Privacy policy
Privacy Policy
JohnJang / Sleepyhead (the “Company”) establishes this Privacy Policy (the “Policy”) to protect the personal information of individuals who use the Diffu mobile application (the “Company Service”) and to handle privacy-related requests promptly and smoothly in accordance with applicable laws, including the Personal Information Protection Act.
Article 1 (Purpose)
The Company sets forth this Policy as the standard for protecting users’ personal information and handling privacy-related inquiries promptly and smoothly.
Article 2 (Age Restriction)
The Company Service is available only to users aged 14 or older.
The Company does not collect personal information from children under 14. If the Company confirms that a child under 14 has registered for the service, the account may be deleted without delay.
Article 3 (Principles of Processing Personal Information)
The Company collects and uses personal information in accordance with applicable laws and this Policy, and may provide personal information to third parties or transfer it overseas only with the user’s consent or when permitted by law.
Article 4 (Publication of this Policy)
The Company makes this Policy available through the app settings screen or a similar linked screen so that users can review it at any time.
Article 5 (Changes to this Policy)
This Policy may be amended due to changes in applicable laws, service policies, or features.
The Company will notify users at least 7 days before the effective date of an amendment, and at least 30 days in advance for material changes affecting user rights.
Article 6 (Information for Account Registration)
The Company collects the following information for account registration.
- Required information: email address
- Optional information: nickname, profile image
Article 7 (Information for Service Use and Abuse Prevention)
The Company may collect the following information to operate the service, analyze statistics, and prevent abuse.
- Device information (OS, device model, app version, language settings, access IP, access time, error logs, etc.)
- Service usage records
- Push token (FCM Token)
- Advertising identifier (ADID/IDFA)
Article 8 (Methods of Collecting Personal Information)
The Company collects personal information through the following methods.
- Information entered directly by users in the app
- Information automatically collected during service use
- Information generated during payment and subscription management
Article 9 (Use of Personal Information)
The Company uses personal information for the following purposes.
- User identification and account management
- Content provision and service operation
- Push notifications
- Payment and subscription management
- Abuse prevention
- Service quality improvement and statistical analysis
- Advertising delivery and ad performance analysis
- User inquiry support
Article 10 (Retention and Use Period)
The Company destroys personal information without delay once the purpose of collection and use has been achieved.
However, the Company may retain certain information for the following periods.
- Member information: until account withdrawal
- (However, it may be retained for up to 1 year after withdrawal to prevent abuse.)
- Records of contracts or withdrawal of offers: 5 years
- Records of payment and supply of goods or services: 5 years
- Records of consumer complaints or dispute resolution: 3 years
- Access log records: 3 months
Article 11 (Destruction of Personal Information)
The Company destroys personal information without delay once the purpose has been achieved or the retention period has expired.
- Electronic files: permanently deleted in a manner that prevents recovery
- Paper documents: shredded or incinerated
Article 12 (Outsourcing and Overseas Transfer of Personal Information)
The Company may outsource personal information processing or transfer personal information overseas to the following service providers to provide the service.
- Google Firebase (Google LLC, United States)
- Purpose: push notifications, service operation, error analysis
- Transferred items: device information, push tokens, usage records
- RevenueCat (RevenueCat Inc., United States)
- Purpose: subscription management and receipt validation
- Transferred items: payment identifiers, subscription status information
- Google AdMob (Google LLC, United States)
- Purpose: advertising delivery and ad performance analysis
- Transferred items: advertising identifiers, device information, usage records
- Users can limit the collection of advertising identifiers through device settings.
Article 13 (Transmission of Advertising Information)
The Company may send service-related information through push notifications and similar methods, and will send commercial advertising information only with the user’s prior consent.
Users may opt out of push notifications through device settings.
Article 14 (User Rights)
Users may request access, correction, deletion, suspension of processing, or withdrawal of consent regarding their personal information at any time.
Request method: use the “Send Feedback” feature in the app.
The Company will take action without delay after verifying the user’s identity.
Article 15 (Company Measures to Protect Personal Information)
The Company implements the following measures to protect personal information.
- One-way encrypted password storage
- Encrypted communications
- Minimized access privileges
- Access log management and security checks
Article 16 (Privacy Officer)
Name: Junghwan Jang
Email: dev.jh.jang@gmail.com
Article 17 (Remedies for Rights Infringement)
Users may contact the following organizations for consultation and remedies regarding privacy infringements.
- Privacy Infringement Report Center: 118
- Personal Information Dispute Mediation Committee: 1833-6972
Supplementary Provision
This Policy takes effect on March 2, 2026.