Privacy Policy
Effective Date: May 20, 2026
Mudfolk (the "Service") complies with the Personal Information Protection Act (PIPA), the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other applicable laws of the Republic of Korea. This Privacy Policy explains how we collect, use, and protect your personal information.
1. Items and Methods of Collection
a. Required items
- Social account information (Google, Apple, Kakao): email address, profile name, social account identifier (OAuth ID)
- Service usage records: work diary entries, posts, comments, and images created by the member; activity records including likes, follows, reports, and blocks
- Device information: device model, OS type and version, app version, device locale
- Push notification token: device identifier token used to deliver push notifications (FCM Token)
- Notification preferences: consent status per notification type
- App usage analytics: screen views and feature usage frequency
- Error information: crash logs and error stack traces
- Access logs: IP address and access timestamp
b. Optional items
- Profile photo
c. Methods of collection
- Automatic collection via social login (Google, Apple, Kakao)
- Direct entry by the user during service use
- Automatic collection during mobile app use
2. Purpose of Collection and Use
Collected personal information is used for the following purposes:
- Member management: identity verification, maintenance of membership, prevention of fraudulent use
- Service provision: pottery work diary, community features (posts, comments, likes, follows), content display and recommendations
- Communication: service announcements, activity push notifications, customer support
- Service improvement: usage pattern analysis, new feature development, error diagnosis
- Legal compliance: record-keeping for dispute resolution and complaint handling
3. Retention and Use Period
- Member information: until membership withdrawal. Upon a withdrawal request, data is retained in a recoverable state for 30 days before being permanently deleted. Logging in with the same account within 30 days will provide a recovery option.
- Statutory retention: access logs and connection tracking records are retained for 3 months under the Protection of Communications Secrets Act, and any other periods required by applicable laws.
4. Provision of Personal Information to Third Parties
The Service does not provide personal information to third parties without the user's prior consent, except in the following cases:
- When separate consent has been obtained from the user
- When required by law or when investigative authorities make a request through lawful procedures
5. Outsourcing and Cross-Border Transfer
The Service outsources personal information processing tasks as listed below. Safeguards are specified in outsourcing agreements pursuant to Article 26 of PIPA.
| Processor | Outsourced Tasks | Transfer Country |
|---|---|---|
| Supabase Inc. | Storage of member data and content, authentication | United States, Singapore |
| Google LLC | Social login (Google Sign-In), push notifications (Firebase Cloud Messaging), app analytics and error reporting | United States |
| Apple Inc. | Social login (Sign in with Apple), app distribution | United States |
| Kakao Corp. | Social login (Kakao Login) | Republic of Korea |
Transfer occurs at the time of sign-up and during service use, and is conducted via network transmission. Retention lasts until member withdrawal or termination of the outsourcing agreement. By agreeing to this Policy during sign-up and service use, the member also consents to the cross-border transfer of personal information to the processors above.
Pursuant to Article 28-8(4) of the Personal Information Protection Act, members may request a refusal or suspension of cross-border transfer of their personal information through the contact below (keddit.dev@gmail.com). However, because the Service relies on overseas processors for core functions including member data storage (Supabase), authentication, and push notifications (Google, Apple), refusing all cross-border transfers will make the Service effectively unusable; in such cases the request is treated as a membership withdrawal.
6. Rights of Data Subjects and How to Exercise Them
Members may exercise the following rights with respect to the Service at any time:
- Right to access personal information
- Right to request correction of errors
- Right to request deletion (including bulk deletion via membership withdrawal)
- Right to request suspension of processing
These rights may be exercised through the app's settings screen or via the contact below (keddit.dev@gmail.com) in writing or by email. The Service will respond without delay. Rights of children under 14 may be exercised through their legal representative.
7. Destruction of Personal Information
- Personal information that is no longer needed due to expiration of the retention period or fulfillment of the processing purpose is destroyed without delay.
- 30 days after a withdrawal request, the data is permanently deleted from the database through an automated process.
- Electronic files are permanently deleted using methods that prevent recovery or reproduction.
8. Measures to Ensure Security of Personal Information
- Administrative: minimization of personnel with access, internal training, and an internal management plan
- Technical: access control (Row Level Security), encryption in transit and at rest (HTTPS/TLS), encryption of authentication tokens
- Physical: physical security provided by processor data centers under international certifications such as ISO 27001 and SOC 2
9. Personal Information of Children Under 14
This Service is available only to users aged 14 or older. Sign-up requires self-certification that the user is 14 or older. The Service does not knowingly collect or process personal information of children under 14. If the Service becomes aware that a user is under 14, the account and related information will be deleted without delay.
10. Automatic Collection Devices and How to Opt Out
As a mobile app service, the Service does not use web cookies, and does not use advertising identifiers (IDFA/AAID) for cross-app tracking or personalized advertising. To stop push notification delivery, turn off push notifications in the app's notification settings or in your OS notification settings; the FCM Token will no longer be used.
11. Privacy Officer and Contact
- Service: Mudfolk
- Officer: Mudfolk Privacy Officer
- Contact email: keddit.dev@gmail.com
Members may direct all privacy-related inquiries, complaints, and remedy requests to the contact above. The Service will respond and act without delay.
12. Remedies for Infringement of Rights
If you need to report or consult on a privacy violation, you may contact the following agencies (Republic of Korea):
- Personal Information Dispute Mediation Committee: 1833-6972 / www.kopico.go.kr
- Personal Information Infringement Report Center: 118 / privacy.kisa.or.kr
- Supreme Prosecutors' Office Cybercrime Division: 1301 / www.spo.go.kr
- Korean National Police Cyber Bureau: 182 / ecrm.police.go.kr
13. Changes to This Privacy Policy
This Privacy Policy takes effect from the effective date above. The Service will provide in-app notice at least 7 days before the effective date of any addition, deletion, or amendment. For changes that materially affect members' rights or obligations, notice will be provided at least 30 days in advance.
Supplementary Provisions
This Privacy Policy takes effect on May 20, 2026.