Kokorang
Privacy Policy
Anarchy Inc. ("we", "us", or the "Company"), the operator of the Kokorang Service, respects your privacy and complies with applicable data protection laws, including the Republic of Korea's Personal Information Protection Act (PIPA). This Policy explains how the Kokorang mobile and web application (the "Service") collects, uses, stores, and deletes personal information, and the rights available to you.
1. Information We Collect
| Category | Data | When Collected |
|---|---|---|
| Required | Email, password (encrypted), nickname | At sign-up |
| Optional | Profile image, language preference, marketing opt-in | During sign-up or settings |
| Social Login | Email, identifier (uid), display name (as provided by the social platform) | When logging in via Google / Apple / Facebook / X |
| Service Usage | Learning progress, match history, stars/marbles ledger, daily attendance | Automatically while you use the Service |
| Device | OS and app version, FCM push token, sign-in IP (security) | On launch and push registration |
| Under 14 | Guardian's email and consent record | When a user under 14 signs up |
2. Purposes of Use
- Account identification, authentication, and abuse prevention.
- Delivery of learning content and match modes, and synchronization of progress across devices.
- Social features such as friend search, requests, and gifting.
- Customer support and notifications of policy changes.
- Service improvement and aggregate analytics (in non-identifiable form).
- Legal compliance, dispute resolution, and security incident response.
3. Retention and Deletion
- Account information is deleted immediately upon account deletion. To prevent abuse, the nickname is reserved for 30 days after deletion before being released.
- Records that must be retained under applicable law (e.g., e-commerce, telecommunications) are stored separately for the period required by such law.
- Access logs and IP addresses are retained for up to 3 months and then automatically purged.
- Match and study statistics may be retained in aggregated, non-identifiable form for analytics purposes only.
4. Third Parties and Processors
We do not sell or share your personal information with third parties for their own purposes without your consent. We use the following service providers to operate the Service:
| Processor | Purpose | Region |
|---|---|---|
| Google LLC (Firebase Authentication, Firestore, Hosting, Cloud Functions, Cloud Storage, FCM) | Authentication, database, push delivery, static hosting | USA / Global |
| Google LLC (Cloud Run) | Real-time match server | asia-northeast3 |
| Apple Inc. | Sign in with Apple | USA |
| Meta Platforms (Facebook Login) | Facebook sign-in (optional) | USA |
| X Corp. | X (Twitter) sign-in (optional) | USA |
All processors are bound by their respective data protection agreements and may only process data within the scope necessary to provide the Service.
5. Children Under 14
Users under the age of 14 must obtain consent from a legal guardian to sign up. During sign-up we collect the guardian's email and send a magic-link consent request. The account remains inactive until the guardian confirms consent. A guardian may withdraw consent at any time, which will result in account deletion in the same manner as a user-initiated deletion.
6. Your Rights
- Access, correct, delete, or restrict processing of your personal information.
- Delete your account and linked information at any time from My > Settings > Delete Account.
- Withdraw marketing consent immediately from in-app settings.
- For requests, contact service@anarchy.io.
7. Security Measures
- Authentication credentials are stored by Firebase Auth using one-way encryption.
- All network traffic is encrypted in transit via TLS (HTTPS/WSS).
- Administrative interfaces use role-based access control and audit logs.
- Access logs are retained for the period above and monitored for anomalies.
8. Automated Collection
We do not use third-party advertising SDKs and do not display advertisements. Operational tools such as Firebase Crashlytics may collect anonymized diagnostic data for reliability and incident response.
9. Privacy Officer
- Officer: Hyejin Park
- Email: service@anarchy.io
10. Changes to This Policy
We will notify users of material changes at least 7 days before the effective date through in-app notice or this page. For significant changes, we will provide notice at least 30 days in advance.
