AFTERLOG
Volver al inicio

Este documento solo está disponible en inglés por ahora. Estamos preparando una traducción.

Afterlog Privacy Policy (Draft)

⚠️ DRAFT — not for use before legal review. This document is an internal draft written by the development team based on the actual implementation (data schema and collected fields) and is not legal advice. Requirements under Korea's Personal Information Protection Act (PIPA) and the jurisdictions Afterlog targets (EU GDPR, Thailand PDPA, Brazil LGPD, and others) must be reviewed by qualified counsel before the effective date. The Data Protection Officer (DPO), contact details, and cross-border transfer basis are to be confirmed after review.

Last updated: (to be confirmed after review) · Version: draft v0.1


1. Overview

The Company takes your privacy seriously and manages your personal data securely under applicable law. This policy explains what information the Service collects and why, how it is used, retained, and deleted, and what rights you have.

2. Information We Collect

The Service actually processes the following.

Account information

  • Email address (provided on email signup or via social login).
  • Social login identifiers (Apple/Google provider and provider user ID). For email signup, your password is stored only as a hash.
  • Profile information: username, display name, bio, profile image.
  • Account settings: time zone and language (locale).

Potentially sensitive content (voluntarily uploaded by you)

  • Photos and videos, which may include face/body images and before/after procedure photos. Location (GPS) metadata is removed from photos during upload processing.
  • Text (captions) in Journeys and Updates, comments, and interaction records such as likes, saves, and follows.

Service operations

  • Trust & Safety records such as reports and blocks.
  • Logs generated during access and use. To de-duplicate view counts, an IP address is used only temporarily (about 30 minutes, in a server cache) and the raw IP is not permanently stored as view data.

Marketing (optional)

  • If you join the waitlist, your email address and referral (UTM) parameters.

What we do not currently collect (for reference)

  • Location data (photo GPS is stripped); we do not separately collect precise location.
  • Payment information (no payments are in the MVP scope).
  • AI analysis for demographic or health profiling (not offered at this stage).

3. How We Collect

  • Directly from you when you sign up, complete your profile, upload content, or join the waitlist.
  • Authentication data received via social login providers.
  • Logs generated automatically as you use the Service.

4. Purposes of Use

  • Identifying and authenticating members and managing accounts.
  • Providing core features such as Journey records, feed, timeline, search, and the slider.
  • Processing content (thumbnail/preview generation, location metadata removal).
  • Maintaining community trust and safety (handling reports and blocks) and complying with law.
  • Notifying waitlist registrants about launch (within the scope of consent).

5. Retention and Deletion

  • Personal data is destroyed without delay once the purpose of collection and use is achieved.
  • Upon account deletion, your content is deleted or de-identified within a reasonable period, except items subject to a legal retention obligation.
  • Information that the law requires to be kept for a set period is stored separately for that period and then destroyed.

6. Sharing and Processing on Our Behalf

  • The Company does not share personal data with third parties except where required by law or with your consent.
  • We may engage processors (e.g., cloud storage and delivery) to operate the Service; where we do, the processor and scope are stated in this policy and safeguards are secured by contract. The specific processor list is confirmed before the effective date.
  • Social login is also subject to the respective provider's (Apple/Google) policies.

7. International Transfers

Depending on infrastructure, personal data may be processed on servers outside your country. The countries, data, purposes, retention, and transfer basis (e.g., GDPR adequacy or standard contractual clauses) are specified in this policy after legal review.

8. Your Rights (Access, Rectification, Erasure, Restriction, Portability)

You (and data subjects under applicable law) may exercise the following rights.

  • Access / copy: request access to and a copy of your processed data.
  • Rectification: request correction of inaccurate data.
  • Erasure (right to be forgotten): request deletion of your account and content.
  • Restriction: request that specific processing be stopped or restricted.
  • Portability: receive data you provided in a structured format (in jurisdictions such as the EU).
  • Withdraw consent: withdraw consent for consent-based processing.
  • Object: object to specific processing (in applicable jurisdictions).

Methods and response timelines follow applicable law (e.g., Korea PIPA, EU GDPR, Thailand PDPA, Brazil LGPD); the channel and procedure are confirmed before the effective date.

9. Separate Consent for Sensitive Data

The Service is designed for you to upload potentially sensitive information such as body and procedure photos. Such information is processed on the basis of explicit consent, and new content defaults to conservative (private-first) visibility. You can change visibility or delete content at any time.

10. Children's Privacy

The Service is not available to anyone under the age of 14. Where a jurisdiction requires a higher minimum age or guardian consent, that standard applies. If the Company learns it holds data of a user below the age threshold, it deletes that data without delay.

11. Security Measures

  • Encryption in transit and at rest, least-privilege access, private storage of original media with only derivatives exposed publicly.
  • Privacy-protective defaults such as password hashing and removal of photo location metadata.

12. Data Protection Officer and Contact

The Data Protection Officer (where applicable), contact details, and grievance channel will be confirmed and stated before the effective date, together with your right to lodge a complaint with the relevant supervisory authority.

Afterlog — Comparte tu recorrido, no solo tus momentos