Privacy Policy
1Purpose of Collecting and Using Personal Information
Dstudio (hereinafter "the Company") collects and uses personal information for the following purposes in connection with its services (hereinafter "the Services"):
- Account Registration and Management: User identification, login processing, and service usage management
- Service Provision: Storing habit records, friend features, and data synchronization
- Subscription Management: Verifying subscription status and providing premium features (payments are processed directly by Apple; the Company does not collect payment information)
- Service Improvement: Analyzing service usage statistics and improving quality
2Types of Personal Information Collected
- Required: Email address, password (encrypted), user ID
- Optional: Name (nickname), profile photo, status message, custom ID
- Automatically Collected: Service usage records (habit data, access times), online status, last access time, subscription status
- Device Permissions: Notification permission (for push notifications), Screen Time permission (for Focus Mode app blocking, optional)
When signing in with Apple: User identifier provided by Apple, name (optional), email (optional)
Note: Subscription payment information (card numbers, payment history, etc.) is processed directly by Apple and is not collected or stored by the Company.
3Retention and Usage Period of Personal Information
- Personal information is retained until account deletion, at which point all data is immediately deleted.
- Upon account deletion, all personal information stored on our servers (profile, habit records, friend list, profile photo) is immediately destroyed.
- However, if retention is required by applicable laws, information will be retained for the legally required period.
4Provision of Personal Information to Third Parties
The Company does not, in principle, provide users' personal information to third parties. However, exceptions are made in the following cases:
- When the user has given prior consent
- When required by law or regulation
- Subscription payment processing: Apple Inc. processes payments through the App Store. Apple's privacy policy applies to this process.
5International Transfer of Personal Information
The Company transfers personal information internationally for service provision as follows:
| Item | Details |
|---|---|
| Recipient | Supabase Inc. |
| Country | United States |
| Timing and Method | Transmission via network during service use |
| Information Transferred | Email, user ID, name, profile photo, status message, habit records, friend list |
| Purpose of Use by Recipient | Providing cloud database and authentication services |
| Retention Period by Recipient | Until account deletion or termination of service agreement |
Supabase is a SOC 2 Type II certified cloud service that implements technical and organizational measures for data protection.
6Procedures and Methods for Destroying Personal Information
- Destruction Procedure: Personal information is destroyed immediately upon account deletion request.
- Destruction Method: Electronic files are deleted using methods that prevent recovery.
- Users can delete their account directly through "Settings > Delete Account" in the Services.
7Rights and Obligations of Users and How to Exercise Them
Users may exercise the following rights at any time:
- Request to access personal information
- Request to correct or delete personal information
- Request to suspend processing of personal information
- Account deletion (withdrawal)
These rights can be exercised directly through the "Settings" menu in the Services or by contacting the Privacy Officer.
8Measures to Ensure Security of Personal Information
The Company takes the following measures to ensure the security of personal information:
- Encrypted password storage
- Data transmission encryption via SSL/TLS
- JWT (JSON Web Token) based authentication
- Database row-level access control (Row Level Security)
- Secure on-device storage of authentication tokens (Keychain)
- Adherence to the principle of minimum data collection
9Privacy Officer
The Privacy Officer responsible for overseeing all matters related to the processing of personal information is as follows:
- Officer: Dstudio Operations Team
- Email: admin@dstudio.kr
For reports or consultations regarding privacy violations:
10Changes to This Privacy Policy
This Privacy Policy is effective as of February 8, 2026.
Any changes to this Privacy Policy will be announced through the Services.