ChronoLab (the 'Company') values the privacy of its users and complies with the "Personal Information Protection Act" and Google Play developer policies. The Company's principle is **not to transmit or separately store sensitive health data on its servers.** (Except for non-identifiable information explicitly shared or reported by the user).
Article 1 (Purpose of Personal Information Processing)
- Service Use and Member Identification: Simplified login using a Google Account and member identification (storing minimum identifier on the server).
- Health Management Service Provision: Personalized analysis utilizing device-based data and Health Connect data (processing occurs within the device).
- Community and Service Improvement: Sharing workout routines, reporting food data errors, and enhancing the service.
- Advertising Provision: AdMob tailored advertising (for free users) and service operation.
Article 2 (Age Restriction)
This Service is intended for adults aged 18 and over. If a user under the age of 18 is found to be a member, the corresponding account and related data will be immediately destroyed. (This complies with relevant laws in the Republic of Korea.)
Article 3 (Collected Personal Information and Processing Method)
- Information Processed Only Within the Device (No Server Transmission):
Sleep, nutrition, weight, body fat, height, heart rate, blood pressure, blood glucose, and all other **health data provided by Health Connect** are processed only within the app and **are not transmitted to the Company's servers.**
※ Data examples: WeightRecord, NutritionRecord, SleepSessionRecord, etc.
- Information Transmitted and Stored on the Server on a Limited Basis:
- Google Account Unique Identifier (ID): Only the minimum identifier is stored for member identification and service usage history management.
- Workout Routine Data (Non-Identifiable Measure): Workout routines and related metadata that the user explicitly selects to **publish**.
- Nickname: Used for identification when sharing routines.
- Automatically Collected Information: Access logs, device information, advertising identifiers (ADID) (processed only in statistical forms)
- Firestore Non-Identifiable ID: Internal identifier for managing user device-server linkage. (Used for internal service management, such as error reports, submissions, and routine publishing)
Article 4 (Processing and Protection of Health Connect Data)
Data obtained from Health Connect is processed according to the following principles. This strictly adheres to the Google API Service Terms, Google Play's User Data Policy, and specifically the Health Connect Permission Policy.
- It is used only for the purpose of providing functions within the app and personalized information to the user.
- **It is not transmitted to the Company's servers or provided to third parties.**
- It is not used for advertising, marketing, or other services.
Article 5 (Data Retention and Use Period)
- Google Account Identifier and Server Data: Retained and used until the user requests membership withdrawal or personal information deletion from the Data Protection Officer, and is destroyed without undue delay upon request.
- Device Data (Including Health Connect Data): Access rights are lost or data is destroyed immediately upon app deletion or revoking Health Connect permissions.
- Exceptional Retention Data (Residual Data): The following activity records may be retained for service improvement and management purposes after **non-identifiable measures** are taken, but will be destroyed if the **user separately requests deletion according to Article 9.**
- **Published Routine and Nickname:** (For community activity and promotion purposes)
- **Food Error Report Records and Associated Firestore ID:** (For service quality and internal management purposes)
Article 6 (Provision of Personal Information to Third Parties)
The Company **does not, in principle, provide user personal information to outside parties.** However, exceptions are made in the following cases:
- Where the user has given prior consent.
- Where required by law, or at the request of an investigative agency through procedures and methods stipulated by law for investigation purposes.
Article 7 (Outsourcing of Personal Information Processing)
The Company outsources personal information processing to the following entities for smooth service provision. The Company ensures compliance with personal information protection laws in the outsourcing contract and supervises the entrusted parties.
- Google LLC: Firebase (Authentication/DB), Analytics (Analysis)
- Google Play: In-app payment and subscription management
- Google AdMob: Tailored advertising provision
Article 8 (Measures to Secure Personal Information)
The Company takes the following measures to secure the safety of personal information:
- Technical Measures: Encryption of personally identifiable information, operation of access control systems.
- Administrative Measures: Minimization and training of personnel handling personal information.
- Physical Measures: Access control to servers.
- **Key health data is not stored on the server but securely kept within the user's device via Health Connect.**
Article 9 (User Rights and Exercise Methods)
Users may at any time view or modify their personal information (nickname, date of birth, etc.) and health profile information (height, weight, diet, etc.) through the app's settings screen, and may request service withdrawal and personal information destruction.
- Upon membership withdrawal, personal identifiable information and **associated internal identifiers (Firestore ID)** stored on the server are destroyed without undue delay.
- Health Connect data access permissions can be revoked at any time via the app settings or Android system settings.
- Users wishing to delete a shared routine must send an email request to the Data Protection Officer.
Article 10 (Targeted Advertising)
AdMob may collect advertising identifiers (ADID/GAID) to provide tailored advertising to users. Users may refuse to receive tailored advertising through device settings (e.g., Android Settings > Security & Privacy > Ads > Delete or Reset Advertising ID). **Advertising is disabled by default for Pro subscribers.**
Article 11 (Matters Concerning Changes to the Privacy Policy)
This Privacy Policy is effective from the effective date and may be changed according to changes in laws, policies, or the Company's service content. Any additions, deletions, or modifications will be notified through a 'Notice' at least 7 days in advance.
Article 12 (Chief Data Protection Officer)
The Company designates the following Chief Data Protection Officer to handle user inquiries and complaints regarding personal information:
Article 13 (Governing Language)
This English version is provided for convenience only. The original Korean version of this Privacy Policy shall govern and prevail in case of any conflict or inconsistency.