Privacy Policy

Effective Date: March 4, 2026

Pawsitive (hereinafter referred to as the 'Company') establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to process related grievances promptly and smoothly.

Effective Date: March 4, 2026

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information being processed shall not be used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent under Article 18 of the Personal Information Protection Act will be implemented.

  1. Member Registration and Management Personal information is processed for the purpose of confirming intent to register, identification and authentication for membership services, maintaining and managing membership, preventing unauthorized use of services, and verifying that users are 14 years of age or older.

  2. Pet Health Management Service Personal information is processed for the purpose of providing core services such as pet (cat/dog) health record management, feeding/water/excretion/medication/weight/subcutaneous fluid/blood sugar records, routine management, veterinary visit records, care journals, health reports, and walk tracking.

  3. AI-Based Health Analysis and Insights To provide AI features such as AI chat, feed/receipt/blood test/insurance document OCR analysis, AI health report generation, palatability analysis, and memorial illustration generation, pet health data, photos, and chat content are transmitted to and processed by external AI service providers. The Company processes data through the APIs of AI service providers, and these providers do not use data transmitted via APIs for training their AI models.

  4. Service Improvement Personal information is processed for the purpose of analyzing service usage statistics, improving services and developing new features, and handling inquiries and complaints.

  5. Paid Service and Payment Processing We process personal information for paid service provision, subscription status management, payment history verification, and refund processing. However, payment method details such as credit card numbers are managed directly by app stores (Apple/Google), and the Company does not collect or store them.

  6. Location-Based Service Provision Location information is processed for GPS-based route tracking and distance measurement in the walk tracking feature. Location information is collected only with the explicit consent of the member and is used only within the service.

  7. Family Sharing Service Personal information is processed to share pet health management data with family members (up to 5) designated by the member through the family sharing feature of paid services. Family sharing is initiated by the member inviting and designating family members, and consent is obtained from invited family members during this process.

Article 2 (Items and Methods of Personal Information Collection)

The Company collects the minimum personal information necessary for service provision.

Required Items

Category Collected Items
Member Information Email address, password (encrypted storage), name (nickname)
Pet Basic Information Name, species (cat/dog), breed, date of birth, gender, neutering status
Health Management Data Feeding records, water intake, potty records, weight, medication information, vet visit records, subcutaneous fluid records, glucose readings, respiratory rate, blood test results, walk records (GPS location data, routes, distance, speed), palatability evaluation data, AI chat conversation content
Service Usage Information Language setting, timezone, theme setting, unit settings (weight/temperature)
Payment Information Subscription status, subscription start/expiration date, payment receipt ID (issued by app store), membership tier

Optional Items

Profile photo, pet photos, food label photos (OCR analysis), receipt photos (OCR analysis), blood test result photos (OCR analysis), insurance document photos (OCR analysis), potty photos, walk photos (stored within service only, not processed by AI), care journal content, primary veterinary clinic name, care expense records

Automatically Collected Items

Service usage records (access date/time, usage records), device information (OS version, device model, app version), authentication tokens

Article 3 (Processing and Retention Period)

  1. The Company processes and retains personal information within the period of retention and use of personal information as prescribed by law or as agreed upon when collecting personal information from data subjects.

  2. The processing and retention periods for each type of personal information are as follows:

  3. Member Information: Until membership withdrawal

  4. Destroyed without delay upon withdrawal request
  5. Pet and Health Management Data: Until membership withdrawal
  6. Immediately destroyed when a member deletes individual data

  7. Service Usage Records: Until membership withdrawal

  8. However, if preservation is required under relevant laws, the Company retains personal information for the period prescribed by such laws:

  9. Service usage records, access logs: 3 months (Protection of Communications Secrets Act)
  10. Records related to displays/advertisements: 6 months (Electronic Commerce Act)
  11. Payment and goods supply records: 5 years (E-Commerce Act)

  12. Consumer complaint or dispute resolution records: 3 years (E-Commerce Act)

  13. The Company handles data transmitted to AI service providers (Anthropic, OpenAI, Google, etc.) as follows:

  14. Data transmitted via AI APIs is immediately deleted by the provider upon completion of API request processing.
  15. AI service providers do not use user data transmitted via APIs for training or improving their AI models. This is guaranteed by each provider's API terms of service (Anthropic API Terms, OpenAI API Data Usage Policy, Google Cloud Terms).

Article 4 (Destruction Procedures and Methods)

  1. The Company destroys personal information without delay when it becomes unnecessary, such as when the retention period has expired or the processing purpose has been achieved.

  2. Destruction Procedure Information entered by users for membership registration, etc. is transferred to a separate database after the purpose has been achieved and destroyed after a certain period of storage in accordance with internal policies and information protection reasons under relevant laws.

  3. Destruction Methods

  4. Electronic files: Safely deleted so that recovery and reproduction are not possible
  5. Paper documents: Destroyed by shredding or incineration

Article 5 (Provision of Personal Information to Third Parties)

  1. The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as consent of the data subject or special provisions of law.

  2. When using the family sharing feature, pet health management data is shared with family members invited by the member. This is based on the member's request and consent, and acceptance of the family invitation constitutes mutual consent to data sharing. The scope of shared data is limited to pet-related data including pet profiles, health records, medication information, and journals.

  3. Except as provided in Paragraph 2 above, the Company does not currently provide users' personal information to third parties.

Article 6 (Entrustment of Personal Information Processing)

The Company entrusts personal information processing as follows for smooth handling of personal information operations.

Entrusted Company Entrusted Tasks
Supabase, Inc. Cloud server operation, data storage and management, authentication service provision
Apple Inc. In-app payment processing (iOS)
Google LLC In-app payment processing (Android)
RevenueCat, Inc. Subscription management and payment status synchronization
Anthropic, PBC AI chat, AI health report generation, palatability analysis, blood test insight analysis, journal AI response, drug information lookup, insurance document OCR analysis
OpenAI, Inc. Receipt OCR analysis, blood test data structuring, walk comment generation
Google LLC (Cloud AI) Feed label OCR analysis, blood test OCR analysis
Google LLC (Gemini) Memorial illustration generation (AI image)

Article 7 (Transfer of Personal Information Overseas)

The Company may transfer personal information overseas for service provision as follows:

Article 8 (Rights and Obligations of Data Subjects)

  1. Data subjects may exercise the following rights regarding personal information protection at any time:

  2. Request to view personal information

  3. Request for correction if there are errors
  4. Request for deletion

  5. Request to suspend processing

  6. Rights can be exercised directly through the settings menu within the service or by requesting via email, and the Company will take action without delay.

  7. If a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the personal information until the correction or deletion is completed.

  8. You can delete all data associated with your account by withdrawing your membership.

Article 9 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

  1. Technical Measures
  2. Encrypted password storage (hashing)
  3. Data transmission encryption via SSL/TLS
  4. Database access control (Row Level Security)

  5. Authentication token-based access control

  6. Administrative Measures

  7. Minimization of employees handling personal information

  8. Regular security inspections

  9. Physical Measures

  10. Use of security-certified data centers through cloud services (Supabase/AWS)

Article 10 (Personal Information Protection Officer)

The Company designates a Personal Information Protection Officer as follows to oversee personal information processing and handle complaints and damage relief for data subjects:

Data subjects may direct all personal information protection-related inquiries, complaints, and damage relief matters arising from service use to the Personal Information Protection Officer.

Article 11 (Personal Information of Children Under 14)

The Company does not collect personal information from children under 14 years of age. The service is available only to persons aged 14 or older, and age verification is performed during registration. If it is confirmed that a child under 14 has registered for the service, the Company will immediately destroy the child's personal information and delete the account.

Article 12 (Remedies for Infringement of Rights)

Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. for relief from personal information infringement.

Article 13 (Changes to Privacy Policy)

This Privacy Policy is effective from the effective date, and if there are additions, deletions, or corrections of changes due to laws and policies, they will be announced through in-app notifications at least 7 days before the effective date of the changes.