Privacy Policy

Darak (the "Company") operates the Joey service (the "Service") in compliance with the Personal Information Protection Act (PIPA), the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other related laws. We collect and use only the minimum amount of information necessary to provide the Service.

This Privacy Policy describes the categories of personal information we process, the purposes of processing, retention periods, processing delegation, cross-border transfers, and how data subjects can exercise their rights.

We process personal information by categorizing data subjects into three groups — block owners (members), visitors (commenters), and per-block subscribers — and separately manage temporary authentication data and automatically collected information.

(a) Block Owner (Member)

• Required: Email, email verification status, display name, timestamp of terms agreement (termsAgreedAt)
• Optional: Profile photo, website URL, bio (up to 500 characters), company, location, language/theme/email notification settings, timestamp of marketing consent (marketingAgreedAt)
• Automatically collected: Last login time, usage statistics (number of blocks, number of responses, monthly response count), and de-identified aggregate page visit and product event statistics
• Paid plan information (collected when subscribing to Pro): Subscription status (active / canceled), plan (Pro), billing cycle, next billing date, card brand, last 4 digits of the card number, payment method, and payment history (date, amount, status). The full card number and the recurring billing key are not stored by us; they are stored and processed by our payment processor, Toss Payments.
• Retention period: Until the member withdraws (retained separately where legally required)

(b) Visitor (Commenter)

• Required: Author name, comment content (up to 2,000 characters), timestamp, anonymity flag
• Optional: Email for reply notifications. This email is used internally on the server only to send reply notifications and is never exposed in the owner dashboard or any export.
• Automatically collected: An anonymous identifier to distinguish unauthenticated visitors (joey_vid; a random UUID stored in the browser's local storage), and a short-lived writer token (a JWT signed with the jose library) to verify the visitor's permission to edit or delete their own comments
• Retention period: Until the block is deleted or the owner deletes the response

(c) Per-Block Subscriber

• Required: Normalized email address, consent status for marketing/news, subscription status (active / unsubscribed)
• Optional: Consent to reply notifications, the response identifier that triggered the subscription, anonymous visitor identifier
• Visible to owners: Limited to email, join date, and subscription status. Reply notification consent, marketing consent, response identifier, and visitor identifier are not disclosed even to owners.
• Retention period: Until unsubscription or block deletion

(d) Temporary Authentication Data

• When an OTP is issued, we store a one-way hash (scrypt) of the verification code, the lowercased recipient email, the number of attempts, and the expiration time in a temporary collection keyed by a one-way hash (SHA) of the recipient's email; the plaintext code itself is never stored. The entry automatically expires 5 minutes after issuance and is deleted immediately upon successful verification or when the attempt limit is exceeded.

Automatically Collected (Common)

• Access logs (IP address, User-Agent, timestamp), error/performance logs, and cookieless aggregate analytics events generated by Google Analytics (normalized page path, event name, browser/device information)

• Core service delivery (performance of contract): Authentication and account management, collection and display of comments and subscriptions, sending emails for comment notifications, reply notifications, response export completion, and subscriber export completion, and providing response and subscriber dashboards
• Customer support and announcements (performance of contract and legitimate interest): Handling inquiries and delivering service-related announcements
• Security and quality (legitimate interest): Analyzing error/performance logs and improving the Service using de-identified and aggregated statistics
• Legal compliance (legal obligation): Responding to disputes and fulfilling retention obligations under applicable laws

We do not disclose personal information to third parties without the data subject's separate consent or a legal basis.

However, where a visitor explicitly opts in to "Receive updates" for a block, that email is shown to the block owner via the dashboard as an essential part of the Service. This is a consent-based disclosure, and the visitor may revoke consent at any time by unsubscribing. Other disclosures are limited to legally mandated exceptions such as lawful requests from investigative authorities.

To operate the Service, we delegate personal information processing as listed below, and we fulfill our obligations to manage, supervise, and maintain safeguards for each processor.

Processors handle only the minimum information needed to deliver the Service, and destroy retained information without delay upon termination of the delegation agreement.

All processors above are headquartered or infrastructure-hosted overseas. Pursuant to Article 28-8 of the Personal Information Protection Act, we disclose our cross-border transfers as follows.

• Timing and method of transfer: Transferred as API calls over the internet when a member's or visitor's action or a notification trigger occurs.
• Retention and use period: Destroyed without delay upon termination of the processing agreement or once the purpose of use is achieved. Email processors discard the email body immediately after sending.
• Right to refuse transfer: Data subjects have the right to refuse cross-border transfer; however, since these processors are core infrastructure for the Service, refusing the transfer will make the Service unusable. In that case, you may express refusal by withdrawing your membership.

• Session and analytics cookies: We use a signed session cookie issued by the Firebase Admin SDK, valid for 14 days. We use Google Analytics to understand product usage in de-identified aggregate form, and analytics cookies may be used for that purpose. Advertising features and Google signals are disabled, and we do not use third-party tracking cookies for advertising.
• Browser local storage: We store an anonymous UUID (joey_vid) in the visitor's browser localStorage to identify unauthenticated visitors. Since it is not a cookie, standard cookie-blocking settings do not block it; it can be removed via the browser's "Clear site data" or incognito mode.
• Writer token (JWT): A signed JWT is issued so unauthenticated visitors can edit or delete their own comments, and it is stored in the visitor's browser localStorage. The token itself contains only a random identifier and no personal data such as email or name.

• Principle: When the purpose of processing is achieved or a member withdraws, the information is permanently deleted in a non-recoverable manner immediately. Upon member withdrawal, the member's blocks, accumulated responses (comments and replies), per-block subscribers, export files (CSV/XLSX), usage statistics, Firebase Auth account, and member document are destroyed together without a grace period and cannot be recovered.
• Statutory retention: Items subject to retention obligations under applicable laws are stored separately for the required period and destroyed upon expiration.
• Method of destruction: Electronic records are permanently deleted in a non-recoverable manner.

• Members: You can withdraw your membership directly from the "Delete account" section of the settings screen after re-confirming your email. Upon withdrawal, your blocks, responses, subscribers, export files, and account are permanently deleted without a grace period as described in Article 8. For access, correction, or suspension of processing requests, please contact hello@joey.team.
• Visitors: Requests to access or delete your own comments should be sent directly to the relevant block owner or to hello@joey.team.
• Subscribers: You can stop receiving marketing messages at any time by unsubscribing.

Additional Rights by Region

• Residents of the EEA / UK (GDPR): You have rights of access, rectification, erasure, restriction of processing, objection to processing, data portability, and to lodge a complaint with a supervisory authority. After verifying your identity, we aim to respond within 30 days.
• California residents (CCPA): You have the right to request information about the collection and sale of your personal information, the right to request deletion, and the right not to be discriminated against. We do not sell personal information.

We take the following safeguards under Article 29 of the Personal Information Protection Act and Article 30 of its Enforcement Decree.

• Establishing and operating an internal management plan
• Access controls: Firestore security rules block direct client access so that all data processing goes through the Admin SDK. We apply the principle of least privilege and retain access records.
• Encryption: TLS on the transport layer, session token signing, OTP codes that expire in 5 minutes with a 5-attempt limit, OTP codes stored only as a one-way hash (scrypt) and never in plaintext, and one-way hashing of emails used as keys for OTP storage
• Retention of access records to prevent tampering
• Operation of an access control system
• Incident response procedures and staff training

• Processing of pseudonymized information: Not applicable
• Operation of video surveillance devices (CCTV): Not applicable
• Collection, use, or disclosure of behavioral information for advertising: Not applicable
• Collection of sensitive information and unique identifiers: Not applicable

• Officer: Kang Sangkwun (Head of Operations)
• Contact: hello@joey.team / +82-10-7302-2884

For reports or inquiries regarding personal information infringement, you may contact the following Korean agencies: Personal Information Infringement Report Center (privacy.kisa.or.kr / dial 118), Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972), Supreme Prosecutors' Office Cybercrime Investigation Department (spo.go.kr / 1301), National Police Agency Cyber Investigation Bureau (ecrm.cyber.go.kr / dial 182).