(Yaksim) Privacy Policy

Effective Date: 30 days after the date of the last revision

Last Revised: March 10, 2026

This English translation is provided for convenience only. In the event of any discrepancy or conflict between the Korean version and this English translation, the Korean version shall prevail.

Itda (hereinafter referred to as the "Company") is a business operator that provides services to users worldwide. The Company complies with applicable privacy and data protection laws of each country and region, and processes users' personal information safely and securely.

Article 1 (Definitions and Scope of Application)

"Service" refers collectively to each application provided by the Company and all ancillary online services associated therewith.
"User" refers to any member or non-member who agrees to this Policy and uses the Service.
This Privacy Policy applies to the following application services provided by the Company:
- Yaksim

Article 2 (Collection and Use of Personal Information)

The Company collects and uses only the minimum personal information necessary to provide the Service. Sensitive information is processed only to the minimum extent required under applicable laws. Additional personal information required for specific service features is collected and used only during the use of the relevant service, in accordance with this Policy.

2-1. Account Information (Social Login-Based)

Collected Items	Purpose of Use	Retention Period
Name (nickname), profile information (profile image, etc.)	User identification and account management	Destroyed immediately upon account deletion
Email address (based on Apple/Google/Kakao accounts or verified email address for email sign-up)	Simple login (SSO) authentication and user identification, important notices	Destroyed immediately upon account deletion
Social identifiers (UID of each SSO provider, etc.)	Login authentication, account linking	Destroyed immediately upon account deletion

(Important Notice Regarding Passwords)

If a user chooses email login, the password is securely processed by the authentication service provider (e.g., Firebase Authentication). The Company does not store or access the user's plaintext password.
The specific processing methods for cryptographic information (e.g., hashes) generated and stored during the authentication process are subject to the policies of the authentication service provider.

Additional Notices

When signing up with an Apple account, if the user does not consent to email sharing, a randomized email address generated by Apple may be provided.
When signing up with a Kakao account, if the user's email is not provided, an authentication identifier key provided by Kakao may be used instead.

2-2. Service Usage Behavior Information (Automatically Collected)

Collected Items	Purpose of Use	Retention Period
IP address, device model/type, OS version, app version, browser type (if applicable), access date and time, usage records, error/diagnostic data, security-related logs, push tokens (FCM/APNs), advertising identifiers (if applicable)	Service quality improvement, security maintenance, prevention of fraudulent use, incident response, statistical analysis, development of new features, delivery of personalized content	Destroyed without delay upon account deletion or when the purpose of processing has been achieved. However, if retention is required under applicable laws, the information is retained for the required period and then destroyed.

Additional Notice Regarding Push Tokens

Push tokens are stored and used for the purpose of sending notifications and may be renewed or deleted upon app uninstallation/reinstallation, device change, token refresh, notification settings change, logout, or account deletion.

2-3. Medication Management Information (User-Entered)

Collected Items	Purpose of Use	Retention Period
Medication name, dosing schedule, medication type, dosage, stock quantity, medication history (intake/missed records, etc.)	Generation of personalized medication reminders, medication history management, inventory management	Destroyed without delay upon termination of service use (account deletion) or when the user deletes the data

2-4. Family Sharing Information (User-Selected)

Collected Items	Purpose of Use	Retention Period
Family group ID, roles among members, family connection status, medication status sharing settings among family members, profile names (display names) of connected family members	Sharing medication status among family members and sending notifications	Destroyed without delay upon account deletion or upon disconnection/group withdrawal

Important Notice Regarding Sensitive Information

Medication information and the medication status shared through the family sharing feature may be related to an individual's health condition. The Company processes such information so that it is displayed to family group members only when the user has opted into the family sharing feature. Users may disconnect from family sharing or withdraw from a group at any time.

2-5. Prescription/Image (OCR) Processing

Collected Items	Purpose of Use	Retention Period
Prescription photos (optionally provided by the user), text extracted from images (OCR results)	Prescription recognition and input convenience	Destroyed without delay after processing, unless the user chooses to save the data

Notice Regarding Processing Methods

The Company may perform OCR (text recognition) on the user's device for the prescription recognition feature (e.g., on-device processing). In such cases, prescription photos are not stored on the Company's servers.
If a feature is introduced in the future that transmits images or extracted text to servers or external service providers, the Company will update this Policy to reflect the items transmitted, purposes, retention periods, processors/third parties provided to, and cross-border transfer details, and will obtain separate consent as necessary.

2-6. Payment/Subscription Information

Collected Items	Purpose of Use	Retention Period
Subscription status, payment receipt identifiers (receipt numbers, etc.), purchase/expiration/renewal status	Activation of premium features (Pro) and subscription status verification, payment-related customer support	Retained for the period required under applicable laws and then destroyed (e.g., laws relating to electronic commerce)

Notice Regarding Payment Method Information

The Company does not directly store or process payment method information such as card details. Payments are processed through external payment processors such as Apple and Google.

2-7. Inquiry and Customer Support Information

The Company may collect and use the following information when a user makes an inquiry, report, or customer support request:

Collected Items: Email address, inquiry details, device/app information (if necessary), attached materials (if provided by the user)
Purpose of Use: Identity verification, inquiry processing and response, dispute resolution, service improvement
Retention Period: Destroyed without delay upon completion of the inquiry and achievement of the purpose. However, if required for dispute resolution or other reasons, the information is retained in accordance with applicable laws.

Article 3 (Purposes of Using Personal Information)

The Company uses the collected personal information for the following purposes:

Provision of service features and system operation
Performance of contracts under the Terms of Service and management of paid services/subscriptions
Security maintenance, bug fixes, and service improvement
Delivery of essential notices (email, push notifications, etc.)
Provision of marketing information (only with separate consent from the user)
Response to customer inquiries and complaints
Payment processing through third-party payment services such as Apple and Google

Article 4 (Third-Party Provision and Entrustment of Personal Information Processing)

The Company may entrust certain tasks to external specialized service providers to ensure smooth service provision, and personal information may be transferred to regions outside the user's country of residence due to the nature of the Service. The Company manages and supervises the processors to ensure they process personal information safely in accordance with applicable laws.

Company Name	Location	Information Processed	Purpose
Google LLC (Google Analytics)	United States, etc.	Service usage records, device information	Usage statistics analysis and service improvement
Google LLC (Firebase)	United States, etc.	Account identification information, service data, device information, push tokens	Data storage, authentication, server operations, push notification delivery
RevenueCat, Inc.	United States, etc.	Subscription status, receipt identifiers, social identifiers (to the extent necessary)	Paid subscription status management and payment verification
Google LLC (AdMob, etc.) (if applicable)	United States, etc.	Advertising identifiers, device information	Ad delivery and performance measurement

※ Advertising identifiers can be reset or restricted through the user's device settings. (iOS: App Tracking Transparency/Privacy Settings, Android: Advertising ID Settings)

Article 5 (Rights of Users)

Users may request access, correction, deletion, suspension of processing, withdrawal of consent, and other actions regarding their personal information in accordance with applicable laws.

How to Exercise Rights: Through the in-app settings menu or by contacting the inquiry point below
The Company will take action without delay in accordance with applicable laws.

Article 6 (GDPR – Rights of Residents in the European Economic Area)

The Company guarantees the following rights for residents of the EEA:

Legal Basis for Processing: Consent, performance of a contract, compliance with legal obligations, legitimate interests
Data Subject Rights: Right of access, right to rectification, right to erasure (right to be forgotten), right to restriction of processing, right to data portability
How to Exercise Rights: Submit a request to [email protected], and the Company will take action in accordance with applicable laws.

Article 7 (CCPA/CalOPPA – Rights of California Residents)

The Company does not sell personal information for monetary consideration.
Users who do not wish to receive personalized advertising may control this through their device settings.
The Company may not directly respond to browser Do Not Track (DNT) signals; however, it respects device privacy settings.
The Company will process requests after receiving a verifiable request in accordance with applicable laws.

Article 8 (Children's Personal Information)

The Company does not knowingly collect personal information from children under the minimum legal age, unless permitted by applicable laws. If a guardian determines that a child's personal information has been collected, please contact the Company and we will promptly take deletion measures.

Article 9 (Security of Personal Information)

The Company applies technical, administrative, and physical safeguards to protect personal information and operates reasonable security procedures to prevent unauthorized access, disclosure, alteration, or destruction.

Article 10 (Destruction of Personal Information)

When the retention period for personal information has elapsed or the purpose of processing has been achieved, the personal information is destroyed without delay. Electronic files are deleted using methods that make recovery impossible, and physical documents are disposed of securely.

Article 11 (External Links)

When using external websites or services included in the Service, the privacy policies of those sites apply, and the Company assumes no responsibility for such policies.

Article 12 (Changes to the Privacy Policy)

This Policy may be amended in accordance with changes in applicable laws or service policies. Any changes will be communicated through in-app notices. The amended Policy shall take effect from the effective date stated in the notice.

Contact Information

For inquiries or requests to exercise rights related to personal information protection, please contact us at:

Privacy Officer: Dongwoo Kim
Email: [email protected]