Legal

Privacy Policy

Last updated: April 22, 2026

1. Data Controller

The data controller responsible for your personal data is UNMYUNG, reachable at support@unmyung.app. Payment processing and related data are handled by Paddle.com Market Limited as our Merchant of Record.

2. Information We Collect

We collect only what is necessary to provide the Service:

  • Reading data: Birth date, birth time, and gender entered for Four Pillars analysis.
  • Account data: Email address, if you choose to create an account.
  • Payment data: Handled entirely by Paddle. We do not store card numbers or full payment details.
  • Usage data: Pages visited and features used, collected via Vercel Analytics for service improvement. This data is anonymized and aggregated.
  • Session data: A session cookie to maintain your login state.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your data under the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR): Processing your birth data to generate your reading is necessary to fulfil our service to you.
  • Legitimate interests (Art. 6(1)(f) GDPR): Anonymized usage analytics to improve the Service.
  • Legal obligation (Art. 6(1)(c) GDPR): Retaining transaction records for tax and accounting compliance.

4. How We Use Your Information

Your birth data is used exclusively to generate your personalized Four Pillars reading. We do not use it for advertising profiling, sell it, or share it with third parties except as described in this policy.

5. Third-Party Service Providers

We use the following sub-processors who may process your data on our behalf:

  • Supabase Inc. (supabase.com) — Database and authentication hosting. Data may be stored on servers in the United States.
  • Vercel Inc. (vercel.com) — Website hosting and serverless functions. Servers located in the United States and EU regions.
  • Paddle.com Market Limited — Payment processing and Merchant of Record. Governed by Paddle's own privacy policy.

Each provider maintains appropriate data processing agreements and security certifications. Data transfers to the US are conducted under Standard Contractual Clauses (SCCs) as approved by the European Commission.

6. Data Retention

All user data is retained for a maximum of 90 days from the date of last account activity or cancellation, after which it is permanently and automatically deleted. Financial transaction records required for legal and tax compliance may be retained for up to 5 years as required by law, but are anonymized after the 90-day period so they cannot be linked to individual users. You may request immediate deletion at any time.

7. Cookies

We use only essential cookies (session management) and anonymized analytics via Vercel Analytics. We do not use advertising cookies, cross-site tracking, or third-party marketing cookies. Session cookies expire after 30 days of inactivity.

8. Children's Privacy

UNMYUNG is not directed at children under 13 (or under 16 in certain EU jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure ("Right to be Forgotten"): Request deletion of your data.
  • Restriction: Request that we limit processing of your data.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at support@unmyung.app. We will respond within 30 days. Deletion requests are fulfilled within 7 business days.

10. Supervisory Authority

If you are located in the EEA or UK and believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with your national data protection authority. For EU-wide guidance, visit edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.

11. Service Discontinuation

If UNMYUNG ceases operations, all user data will be permanently deleted within 90 days of the service end date. No user data will be transferred to third parties upon closure. Registered users will be notified by email at least 30 days before any planned discontinuation.

12. Changes to This Policy

We may update this policy periodically. We will notify registered users of significant changes via email. Continued use of the Service after the effective date constitutes acceptance of the updated policy. Material changes affecting your rights will require explicit re-acknowledgement where required by law.

13. Contact

For any privacy-related questions or to exercise your rights, contact us at support@unmyung.app.