Privacy Policy
Last updated: April 1, 2026
1. Information We Collect
GachaSong collects the following information when you use our service:
| Category | Items | Required / Optional |
|---|---|---|
| Card creation | Name, location, music link, recommendation reason | Required |
| Session | Randomly generated session ID (stored in localStorage) | Required (auto-generated) |
| Google Sign-In | Email address, display name | Optional |
2. Purpose of Collection
- To facilitate the music card exchange (matching your card with another user's card).
- To display your card to other users (name, location, music link, and reason).
- To provide your exchange history.
- To generate shareable links for your exchanges.
- To authenticate your identity (Google Sign-In only).
3. Retention Period
Your music cards and exchange records are retained for 3 years from the date of submission to maintain the card pool. After the retention period, data is destroyed without delay. You may request early deletion at any time by contacting us.
4. Third-Party Services (Processing Delegation)
We delegate processing of personal information to the following service providers:
| Provider | Purpose |
|---|---|
| Supabase Inc. | Database hosting and authentication |
| Vercel Inc. | Application hosting and deployment |
| Google LLC | Optional user authentication (Google Sign-In) |
| Functional Software Inc. (Sentry) | Error monitoring and performance tracking |
5. International Data Transfer
Your personal information is transferred to and stored on servers located outside of South Korea. Details of the transfer are as follows:
| Recipient | Country | Items Transferred | Purpose |
|---|---|---|---|
| Supabase Inc. | United States | All card data, session ID, Google account info | Database storage and authentication |
| Vercel Inc. | United States | Request data, session ID | Application hosting |
| Google LLC | United States | Email, display name | Authentication |
| Functional Software Inc. | United States | Error logs, performance data | Error monitoring |
Data is retained by each provider for the duration described in Section 3 or until the service agreement ends. You may refuse the international transfer of your data, but this may limit your ability to use the service.
6. Cookies and Local Storage
We use browser localStorage to store your session ID, theme preference, language preference, and daily exchange count. We do not use tracking cookies. You may clear localStorage through your browser settings, but this will reset your session and preferences.
7. Your Rights
You (or your legal representative) may exercise the following rights at any time:
- Access — request to view the personal information we hold about you.
- Correction — request correction of inaccurate information.
- Deletion — request deletion of your personal information.
- Suspension of processing — request that we stop processing your data.
Requests will be processed without delay. If a request is denied, we will notify you of the reason.
8. Data Protection Officer
For privacy-related inquiries, including requests to exercise your rights, please contact:
- Name: Hong Junhyeok
- Email: kongjun1115@gmail.com
9. Data Security
We implement the following measures to protect your personal information:
- All data is transmitted over encrypted connections (HTTPS/TLS).
- Database access is restricted through Row Level Security (RLS) policies.
- Rate limiting is applied to prevent abuse.
10. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of the service after changes constitutes acceptance of the updated policy.