Privacy Policy.

Westforte Inc. (“EveryWon,” “we,” “us”) is the data controller for the EveryWon mobile application and website (collectively, the “Service”). We are headquartered in Seoul, Republic of Korea.

• ¶ 01
  Company: Westforte Inc.
• ¶ 02
  Email: west.eastforte@gmail.com
• ¶ 03
  Phone: +82 10-6502-8586
• ¶ 04
  Data Protection Officer: reachable via the email above.

We collect only what we need to deliver the EveryWon services. The categories below mirror the disclosures we publish on the Apple App Store Privacy Nutrition Label and the Google Play Data Safety form.

• ¶ 01
  Account & Identity. Email address, display name, language preference, and (optionally) phone number. Used to authenticate, communicate, and personalize the Service.
• ¶ 02
  Health-related Inputs. Symptoms you describe to the AI health desk, questions you post in the community, documents (e.g. prescriptions, lab results) you choose to upload to the translated-records feature. We never sell this data and we never share it with advertisers.
• ¶ 03
  Location. Coarse or precise location, only while the app is in use, and only to power the clinic listing and map navigation features. You can revoke this permission at any time from your device settings.
• ¶ 04
  Booking Information. The clinic, date, time, and reason for visit you submit when booking through the app. Shared with the booked clinic only.
• ¶ 05
  Community Content. Posts, replies, and reactions you publish in the EveryWon community. Visible to other members in accordance with your post visibility settings.
• ¶ 06
  Device & Diagnostic Data. App version, OS version, device model, crash logs, and anonymous performance metrics. Used to fix bugs and improve reliability.
• ¶ 07
  Future services (Insurance & Concierge). When the Insurance and Concierge chapters launch, we may collect additional data (e.g. policy details, residence card number for visa support) strictly for that service. You will be asked for fresh consent at that time.

Under Korea's Personal Information Protection Act (PIPA) and the EU's GDPR, we rely on the following lawful bases:

• ¶ 01
  Performance of contract. To provide the clinic listing, booking, community, translated records, and AI health desk you signed up for.
• ¶ 02
  Consent. For sensitive categories such as health-related data and precise location, we ask for your explicit, opt-in consent and you may withdraw it at any time.
• ¶ 03
  Legitimate interest. For diagnostics, fraud prevention, and product improvement — balanced against your rights and freedoms.
• ¶ 04
  Legal obligation. Where Korean law requires us to retain or disclose information (e.g. tax records, lawful court order).

• ¶ 01
  Operate and maintain the Service (account, login, sessions).
• ¶ 02
  Show you nearby verified clinics and accurate wait times.
• ¶ 03
  Route you to a clinic via map navigation.
• ¶ 04
  Submit and confirm appointments with partner clinics.
• ¶ 05
  Power the community feed, replies, and notifications.
• ¶ 06
  Translate medical records and lab results into your selected language.
• ¶ 07
  Generate AI health-desk responses and triage suggestions.
• ¶ 08
  Send transactional messages (booking confirmations, security alerts).
• ¶ 09
  Detect and prevent abuse, fraud, and spam.
• ¶ 10
  Comply with legal obligations under Korean law and global frameworks.

We do not use your personal information to train third-party AI models, and we do not sell your data to advertisers or data brokers.

We share information only with carefully chosen processors and partners, and only for the purposes described above.

• ¶ 01
  Partner clinics. Receive only the booking fields needed to honor your appointment.
• ¶ 02
  Cloud infrastructure. We host data on SOC 2 / ISO 27001 certified providers, with primary storage in the Republic of Korea.
• ¶ 03
  Map & geocoding providers. Used to render clinic locations and turn-by-turn directions. Location data is sent in real time and not retained for advertising.
• ¶ 04
  AI service providers. Used to power the health desk and translation features. Inputs are processed under strict data-processing agreements, never used for model training, and discarded after use.
• ¶ 05
  Analytics & crash reporting. Privacy-preserving providers configured to drop IP addresses and identifiers wherever possible.
• ¶ 06
  Legal & safety. Disclosed only when required by law, court order, or to protect the rights, property, or safety of EveryWon, members, or the public.

Some processors may operate outside the Republic of Korea (e.g. the United States, the European Union). When data leaves Korea, we rely on Standard Contractual Clauses, your explicit consent under PIPA Article 28, and equivalent safeguards under GDPR Chapter V. You may request a copy of the relevant safeguards at any time.

• ¶ 01
  Account data: for the lifetime of your account; deleted within 30 days of account closure.
• ¶ 02
  Booking history: 5 years (Korean Medical Service Act records-retention reference).
• ¶ 03
  Community posts: until you delete them or close your account.
• ¶ 04
  Health-record uploads: until you delete them; you may export at any time.
• ¶ 05
  Diagnostic logs: 90 days.
• ¶ 06
  AI conversations: 30 days, then anonymized.

You have the right to access, correct, export, restrict, and delete your personal information, and to withdraw consent at any time. You may also lodge a complaint with the Personal Information Protection Commission of Korea (PIPC) or your local supervisory authority.

• ¶ 01
  Access — request a copy of the data we hold about you.
• ¶ 02
  Rectification — correct inaccurate or incomplete data.
• ¶ 03
  Erasure — request deletion of your account and associated data.
• ¶ 04
  Portability — export your data in a machine-readable format.
• ¶ 05
  Objection — object to processing based on legitimate interest.
• ¶ 06
  Withdraw consent — without affecting prior lawful processing.

To exercise any of these rights, email west.eastforte@gmail.com. We respond within 10 business days (PIPA) or 30 days (GDPR).

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production systems is restricted by least-privilege role-based controls and audited continuously. We perform regular vulnerability scans and engage independent security reviewers.

EveryWon is not directed at children under 14. If you believe a child has provided us personal information, please contact us and we will delete it promptly.

Our Apple App Store Privacy Nutrition Label and Google Play Data Safety disclosures reflect this policy. The same data categories, purposes, and partners are disclosed across all surfaces. The most recent version of each disclosure is published on each store listing.

We update this policy when our services or applicable law change. Material changes are announced inside the app at least 7 days before they take effect (30 days for changes affecting health data).

Questions, requests, or complaints? west.eastforte@gmail.com · +82 10-6502-8586 · Westforte Inc., Seoul, Republic of Korea.