DAISYSIAD ("we" or "the Company") values the personal information of users of ChapterMade (the "Service")
and complies with the Personal Information Protection Act (PIPA) of the Republic of Korea and related laws.
This policy explains how we collect, use, store, share, and destroy personal information.
For company information and contact, see the Business Info page.
1. Information We Collect
1.1 At sign-up / login
| Type | Items | Method |
|---|---|---|
| Email sign-up | Email address, password (stored encrypted), nickname | Sign-up form |
| Apple sign-in | Apple identifier (sub), email (real or anonymized), name (optional) | Apple ID sign-in |
| Google sign-in | Google identifier (sub), email, name | Google account sign-in |
1.2 Automatically collected during use
- Device information: iOS version, device model, app version, language and time-zone settings, UI mode (dark/light)
- Usage logs: access time, screen enter/exit, error and exception logs (for debugging and operational improvements)
- Push notification tokens: Expo Push Token / APNs Token (when the user has granted notification permission)
1.3 Information the user inputs or generates during use
| Type | Items |
|---|---|
| Travel info | Title, country, city, departure / return date, companion info |
| Records | Emotion marks (12 kinds), thought notes (text), attached photo / video media |
| Book content | Auto-generated chapters / prologue / epilogue manuscripts, cover image, book title and metadata |
| Publishing info | Public / private setting, publish date, open-count statistics |
| Library activity | Open records of other users' books, report / block history |
| Travel genre | One of 16 types derived from the user's responses + four-axis scores |
1.4 Location information
Location information is handled separately under the Location Policy.
1.5 Payment information (applies once in-app purchase launches)
- When purchasing an ink-bottle package: Apple In-App Purchase receipt ID, transaction ID, purchase time, product ID
- We do not collect or store payment instrument details such as card or account numbers. Apple processes and stores these.
1.6 Motion activity data (CMMotionActivity)
- We use iOS motion activity data to automatically classify chapter transport mode (walking, biking, vehicle).
- This data is processed on-device only and is not transmitted to our servers.
2. Purposes of Collection and Use
| Purpose | Items used |
|---|---|
| Member identification and authentication | Email, OAuth identifier, password |
| Service provision (travel records, book generation, Library, etc.) | User input records, location, companion info |
| AI-based automatic book generation | Emotion / thought / journey records → Claude API processing |
| Payment and ink-bottle balance management | Apple IAP receipts, ink-bottle transaction history |
| Push notification delivery | Push Token, notification settings |
| Moderation (reports, blocking) | Report reasons, reporter / target identifiers |
| Service operation, statistics, improvement | Anonymized usage logs |
| Compliance with legal obligations | Identifying information for handling Terms violations / disputes |
3. Retention and Use Period
| Item | Retention period |
|---|---|
| Member account information | Until withdrawal (permanently deleted immediately upon withdrawal) |
| User-input content (books, records, etc.) | Until withdrawal |
| Automatically collected usage logs | One year from collection |
| Payment records | 5 years under the E-Commerce Act |
| Consumer complaint / dispute records | 3 years under the E-Commerce Act |
| Report / block history | Until withdrawal or 1 year after report processing is complete |
Upon withdrawal, all personal information except items subject to statutory retention is permanently deleted immediately.
4. Third-Party Sharing
In principle, we do not provide users' personal information to third parties. Exceptions:
- The user has given prior consent.
- Required by law (e.g., requests from investigative authorities, court orders).
5. Processing on Behalf of the Company
To provide the Service, we entrust processing of personal information to the following processors:
| Processor | Task | Data handled | Country |
|---|---|---|---|
| Supabase Inc. | Database, authentication, server hosting, file storage | Accounts, content, media | USA |
| Anthropic, PBC | AI-based book generation (Claude API) | User input text (not used for training) | USA |
| Apple Inc. | Sign in with Apple, in-app purchase, push notifications (APNs) | Apple identifier, receipts, Push Token | USA |
| Google LLC | Google Sign-In | Google identifier, email | USA |
| RevenueCat, Inc. | In-app purchase receipt verification, ink-bottle balance management | Apple receipts, user identifier | USA |
| Cloudflare, Inc. | Media file storage and delivery (R2 Object Storage) | User-uploaded photos / videos | USA |
| Mapbox, Inc. | Map rendering | Display-area coordinates | USA |
5.1 Notice of Cross-Border Transfer
All processors above operate servers in the United States. User personal information is transferred to the United States for service provision.
- Country of transfer: United States
- When and how transferred: at the time of service use, via network transmission
- Recipients: see the table above
- Retention / use period of recipients: until termination of the processing contract or member withdrawal
Users have the right to refuse the above cross-border transfer; however, refusal may restrict Service use.
5.2 No Use for AI Training
The Anthropic Claude API used by the Company follows the policy that user data sent via the API is not used to train AI models (Anthropic Commercial Terms).
6. Destruction of Personal Information
Upon withdrawal or expiry of the retention period, we destroy personal information promptly as follows:
- Electronic files: permanently deleted by irrecoverable methods (Supabase Auth
DELETE CASCADEremoves all related data) - Local data: the in-app SQLite database is wiped entirely
- Printed or external copies: we do not keep printed copies or external duplicates
Members can withdraw directly from Profile → Account → Delete account; the action is processed immediately.
7. User Rights
Under Articles 35–37 of the Personal Information Protection Act, users may exercise the following rights:
| Right | How to exercise |
|---|---|
| Access | View directly within Profile / Records / Books in the app, or request via the email |
| Correction | Edit profile / records in the app, or request via the email |
| Deletion | Delete content / withdraw membership, or request via the email |
| Suspension of processing | Request via the email |
| Withdrawal of consent | Change permissions / withdraw membership, or request via the email |
Send requests to the representative email listed in Business Info; we will process within 10 business days.
7.1 Legal Representative Rights
We do not, in principle, collect personal information of children under 14. If a sign-up by someone under 14 is confirmed, we immediately delete the account and destroy related information.
8. Safeguards
We take the following measures to safeguard user personal information:
- Encryption: passwords stored as one-way hashes (bcrypt). Transmissions use TLS 1.2 or higher.
- Access control: Supabase Row Level Security (RLS) policies restrict access to the user's own data only.
- Separation of storage: location coordinates and original records are kept primarily on-device; only the minimum necessary at publish time is uploaded to the server.
- AI processing safety: AI processing is performed only via Supabase Edge Functions; clients do not call external AI APIs directly.
9. Cookies and Similar Technologies
The Service is a mobile app and does not use web cookies. We use app local storage (AsyncStorage, SQLite) for user settings and records. Users may wipe local data in bulk by withdrawing membership.
10. Privacy Officer and Contact
| Privacy Officer | Lee Subin |
| [email protected] |
Send privacy-related inquiries, reports, or access requests to the email above; we will process within 10 business days.
For other matters related to personal information infringement, you may contact:
- Personal Information Infringement Report Center ☎ 118 / privacy.kisa.or.kr
- Personal Information Dispute Mediation Committee ☎ 1833-6972 / kopico.go.kr
- Cyber Crime Investigation Division, Supreme Prosecutors' Office ☎ 1301 / spo.go.kr
- Cyber Bureau, National Police Agency ☎ 182 / ecrm.police.go.kr
11. Changes to This Policy
This Privacy Policy may be updated to reflect changes in law or services; updates are announced in advance via in-app notices or push notifications. For material changes (those unfavorable to user rights), notice is given at least 30 days before the effective date.