Privacy Policy

During signup or login, Roco Seoul may process email address, email verification status, OAuth social account identifiers, display name, profile image, nickname, and preferred language.

During service use, Roco Seoul may process saved places, read episodes, visitor reviews, traveler notes, reports, writer place requests, image-rights confirmations, and creation or update timestamps.

When users write reviews, traveler notes, reports, or place requests, Roco Seoul may also process submitted text, ratings, nicknames, selected places, or map coordinates.

Personal information is used to maintain login sessions, identify users, provide saved places and read history, operate reviews and traveler notes, handle reports, and review writer place requests.

The operator also uses necessary information to prevent abuse, block automated access, maintain service stability, respond to inquiries, and comply with legal obligations.

Account information is retained until account deletion or fulfillment of the processing purpose, unless a legal retention obligation applies.

Public reviews, traveler notes, reports, and writer place requests may be deleted, anonymized, or retained for the period needed under the operation policy because they affect other users or moderation records.

IP hash, User-Agent hash, access logs, and view-count duplicate-prevention records are retained only for the minimum period needed for security and operation, then deleted or managed in a less identifiable form.

Roco Seoul does not provide personal information to external parties except where required by law or agreed to by the user.

When users move to an external map service or use a social login screen, that external provider's policies may also apply.

Roco Seoul may use external services needed for operation, including Auth.js OAuth providers, Resend email delivery, Neon or Supabase Postgres databases, Vercel hosting and Vercel Blob image storage, Vercel Marketplace KV, Naver Maps, and Google reCAPTCHA.

Some providers may be overseas companies or may use overseas infrastructure. Roco Seoul limits processing to the scope needed to provide and operate the service.

If processors or external service categories change, Roco Seoul will update this policy or provide service notice.

IP hash, User-Agent hash, access time, request path, error logs, view-count duplicate-prevention records, and reCAPTCHA verification results may be generated automatically during service use.

Roco Seoul prioritizes methods that reduce identifiability, such as hashing IP addresses with `HASH_SALT` instead of exposing original IP addresses.

Security logs are used only for abuse prevention, troubleshooting, and service stability.

Users may request access, correction, deletion, or suspension of processing for their personal information.

Privacy requests can be submitted through the service contact channel and will be handled according to applicable law.

Roco Seoul applies technical and administrative safeguards such as access control, secret environment variable management, hashing, HTTPS transmission, database access restrictions, and service log review.

Operators and administrators access personal information and report or moderation records only within the scope needed for service operation.

The privacy-responsible contact is the FIT PLACE service operation team.

Requests regarding access, correction, deletion, suspension of processing, or privacy incidents can be sent to hello@rocoseoul.com.

Before official launch, the displayed officer name, position, and contact details should be confirmed against the final operating information.