Privacy Policy

• Effective: 2026-06-25
• Operator: Green Planet Pack Co., Ltd. (초록별팩 주식회사)
• Representative: Hyeonho Kim
• Business address: 75, Malgeunnae-gil, Uiwang-si, Gyeonggi-do, Republic of Korea
• Business registration number: 182-88-00936
• Data Protection Officer: Hyeonho Kim / cs@palettecorp.kr

We collect only what we need. Consumers can verify authenticity without creating an account or signing in; in that mode, we do not collect any identifying information about you.

1-1. Anonymous users (no sign-in)

• Device OS / model / app version — compatibility and diagnostics (automatic)
• Service logs (scan request/response timing) — service operation (automatic)
• Precise location — only if you grant permission (optional)
• Camera image — not stored, decoded in memory only

1-2. Signed-in users (distributors and store staff)

• Email, password (one-way hashed), store/affiliation — account identity
• Issuance, sale, store-location records — operator features
• Push notification token — only if notifications are enabled (optional)

1-3. What we do not collect

We do not collect address-book contacts, stored photos/videos, payment information, advertising identifiers (IDFA / GAID), or third-party advertising-tracking identifiers.

• Providing authenticity verification (QR validation, result delivery)
• Detecting and warning about suspected tampering/counterfeiting
• Service operation, incident response, and performance improvement
• For signed-in users: account authentication and operator features (issuance, sale, store-location records)
• Optional: recording verification-point coordinates when location is allowed
• Optional: sending alerts about suspicious results

We do not use collected information for any purpose beyond those above.

We do not sell, share, or otherwise transfer your personal information to third parties. The following processors are engaged solely to operate the service:

• Cloud infrastructure provider (e.g., AWS) — server and database hosting, domestic region preferred
• Apple Push / Google FCM — notification routing, only if notifications are enabled

We may disclose information to law enforcement when required by a lawful legal request.

• Anonymous scan logs: up to 12 months from collection, then automatic deletion
• Signed-in account information: deleted on account closure (except items required by law)
• Issuance / sale / store records: the period required by applicable law (commerce, tax)
• Location coordinates (when allowed): same as scan logs (up to 12 months)
• Push tokens: discarded on notification opt-out or app uninstall

Electronic data is deleted using non-recoverable methods; printed materials are shredded or incinerated.

You may at any time:

• Request access to your personal information
• Request correction or deletion
• Request restriction of processing
• Withdraw consent (location and notification permissions can be revoked from your OS settings)

How to request: email cs@palettecorp.kr. After identity verification, we will respond within 10 business days. Anonymous users have no stored identifiers, so no separate deletion procedure is needed; deletion of scan or location logs is honored on request.

• Encrypted transport (TLS / HTTPS)
• One-way hashing of passwords
• Mobile credentials stored in the device secure store
• Least-privilege access control and operations log review
• Periodic vulnerability assessments

• Privacy / general inquiries / technical support: cs@palettecorp.kr
• Mail: 75, Malgeunnae-gil, Uiwang-si, Gyeonggi-do, Republic of Korea — Green Planet Pack Co., Ltd.

Regulatory remedies (Republic of Korea)

• Personal Information Dispute Mediation Committee — 1833-6972, www.kopico.go.kr
• Korea Internet & Security Agency Privacy Center — 118, privacy.kisa.or.kr
• Supreme Prosecutors' Office Cyber Investigation — 1301
• National Police Agency Cyber Bureau — 182