Privacy Policy

1. Service Operator

• Service name: KARE PASS (integrated voucher platform)
• Operating entity: [TO BE REVIEWED — legal name]
• Address: [TO BE REVIEWED]
• Contact: [TO BE REVIEWED — primary email/phone]

2. Personal Data We Collect

The Company collects the following personal data to provide the Service.

• Account information: email (required), name (required), password (stored encrypted; not collected for social-login users), preferred language, account status, sign-up and last-login timestamps
• Social-login information: provider (Google/Apple/Facebook), provider user identifier, email supplied by the provider
• Booking and travel-companion information (optional): companion name, passport number (stored masked), date of birth, gender, nationality
• Payment information: payment currency (USD), payment authorization and refund records, payment-gateway transaction identifier (sensitive payment-instrument data such as card numbers is handled by the payment gateway and is not stored by the Company)
• Service usage records: voucher issuance/use/transfer history, booking schedules, and audit logs including access IP, device information (User-Agent), and access time

3. Purposes of Collection and Use

• Member registration, identity verification, and login authentication
• Issuance, use, transfer (gifting), and settlement of KARE PASS vouchers
• Relaying and processing bookings with partners (hospitals, aesthetics, accommodation, mobility)
• Payment and refund processing
• Sending notifications such as booking approval/rejection, expiry reminders, settlement, and gifting
• Responding to customer inquiries and operating and improving the Service
• Preventing fraudulent use and complying with legal obligations

4. Provision of Personal Data to Third Parties

To process bookings requested by users, the Company provides the minimum necessary information to partners, limited to what is required to fulfill the booking.

• Medical/aesthetic partners: booking identifier, voucher identifier, scheduled visit time, and companion information where needed (medical information such as diagnoses, prescriptions, and test results is not provided)
• Accommodation partners: booking identifier, scheduled arrival time, number of guests
• Mobility partners: airport name, scheduled arrival time, number of passengers

5. Entrustment of Personal Data Processing

The Company may entrust certain tasks to external providers to deliver the Service smoothly, and imposes contractual obligations to keep personal data secure.

• Payment processing: payment gateway (PG) provider
• Notification delivery: push (FCM/APNs), SMS, and email delivery services
• Cloud infrastructure operation: [TO BE REVIEWED — cloud provider]

6. No Handling of Personal Health Records (PHR)

The Company does not collect, store, or process any personal health information (EMR/PHR) such as diagnoses, prescriptions, test results, or procedure details.

Even for medical and aesthetic bookings, only schedule information such as the scheduled visit date is processed, and any medical information is automatically blocked at the input and logging stages so it does not enter the system.

7. Retention and Deletion of Personal Data

• Member information: A 30-day grace period applies when a member requests withdrawal (account deletion); withdrawal can be cancelled by logging in again within the grace period. After the grace period, personal data is de-identified.
• Withdrawal may be restricted while active vouchers or unsettled orders exist.
• Transaction and settlement records: retained in anonymized form for legal compliance and dispute resolution.
• Audit logs: kept readily accessible for about one year, then retained separately for up to seven years; security-related records may be retained permanently.
• Deletion method: information in electronic file form is deleted by an unrecoverable method.
• Specific retention periods: [TO BE REVIEWED]

8. Rights of Data Subjects

Users may exercise the following rights regarding their personal data.

• Request to access or correct personal data
• Request to delete personal data or suspend its processing
• Withdraw membership (an in-app account-deletion request feature is provided)
• How to exercise these rights: [TO BE REVIEWED — contact]

9. Cross-Border Transfer of Personal Data

The Service targets a global user base, and personal data may be transferred abroad during entrustment and infrastructure operation. Details such as the destination countries, items, timing, method, and legal basis are [TO BE REVIEWED].

10. Security Measures

• Passwords are stored as irreversible hashes (bcrypt); plaintext is never retained.
• Data access is restricted through role-based access control (RBAC) and ownership verification.
• Administrator access is permitted only through Google Workspace SSO.
• Sensitive identifiers such as passport numbers are stored masked.
• Authentication session tokens have expiry times (access 1 hour, refresh 7 days) and are invalidated on logout.
• Key activities are recorded in append-only audit logs that cannot be modified or deleted.

11. Social Login

When you log in with a Google, Apple, or Facebook account, the Company receives a user identifier and email from that provider and uses them to identify your account. Depending on the provider’s policy, some information (e.g., email) may not be provided.

12. Data Protection Officer

• Name/title: [TO BE REVIEWED]
• Contact: [TO BE REVIEWED]

13. Notice of Changes

If this Privacy Policy is amended by addition, deletion, or modification, we will announce the changes within the Service before they take effect. Effective date: [TO BE REVIEWED].