Privacy Policy
Effective: May 25, 2026
ILJI ("we," "us," or "our") operates the ILJI mobile application (the "Service"). This Privacy Policy explains what information we collect, why we collect it, and how we protect it.
1. Information We Collect
1-1. Account Information
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account identification, login, password reset, security alerts | Until account deletion |
| Password | Authentication (stored as a one-way hash; never stored in plaintext in our database) | Until account deletion |
| Social login identifiers (Google, Kakao) | Identity verification for social sign-in | Until account deletion |
| Internal identifier | Internal data association and access control | Until account deletion |
| Display name (within teams) | Member identification in team calendars | Until account deletion |
| Subscription status (plan, renewal date) | Pro plan entitlement | Until account deletion |
1-2. Data You Enter
The following data is entered by you for your own scheduling and personal management. We do not access, analyze, sell, or use this data for any purpose other than storing and displaying it back to you.
| Data | Examples | Retention |
|---|---|---|
| Appointments | Title, date, memo, recurring schedules, D-Day countdowns, and other scheduling information you create | Until you delete it or delete your account |
| Contacts | Name, phone, email, address, memo, etc. | Until you delete it or delete your account |
| Photos | Before/after comparison and other photos you attach | Automatically deleted from the server 90 days after upload |
| Templates & message drafts | Custom forms, message text you create | Until you delete it or delete your account (message templates are stored on-device only) |
| Change history | Who changed what and when in your appointments | Until the appointment is deleted or account deletion |
Third-party information: If you enter another person's contact details or appointment information into the Service, you are responsible for ensuring you have the right to do so under applicable laws. We store this data on your behalf and do not independently collect consent from those individuals.
1-3. Documents & Signatures
| Data | Storage | Retention |
|---|---|---|
| Business profile (name, address, phone, email), payment instructions | Encrypted, on-device only | Cleared on logout or app removal. Never sent to our servers |
| Signature image | On-device only | Lost on app removal or device change. Never sent to our servers |
| PDF documents | Generated on the fly (not stored on our servers) | — |
When you share a PDF, it may include contact information, business details, photos, and signature images. Once shared via an external app, the recipient's handling of that data is governed by their own policies.
1-4. Location
| Data | When Collected | Purpose | Retention |
|---|---|---|---|
| Location coordinates, address | Once, when you start a service timer on a team appointment | Record of where work began | Until the appointment is deleted |
- Location is captured once at timer start — we never track you in the background.
- Personal appointments do not send location to our servers.
- Your location is visible only to you, not to other team members.
- If you deny location permission, the timer still works — it just won't record a location.
1-5. Payment Information
| Data | Processed By | Purpose |
|---|---|---|
| Credit card and payment method details | Apple App Store / Google Play (we never receive these) | In-app purchases |
| Purchase receipts, subscription status | Us (via RevenueCat) | Pro plan entitlement |
We never collect or store your card number, bank account, or other payment credentials. All payments are processed through the Apple or Google in-app purchase systems, and we only receive the transaction result (receipt identifier and subscription status) via RevenueCat.
1-6. Automatically Collected Information
| Data | Purpose | Retention |
|---|---|---|
| Crash & diagnostic logs: app version, OS, device info, error details | Identifying and fixing app errors | Per error monitoring service retention policy |
| Approximate location (city-level, derived from IP) | Inferred from your connection IP (not sent by the app). Used for diagnostics | Per error monitoring service retention policy |
| Language setting, timezone | Diagnostics, localization | Per error monitoring service retention policy |
| CAPTCHA verification data | Bot prevention during sign-up and password reset | Discarded immediately after verification |
Personal information such as email addresses and phone numbers is removed from error logs before transmission. Your email and name are never sent, and IP addresses are not stored.
2. How We Use Your Information
| Legal Basis | Applies To |
|---|---|
| Your consent | Location permission, camera/photo permission, contacts permission |
| Performance of contract (providing the Service) | Account data, your content, payment information, team collaboration data |
| Legal obligations | Payment and refund records retention |
| Legitimate interests | Error diagnostics, fraud and abuse prevention |
3. Sharing Your Information
We do not sell your data, and we do not share it for advertising or marketing purposes. We may disclose your information only in these circumstances:
- When required by law or a valid legal process
- With your explicit consent
- In connection with a merger or acquisition (with prior notice)
Content you add to a team calendar is visible to other team members — this is a core feature of the Service. When you send messages or PDFs through your device's SMS app or share sheet, the data leaves our Service and is subject to the receiving app's or recipient's own policies.
4. Service Providers
We use the following third-party service providers to operate the Service:
| Provider | Service | Location |
|---|---|---|
| Supabase, Inc. | Data storage, authentication, file management | South Korea (Seoul) |
| RevenueCat, Inc. | In-app subscription management | United States |
| Functional Software, Inc. (Sentry) | Error monitoring and diagnostics | United States |
| Cloudflare, Inc. | CAPTCHA verification | Global |
| Google LLC | Sign-in, address search, map display, AI template generation | United States |
| Kakao Corp. | Sign-in, address search | South Korea |
| Resend, Inc. | Transactional email (sign-up confirmation, password reset, security alerts) | Japan (Tokyo) |
5. International Data Transfers
Your primary data (appointments, contacts, photos) is stored in Supabase's Seoul, South Korea data center. Some information is transferred to servers outside South Korea as described below:
| Data | Recipient | Country | When | Retention |
|---|---|---|---|---|
| Crash logs (pseudonymous ID, device/OS info, approximate location from IP) | Sentry | United States | When an app error occurs | 30 days |
| Subscription status, receipt identifiers | RevenueCat | United States | On purchase or subscription change | Per RevenueCat policy |
| Your AI template generation prompt | Google (Gemini API) | United States | When you request AI template generation | Per Google policy |
| OAuth credentials | United States | When you sign in with Google | Per Google policy | |
| Address search queries, coordinates | Google (Places/Maps) | United States | When you search for an address or view a map | Per Google policy |
| Email address, email content | Resend | Japan (Tokyo) | When we send transactional emails | 1 day |
| CAPTCHA context | Cloudflare | Global | During sign-up or password reset | Discarded after verification |
6. Your Rights
| Right | How to Exercise |
|---|---|
| Access | View your data directly in the app, or contact us for a copy |
| Correction | Edit your data directly in the app |
| Deletion | Delete individual items in the app, or use "Delete Account" to remove everything |
| Restriction of processing | Contact us at the address below |
7. Data Deletion
7-1. Account Deletion
When you delete your account through the app, we immediately and permanently delete:
- All personal appointments, contacts, templates, recurring rules, D-Day items, and AI generation logs
- All personal photos (personal-photos storage bucket)
- Your change history records
- Your profile and authentication record
If you belong to a team, you will be removed from the team first. Data you contributed to team calendars (team appointments, team photos) remains with the team. If you are the sole Owner, ownership automatically transfers to the next member; if no members remain, the team and its data are deleted as well.
7-2. Regular Deletion
- Individual deletions: marked as deleted, then permanently removed from the server after 60 days.
- Photos: automatically deleted from the server 90 days after upload.
7-3. Legal Retention
Where required by Korean law, certain records (such as payment and refund history) may be retained for the period specified by the applicable statute, even after account deletion.
8. Security
- On-device encryption: Sensitive fields (contacts, memos, message templates) are encrypted and stored locally. Encryption keys are managed by the device's secure enclave.
- Business profile protection: Your business profile and payment instructions are stored in a separate encrypted storage on your device.
- Encryption in transit: All communications use TLS 1.2 or higher.
- Access control: Row-level access controls on the server database ensure you can only access your own data or data belonging to your teams. File storage is accessible only through temporary access URLs.
- Photo metadata removal: GPS and other metadata are stripped from photos at upload time.
- Phone number hashing: Phone numbers are stored as one-way hashes for lookup purposes; plaintext search on the server is not performed.
- Login security: Rate-limited login attempts, CAPTCHA verification, and password reset cooldowns.
- Error log scrubbing: Personal data patterns and sensitive fields are masked before any error log is transmitted. If scrubbing fails, the content is emptied (fail-closed).
- Access management: The sole operator holds all administrative privileges and follows the principle of least privilege. All service management consoles are protected with two-factor authentication (2FA), and credentials are stored in an encrypted password management tool.
9. Device Permissions
| Permission | Purpose | If Denied |
|---|---|---|
| Camera | Take work photos | You can still attach photos from your gallery |
| Photo library (read) | Select photos to attach | Photo attachment unavailable |
| Photo library (save) | Save photos from the viewer to your device | Saving unavailable (in-app viewing still works) |
| Location (while using) | Record location once when starting a team service timer | Timer works without recording location |
| Contacts (Android) | Caller ID integration | Caller ID feature unavailable |
| Notifications | Appointment reminders (local notifications only) | No reminders |
All permissions are optional and can be changed at any time in your device's system settings. On iOS, contact selection uses the system picker and requires no separate permission; Caller ID uses a CallKit Directory Extension.
10. AI Features
10-1. What We Send
- Sent: The natural-language prompt you type (e.g., "Create an AC repair estimate template")
- Not sent: Your appointments, contacts, photos, memos, or any other data
10-2. How It Works
Your prompt is routed through a Supabase Edge Function (Seoul) to the Google Gemini API. The app does not call Gemini directly. Our database records only the request timestamp and your user ID — the prompt text and the generated result are not stored on our servers.
10-3. Important
Do not include personal information (client names, phone numbers, addresses) in your prompts. AI-generated templates are for reference only — review and edit them before use.
10-4. Opting Out
You are not required to use AI template generation. All regular template features work without it.
11. Children
The Service is intended for users aged 14 and older. We do not knowingly collect information from anyone under 14. If we learn that a user is under 14, we will promptly delete their account and associated data.
12. Advertising & Tracking
We do not collect advertising identifiers (ADID/IDFA), use cookies for tracking, or collect behavioral data for targeted advertising. There are no ads in the Service.
13. Automated Decision-Making
We do not make automated decisions that produce legal or similarly significant effects on you.
14. Contact Us
| Operator | ILJI / Business Registration No. 338-69-00732 |
| Mail-Order Sales Registration No. | 제2026-인천서구-2468호 |
| Representative / Data Protection Officer | Jungwoo Cheon |
| support@ilji.app | |
| Address | 11F, 1103-T21, 588 Jungbong-daero, Seo-gu, Incheon, South Korea |
15. Changes to This Policy
If we make changes to this policy, we will notify you at least 7 days in advance (or 30 days for material changes) through an in-app notice or email.