Privacy Policy
Last updated: 2026-05-06
1. Purpose of Collecting and Using Personal Information
Famstagram (hereinafter “Service”) collects and uses the minimum necessary personal information for the following purposes.
1.1 Registration and Account Management
- User identification and authentication through social account integration
- Identity verification for service use and sanctions against fraudulent users
- Confirmation of account deletion requests and customer support (CS) processing
1.2 Service Provision
- Sharing and storing digital content (photos, videos, etc.) within family groups
- Personalized notification services and new feature announcements
1.3 Premium Subscription Operation
- Subscription payment processing and auto-renewal management
- Tracking Premium Space holdings and Family Group application history
- Audit logging of payment events and refund processing
2. Personal Information Collected
| Category | Items |
|---|---|
| Required | Sign-up channel identifier, email, profile name, profile photo |
| Optional | Device information, app push notification consent status |
| Auto-collected | Access logs, IP address, fraudulent use records, service usage records |
| Premium Subscription (when applicable) | Plan identifier, owned Space count, payment status, billing period, scheduled downgrade, RevenueCat identifier |
| Space allocation (when applicable) | Per-Family Group Premium Space apply / remove history |
| Payment audit (when applicable) | Raw payment event records sent by RevenueCat webhooks (audit / debugging purpose) |
3. Retention and Use Period
Users’ personal information is, in principle, destroyed without delay once the purpose of collection and use has been achieved. However, the following information is retained for the specified period for the reasons stated below.
- Retention under internal policy: Retained for 30 days after account deletion for fraud prevention and CS processing, then destroyed
- Retention under applicable laws: In accordance with retention periods prescribed by laws such as the Protection of Communications Secrets Act (log records for 3 months) and the Electronic Commerce Act
4. Disclosure to Third Parties and Outsourcing
The Service does not, in principle, provide users’ personal information to external parties (third parties). However, the following processors are entrusted with personal information processing tasks for smooth service provision, and are managed securely in accordance with applicable laws.
| Processor | Entrusted Task | Data Handled |
|---|---|---|
| Apple Inc. | Payment processing (App Store) | Transaction info, receipts |
| Google LLC | Payment processing (Google Play) | Transaction info, receipts |
| RevenueCat, Inc. | Subscription webhook reception and payment status sync | Subscription state, payment event raw records |
| Supabase, Inc. | Database and Edge Function hosting | Member info, family group data, subscription state |
| Cloudflare, Inc. | Family media storage (R2) and web site hosting | Photos / videos (in E2E encrypted form) |
Subscription holdings and payment audit information are retained during the accounting / tax obligation period (typically 3 years), then destroyed.
5. Procedures and Methods of Destruction
Users’ personal information is safely destroyed according to destruction procedures after the purpose has been achieved. Information in electronic file format is deleted using technical methods that make the records unrecoverable.
6. Rights of Users and Legal Representatives
- Users may view, modify, or delete (withdraw from) their personal information at any time.
- When a child under the age of 14 registers for the Service, consent from a legal representative is required, and the legal representative may exercise rights regarding the child’s personal information.
7. Security Measures
The Service implements the following technical and administrative measures to ensure the safety of personal information.
- Strong encryption applied to data transmission channels and storage servers (AES-256, etc.)
- Minimization and strict control of personal information access privileges
- Operation of security systems to protect against hacking and computer viruses
8. Privacy Officer
- Name: [Officer Name]
- Contact: [Email]
9. Changes to This Policy
This Privacy Policy is effective from the date of implementation. Any changes due to laws and policies will be announced in advance through in-app notices.