Privacy Policy
Last Updated: October 22, 2025
Effective Date: October 22, 2025
Destiny Engine ("Company," "we," "us," or "our") takes your privacy seriously and complies with relevant laws including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection. This Privacy Policy clarifies the procedures and standards for collecting, using, providing, and destroying personal information during your use of our services to protect your rights.
1. Personal Information We Collect and Collection Methods
1.1 Personal Information Items Collected
▪ During Registration (Required)
- Email address
- Password (encrypted storage)
- Name or nickname
▪ During API Usage (Required)
- API key
- Request IP address
- Request timestamp and endpoint
- Usage statistics (call count, response time, etc.)
▪ Data Entered During Service Use (Optional)
- Birth information (date of birth, birth time, birth location)
- Gender
- Name (when using naming services)
※ Important: Birth information is processed temporarily during API requests and is not stored separately. However, if you explicitly request storage, it will be encrypted and retained.
▪ Automatically Collected Information
- Access logs (IP address, access time, browser type)
- Cookies (for session maintenance)
- Device information (OS, device type)
1.2 Collection Methods
- Direct input by users during registration and service use
- Automatic collection through API requests
- Automatic collection through log analysis tools
2. Purpose of Collection and Use of Personal Information
▪ Member Management
- Identity verification for member services
- Personal identification and prevention of unauthorized use
- Confirmation of registration intent and age verification
- Prevention of duplicate registration
- Record retention for dispute resolution
- Handling customer inquiries and complaints
▪ Service Provision
- Astrological chart calculation and interpretation
- Saju and Jami analysis
- API authentication and access control
- Usage tracking and rate limiting enforcement
- Service usage statistics and analysis
▪ Marketing and Advertising (Optional, with consent only)
- Development of new services and customized service provision
- Provision of event and promotional information
- Service provision and ad placement based on demographic characteristics
- Service effectiveness verification
▪ Service Improvement
- Service usage statistical analysis
- Failure response and error correction
- Security enhancement and fraud prevention
3. Retention and Use Period of Personal Information
We process and retain personal information within the retention and use period prescribed by law or agreed upon when collecting personal information from users.
▪ Member Information
- Retention period: Until account deletion
- Exception: Retained for required period when necessary under applicable laws
▪ API Usage Logs
- Retention period: 1 year (for statistical analysis and security purposes)
- Automatically deleted or anonymized after 1 year
▪ Birth Information (when user requests storage)
- Retention period: Until account deletion or deletion request
- Encrypted storage, user can delete at any time
Retention According to Applicable Laws
We retain information as required by laws such as the Commercial Act and E-Commerce Act:
- Records of contracts or withdrawal of offers: 5 years
- Records of payment and supply of goods: 5 years
- Records of consumer complaints or dispute resolution: 3 years
- Records of labeling and advertising: 6 months
- Records of access: 3 months (Protection of Communications Secrets Act)
4. Provision of Personal Information to Third Parties
We do not provide your personal information to third parties in principle, except in the following cases:
▪ When users have given prior consent
▪ When required by law or requested by investigative agencies following legally prescribed procedures
Use of Third-Party Services
We use the following third-party services to provide our services. Data transmitted to these services is subject to their respective privacy policies:
▪ OpenAI API (AI Interpretation Service)
- Information provided: Birth information, chart data (anonymized)
- Purpose: AI-powered astrological interpretation
- Retention period: According to OpenAI's data retention policy (typically deleted within 30 days)
- Privacy Policy: https://openai.com/policies/privacy-policy
▪ Google Gemini API (AI Interpretation Service)
- Information provided: Birth information, chart data (anonymized)
- Purpose: AI-powered astrological interpretation
- Retention period: According to Google's data retention policy
- Privacy Policy: https://policies.google.com/privacy
▪ Supabase (Database Hosting)
- Information provided: Email, password (encrypted), API keys, usage logs
- Purpose: Data storage and management
- Retention period: Until account deletion
- Privacy Policy: https://supabase.com/privacy
▪ Vercel / AWS (Hosting Services)
- Information provided: Access logs, IP addresses
- Purpose: Service provision and operation
- Retention period: According to log retention policies (typically 30-90 days)
5. Consignment of Personal Information Processing
We may outsource personal information processing tasks as necessary to provide services. When doing so, we establish necessary provisions to ensure safe management in accordance with applicable laws.
| Consignee | Consigned Tasks | Retention Period |
|---|---|---|
| OpenAI | AI-powered astrological interpretation | Immediate deletion or 30 days |
| Google Cloud | AI-powered astrological interpretation | Immediate deletion |
| Supabase | Database hosting | Until account deletion |
| Resend | Email delivery | 30 days after sending |
6. User Rights and How to Exercise Them
Users may exercise the following rights at any time:
- Request to view personal information: Available in Developer Portal
- Request to correct personal information: Can be modified directly in profile settings
- Request to delete personal information: Account deletion or contact customer service
- Request to stop personal information processing: Contact customer service (support@destinyengine.com)
Legal representative's rights: Legal representatives of children under 14 may request to view, correct, or delete the child's personal information.
7. Procedures and Methods for Destroying Personal Information
7.1 Destruction Procedures
- Information entered by users for registration is stored for a certain period according to internal policies and information protection reasons under applicable laws after the purpose is achieved, then destroyed.
- Personal information is not used for purposes other than retention purposes except as required by law.
7.2 Destruction Methods
- Electronic files: Complete deletion using technical methods that prevent recovery and reproduction
- Paper documents: Shredding or incineration
8. Technical and Administrative Measures for Personal Information Protection
8.1 Technical Measures
- Password encryption: User passwords are encrypted and stored using bcrypt algorithm
- HTTPS application: TLS/SSL encryption for all data transmission
- API key encryption: AES-256 encryption applied during storage
- Hacking prevention: Operation of firewalls and Intrusion Detection Systems (IDS)
- Backup and recovery: Regular backups and disaster recovery plans
8.2 Administrative Measures
- Access authorization management: Minimize personal information processing staff and grant access authorization
- Security training: Conduct internal training on personal information protection
- Designation of personal information protection officer: Overall responsibility for personal information processing tasks
9. Cookie Operation and Rejection
We operate 'cookies' that periodically save and retrieve user information.
9.1 Purpose of Cookie Use
- Login session maintenance
- Customized service provision for users
- Analysis of website visits and usage patterns
9.2 Cookie Installation, Operation, and Rejection
Users have the choice regarding cookie installation:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Safari: Preferences → Privacy → Cookies and website data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
※ Refusing cookie storage may cause difficulties using some services that require login.
10. Personal Information Protection Officer and Department
We take your personal information protection very seriously and do our best to ensure that personal information is not damaged, violated, or leaked. We have designated a personal information protection officer as follows to oversee personal information processing tasks and handle user complaints and provide remedy for damages related to personal information processing.
▪ Personal Information Protection Officer
- Name: [Officer Name]
- Position: [Position]
- Email: privacy@destinyengine.com
- Phone: [Phone Number]
▪ Personal Information Protection Department
- Department: Personal Information Protection Team
- Email: support@destinyengine.com
For other personal information infringement reports or consultations, you may contact the following organizations:
- Personal Information Infringement Report Center: 118 (Korea) / privacy.kisa.or.kr
- Supreme Prosecutors' Office Cybercrime Investigation Division: 1301 (Korea) / www.spo.go.kr
- Korean National Police Agency Cyber Safety Bureau: 182 (Korea) / cyberbureau.police.go.kr
11. Changes to Privacy Policy
This Privacy Policy is effective from the effective date, and if there are additions, deletions, or corrections to changes in content according to laws and policies, we will notify you through announcements at least 7 days prior to the effective date of changes.
- Announcement date: October 22, 2025
- Effective date: October 22, 2025
Privacy inquiries: privacy@destinyengine.com