Degustation Privacy Policy

Effective date: 2026-02-23

Degustation (the "Service") complies with applicable privacy laws and processes personal data lawfully and transparently. This policy applies to the Service website and all related features.

1. Purpose of Processing Personal Data

  1. Member administration: account registration and identity verification, social login integration, account maintenance, abuse prevention, and customer support.
  2. Service operation: storing/displaying content such as coffee records and memos, and collecting/sharing guest tasting inputs through tokenized guest links created by members.
  3. Service improvement and analytics (only with optional consent): usage analysis, error diagnostics, and statistics for feature improvement (Google Analytics 4).

Guest tasting links may expire after 7 days by default (subject to policy changes).

2. Categories of Personal Data We Process

2.1 Members (email signup)
Required: email, password (stored in encrypted form), account identifier, signup/access logs
Optional: display name (if provided)

2.2 Members (social login)
Required: social provider identifier, email (within provider scope), signup/access logs
Optional: profile information (within provider scope)
Supported providers: Google, Kakao

2.3 Guests (token-link users)
Required: tasting inputs (scores/keywords/comments), token identifier (random string), access logs

Guests are asked not to include personal information (for example, contact details) in comments. If personal data is included, it may be deleted or masked as needed.

2.4 Automatically collected data
IP address, access logs, device/browser information, cookie/session identifiers, error logs
(with optional consent) GA4 event data and cookie identifiers (for example, _ga)

3. Retention Period

  • Member data: until account deletion (deleted upon withdrawal as a rule)
  • Guest tasting data: until deleted by the member or until retention period ends per policy
  • Access/error logs: retained for up to 1 year, then deleted (operational policy)
  • Dispute response / abuse prevention records: retained for up to 1 year, then deleted (operational policy)

4. Provision to Third Parties

The Service does not provide personal data to third parties in principle. However, data may be provided where required by law or where separate user consent is obtained.

5. Outsourcing / Processors

  • Infrastructure/hosting/server operation: Oracle Cloud
  • Social login providers: Google, Kakao
  • Web analytics (with optional consent): Google Analytics 4 (Google)

The Service currently does not provide payment functionality.

Uploaded images are used only for temporary coffee information parsing, are not stored on the server, and are discarded immediately after processing.

6. Cross-Border Transfer (if applicable)

GA4 data may be processed through systems operated outside your country. If cross-border transfer applies, we will provide notice of recipient, transfer country, transferred items, purpose, retention period, and refusal method in this policy and cookie settings.

7. Destruction Procedure and Method

  • Procedure: when purpose is achieved or retention period ends, data is selected and destroyed under internal policy
  • Method: electronic files are deleted using non-recoverable methods; printed materials are shredded or incinerated

8. User Rights and How to Exercise Them

Users may request access, correction, deletion, and suspension of processing of their personal data at any time.

How to exercise rights: use account/settings features in the Service or contact us.

Service features (including planned): account deletion, deletion of records/memos, and guest-link reissuance.

9. Security Measures

  • Encrypted storage of key information including passwords
  • Access control and permission management (least-privilege principle)
  • Access log and anomaly monitoring
  • Encryption in transit (HTTPS)

10. Cookies: Use and Refusal

The Service may use required cookies for login persistence and security.

Analytics cookies such as GA4 are used only after consent (optional consent).

You can refuse cookie storage via browser settings; in this case some features (such as persistent login) may be limited.

12. Policy Changes

This policy may be revised due to legal or service changes. If revised, we will provide notice in the Service or through other appropriate means.