Method: electronic records are erased in an unrecoverable manner.

6. Processing entrustment (subprocessors)

For service operation we entrust the following personal data processing:

  • Entrustee: Supabase, Inc.
  • Scope: user authentication, database hosting, file storage.
  • Items entrusted: all items listed in 'Information we collect'.
  • Retention: deleted immediately upon account deletion.

7. Cross-border transfer of personal data

Under PIPA Article 28-8(1)(3) (transfer necessary for the performance of a contract), we transfer personal data abroad as follows:

  • Recipient: Supabase, Inc. (Delaware, United States)
  • Timing and method: at sign-up and during service use, transmitted over HTTPS (TLS 1.3).
  • Items transferred: same as 'Information we collect'.
  • Destination and storage: U.S. headquarters / Seoul region (ap-northeast-2) distributed storage.
  • Purpose and retention: same as the Purposes and Retention sections of this policy.
  • How to object and consequences: this transfer is essential to providing the Service; declining will prevent sign-up.

8. Sharing with third parties

We do not share personal data with third parties except in the following cases:

  • When you give explicit consent.
  • When required by applicable law or by a lawful request from an investigating authority.
  • Identifier exchange with social login providers (Kakao, Naver, Google, Apple) strictly to the extent necessary to complete sign-in.

9. Your rights and how to exercise them

You may request access, correction, deletion, suspension of processing, or revocation of consent at any time. The in-app [Account] screen lets you delete your account, which revokes all consents at once and removes your data immediately. For any other requests, please contact the Data Protection Officer below.

10. Safeguards

  • In transit: HTTPS / TLS 1.3 encryption.
  • At rest: Supabase Row-Level Security ensures each user can access only their own data.
  • Authentication: OAuth 2.0 social login — we never store passwords.
  • Access control: only the operator can access the admin console; all access is audited.
  • Backups: automated backups are retained 30 days and then permanently destroyed.

11. Children under 14

The Service is intended for users aged 14 and older. We verify age at sign-up and do not knowingly collect personal data from children under 14.

12. Operator (data controller) information

  • Business name (KR): 부자FARM (BUJA FARM)
  • Representative: PARK YURO
  • Business registration no.: 326-23-01856
  • Address: 46-1 Baekhak-ro, Baekhak-myeon, Yeoncheon-gun, Gyeonggi-do, Republic of Korea
  • Phone: +82-10-8567-1493
  • Email: yuro5274@naver.com

13. Data Protection Officer

We have appointed the following Data Protection Officer to safeguard your personal data and to handle related concerns:

  • Name: PARK YURO (also the representative)
  • Email: yuro5274@naver.com
  • Phone: +82-10-8567-1493

For complaints regarding personal data infringement you may also contact the Korean authorities below:

  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
  • Supreme Prosecutors' Office Cyber Investigation Division: 1301 (www.spo.go.kr)
  • National Police Agency Cyber Bureau: 182 (ecrm.police.go.kr)

14. Changes to this policy

When this policy is amended (additions, removals, or modifications), we will announce the change in-app and on this page at least 7 days before it takes effect — at least 30 days in advance for changes that disadvantage users.

15. Contact

For questions about this policy, please email yuro5274@naver.com.

Version 1.6.0 · Effective: June 9, 2026