§1
The principle
We collect the smallest amount of information needed to deliver the Service well. Sensitive categories (health, precise location) are opt-in, can be revoked at any time, and are never sold or shared with advertisers.
- ¶ 01Minimization. If we don't need it, we don't ask.
- ¶ 02Purpose limitation. Each datum is collected for a specific, declared purpose.
- ¶ 03Transparency. Every category appears below, in the App Store Privacy Label, and in the Play Data Safety form.
- ¶ 04Control. Export or delete your data from inside the app at any time.
§2
Data ledger
Each row below describes a category, the EveryWon feature it powers, why we need it, where it's stored, and how long we keep it.
Account & Identity
All chapters.- Fields collected
- Email, display name, language preference, optional phone.
- Why we collect
- Authentication, communication, personalization.
- Legal basis
- Performance of contract
- Storage location
- Republic of Korea (primary) · backup: EU
- Retention
- Lifetime of account; deleted within 30 days of closure.
- Shared with
- No
Health Inputs (AI Desk & Records)
Translated records · AI health desk.- Fields collected
- Symptom descriptions, lab reports, prescriptions, scan summaries you upload.
- Why we collect
- Translate records, answer health questions, surface relevant clinics.
- Legal basis
- Explicit consent (sensitive data)
- Storage location
- Republic of Korea, encrypted at rest.
- Retention
- Until you delete; AI conversations 30 days then anonymized.
- Shared with
- AI processor under DPA · never used for model training.
Location
Clinic listing · Easy map navigation.- Fields collected
- Coarse or precise location, while app is in use.
- Why we collect
- Show nearby clinics; provide turn-by-turn map navigation.
- Legal basis
- Explicit consent
- Storage location
- Sent in real time to map provider; not retained for ads.
- Retention
- Not stored beyond session unless you save a location.
- Shared with
- Map / geocoding provider only.
Booking Information
In-app booking.- Fields collected
- Selected clinic, date, time, reason, member name.
- Why we collect
- Submit and confirm appointments with clinics.
- Legal basis
- Performance of contract
- Storage location
- Republic of Korea.
- Retention
- 5 years (Korean Medical Service Act reference).
- Shared with
- Only with the booked clinic.
Community Content
Community section.- Fields collected
- Posts, replies, reactions, attached images you choose to upload.
- Why we collect
- Run the Q&A community; allow other members to help you.
- Legal basis
- Performance of contract · public visibility you control
- Storage location
- Republic of Korea.
- Retention
- Until you delete or close your account.
- Shared with
- Other members per your visibility setting.
Device & Diagnostics
All chapters.- Fields collected
- App version, OS, device model, crash logs, performance metrics.
- Why we collect
- Bug fixes, stability, abuse prevention.
- Legal basis
- Legitimate interest
- Storage location
- Republic of Korea / EU.
- Retention
- 90 days.
- Shared with
- Crash-reporting processor (privacy-preserving).
Future — Insurance
Insurance chapter (coming soon).- Fields collected
- Policy details, claim metadata, region of residence.
- Why we collect
- Compare and explain insurance packages; advise on claims.
- Legal basis
- Explicit consent at activation
- Storage location
- Republic of Korea.
- Retention
- Per Korean Insurance Business Act (typ. 5 years).
- Shared with
- Only with the insurance manager you select.
Future — Concierge (Visa / Tax / Pension)
Concierge chapter (coming soon).- Fields collected
- Residence card number (where required), tax IDs, pension records.
- Why we collect
- Submit applications and recover pension on your behalf.
- Legal basis
- Explicit consent at activation
- Storage location
- Republic of Korea, encrypted.
- Retention
- Statutory minimums per Korean law.
- Shared with
- Only with the verified concierge partner you select.
§3
What we do NOT collect
- ¶ 01Your contacts list, photo library, microphone, or camera (unless you actively attach media to a post or record).
- ¶ 02Advertising identifiers (IDFA / GAID) for tracking across other apps and websites.
- ¶ 03Biometric identifiers other than what your device itself uses for unlocking the app.
- ¶ 04Inferences used to build advertising profiles or sold to data brokers.
§4
Apple App Store — Privacy Nutrition Label
Our Privacy Label discloses three groupings, in line with this document:
- ¶ 01Data Linked to You: Contact info, health & fitness, user content, identifiers, usage data, location (with consent).
- ¶ 02Data Used to Track You: None. EveryWon does not use App Tracking Transparency (ATT) tracking.
- ¶ 03Data Not Linked to You: Diagnostics, crash logs, anonymized performance metrics.
§5
Google Play — Data Safety
The Data Safety form on Google Play matches this document one-for-one. Highlights:
- ¶ 01Data is encrypted in transit using TLS.
- ¶ 02Users can request that their data be deleted.
- ¶ 03We have committed to follow the Google Play Families Policy where applicable.
- ¶ 04We do not share data with third parties for advertising or marketing.
§6
Korean PIPA disclosures
Under Korea's Personal Information Protection Act, we disclose:
- ¶ 01Items collected: as enumerated in §2 above.
- ¶ 02Purpose of processing: as listed per row.
- ¶ 03Retention period: as listed per row, or per statutory minimum.
- ¶ 04Third-party recipients: partner clinics, cloud hosting, map provider, AI processor, crash reporting, insurance / concierge partners (only on activation).
- ¶ 05Right to refuse consent: you may decline optional categories; certain features may then be unavailable.
- ¶ 06Cross-border transfers: only with consent or equivalent safeguards (PIPA Art. 28).
- ¶ 07Withdrawal of consent: any time, in-app or by emailing us.
§7
In-app cross-references
Each surface inside the EveryWon app links back to this page. Where a feature collects data for the first time, you will see a permission prompt, a one-line summary of why we need it, and a link to this document. The same disclosure appears in your account's Privacy & Data screen, where you can export, restrict, or delete your information.
§8
Contact
Questions about a specific category, or want to exercise your rights? Email west.eastforte@gmail.com. We respond within 10 business days (PIPA) or 30 days (GDPR).