Privacy Policy

Effective date: April 19, 2026

Blueberryworks (the "Company") establishes and discloses the following Privacy Policy to protect users' personal information and promptly address related concerns, in accordance with the Personal Information Protection Act and other applicable laws.

Article 1 (Personal Information Collected and Methods)

1. At Sign-Up (Required)

Item	Collection Method
Name (Nickname)	Provided via social login
Email Address	Provided via social login
Profile Image	Provided via social login
Social Account Unique Identifier	Automatically collected during Google/Apple sign-in

2. Information Generated During Service Use

Item	Description
Log / Memo Content	Text and images created by the user
Comments	Conversational comments on logs
Folder / List Structure	User-created categorization system
Saved Links	URLs and preview information saved via share extension

3. Automatically Collected Information

Item	Purpose
Device information (OS version, device model)	Service optimization and error resolution
App version	Compatibility management
Sync status	Cloud backup and multi-device synchronization
Crash and error logs	Diagnosing crashes and improving stability (Sentry; users are identified only by an opaque UUID — no email, IP, or name is sent)
Session recording at the time of an error	Reproducing the screen where the crash occurred (Sentry; recorded only when an error occurs, with text inputs masked)
App usage events (screen views, feature use)	Usage analytics and service improvement (Firebase Analytics)

4. At Waitlist Sign-Up

Item	Collection Method	Purpose
Email address	Entered directly by the user	Sending launch notifications
Language preference	Auto-detected from site language (ko/en)	Determining notification language
Approximate location (country code)	Determined from IP (e.g., KR, US)	Regional launch order and analytics

Exact IP addresses and sub-country location data are not stored.

5. Information Not Collected

Precise location (GPS coordinates, city-level address)
Contacts and call records
Information from other apps on the device
Payment information (in-app purchases are handled directly by Apple/Google)

Article 2 (Purpose of Collection and Use)

Purpose	Details
Service provision	Core features such as logging, search, and synchronization
Member management	Identity verification, account management, prevention of fraudulent use
Service improvement	Usage analytics, new feature development, bug fixes
Customer support	Responding to inquiries, delivering announcements

Article 3 (Retention and Use Period)

The Company retains and uses personal information while a user uses the Service.
Upon a user's withdrawal request, the Company shall destroy personal information without delay. However, information required to be retained by applicable laws shall be stored for the applicable period.

Item Retained	Retention Period	Legal Basis
Records of contracts or withdrawal of subscriptions	5 years	E-Commerce Act
Records of consumer complaints or dispute resolution	3 years	E-Commerce Act
Access logs	3 months	Communications Privacy Protection Act

Article 4 (Third-Party Disclosure)

The Company does not, in principle, provide users' personal information to third parties. The following cases are exceptions.

When the user has consented in advance
When required by applicable laws

Article 5 (Delegation of Processing)

The Company delegates personal information processing as follows for service provision.

Processor	Delegated Work	Retention Period
Supabase Inc.	Cloud data storage and synchronization, user authentication	Period of service use
Google LLC	Social login (Google Sign-In)	Period of service use
Apple Inc.	Social login (Apple Sign-In)	Period of service use
Google LLC (Firebase Analytics)	App usage analytics and service improvement	Period of service use
Functional Software, Inc. (Sentry)	Crash logging and error tracking, diagnostic session recording (sampled)	Period of service use
OpenAI, Inc.	AI-powered template block generation (user prompts are sent only at the time of the request and are not retained on our servers afterwards)	Duration of the request only

Article 6 (Destruction of Personal Information)

The Company shall destroy personal information without delay when the retention period has expired or the purpose of processing has been achieved.
Information in electronic file form shall be permanently deleted using methods that prevent recovery.

Article 7 (User Rights and Exercise)

Users may exercise the following rights.

Right to Access: Users may view the processing status of their personal information.
Right to Correction and Deletion: Users may request correction or deletion of inaccurate personal information.
Right to Suspend Processing: Users may request the suspension of personal information processing.
Right to Withdraw Consent: Users may withdraw consent to the collection and use of personal information.
Right to Data Portability: Users may request a copy of their data by emailing the Privacy Officer. The Company will provide it in a reasonable format within the period required by applicable law.

Access, correction, deletion, suspension of processing, and withdrawal of consent can be exercised directly through the in-service settings. Data portability requests should be sent to the Privacy Officer email listed in Article 10.

Article 8 (Security Measures)

The Company implements the following technical and administrative measures to ensure the security of personal information.

Encryption at Rest: User data, databases, and backups stored in the cloud are encrypted using the industry- standard AES-256 algorithm.
Encryption in Transit: All communication between user devices and servers, as well as between internal server networks, is encrypted using TLS 1.2 or higher.
Local-First Storage: Core user content such as logs, memos, and images is stored in a local database on the device first; cloud synchronization is performed based on the user's login and selection.
Credential Protection: Authentication tokens issued through social login are encrypted and stored in secure storage provided by the operating system (iOS Keychain, Android Keystore).
Access Control and Least Privilege: Company personnel's access to user content is limited to the minimum necessary for work, and access logs are recorded and managed.
Notice on End-to-End Encryption: The Service does not currently implement end-to-end encryption (E2EE). As such, the Company is technically capable of accessing user content. Actual access is limited to the following explicit and restricted circumstances.
- Customer support or data recovery requested by the user
- Diagnosis and recovery of service outages
- Legal requirements or lawful requests from investigative authorities
- Responses to fraudulent use or security threats

Article 9 (Cookies and Automatic Collection Devices)

Due to the nature of the mobile app service, cookies are not used. When using the web service, minimum necessary cookies for service operation may be used.

Article 10 (Privacy Officer)

The Privacy Officer overseeing personal information processing at the Company is as follows.

Position: Representative
Email: jsunee.dev@gmail.com

Article 11 (Changes to This Privacy Policy)

This Privacy Policy takes effect on the effective date. Any changes will be announced within the Service.