This English translation is provided for convenience. The Korean version is the legally binding document.
PourLog (hereinafter "Service") establishes and discloses this Privacy Policy in accordance with Article 30 of the Korean Personal Information Protection Act (PIPA) to protect the personal information of data subjects and to handle related grievances promptly and smoothly.
Effective date: February 25, 2026
The Service processes personal information for the following purposes. Personal information collected will not be used for purposes other than those listed below, and if the purpose of use changes, necessary measures such as obtaining separate consent will be taken in accordance with Article 18 of PIPA.
The Service processes the following categories of personal information.
| Item | Collection Method | Required |
|---|---|---|
| Email address | Automatically collected via Apple/Google OAuth (Clerk) | Required |
| Display name | Automatically collected via Apple/Google OAuth (Clerk) | Required |
| Clerk user ID | Auto-generated by authentication system | Required |
| Guest device UUID | Randomly generated within the app (not a hardware identifier) | Optional (for non-member usage) |
| Item | Description |
|---|---|
| Beverage info | Beverage type, brew method, rating, sub-ratings (flavor, aroma, acidity, body, aftertaste) |
| Bean info | Bean name, origin, region, variety, process, roast level, altitude, producer, roast date |
| Brew parameters | Water temperature, grind size, coffee amount, water amount, brew time, dripper |
| Price info | Price and currency |
| Taste and notes | Flavor tags, free-text notes |
| Drink info | Drink date, temperature (hot/iced) |
| Location info | Roastery/cafe name, address, Google Place ID, latitude/longitude |
| Photos | User-uploaded photos (stored on Google Cloud Storage) |
| OCR metadata | Input source (manual/OCR), raw extracted text, scan image URL, model version, confidence |
| Item | Description |
|---|---|
| App-generated device UUID | Randomly generated within the app (not IDFA/GAID or any hardware advertising identifier) |
| Platform | iOS, Android, or Web |
| App version | Installed app version |
| Locale/language setting | In-app language setting |
| Push notification token | Expo Push Token (collected only with user consent) |
| User-Agent, IP address | Temporarily recorded in server performance logs (not stored separately) |
| Item | Description |
|---|---|
| Foreground GPS coordinates | Collected only with user permission; not stored; used transiently only for Google Places API search bias |
| Item | Description |
|---|---|
| Custom event tracking | Category, action, label, value, data blob, session ID, platform, app version |
| Article view/click events | Curated article viewing history |
| OCR scan feedback | Whether OCR results were accepted or rejected |
| Item | Description |
|---|---|
| Sentry data | Stack traces, breadcrumbs (user action flow), navigation events |
| Item | Description |
|---|---|
| Feedback content | Category, message, app version, platform, locale |
| Screenshots | Optionally attached by the user (stored on Google Cloud Storage) |
The Service destroys personal information without delay once the purpose of collection and use has been achieved. The retention period for each category is as follows.
| Item | Retention Period |
|---|---|
| Account info (email, display name, Clerk ID) | Until account deletion |
| Coffee records and related photos | Until user deletion request or account deletion |
| Guest device UUID and records | Until the purpose of service use is fulfilled |
| Push notification token | Until consent withdrawal or account deletion |
| Analytics/event data | 1 year from collection |
| Error/crash logs (Sentry) | Per Sentry retention policy (default 90 days) |
| Feedback and screenshots | Until the purpose is fulfilled |
| User-Agent, IP address | Immediately discarded after transient processing (not stored separately) |
However, if preservation is required by applicable laws, the data will be retained for the period prescribed by such laws.
The Service processes personal information only within the scope specified in Article 1 and provides it to third parties only in the following cases.
| Recipient | Purpose | Data Shared | Retention |
|---|---|---|---|
| Clerk (clerk.com) | User authentication and account management | Email, display name, OAuth tokens | Per Clerk's terms of service |
| Google (Google Places API) | Location search (proxied via API server) | Search queries, GPS coordinates | Per Google's privacy policy |
| Google (Google Cloud Storage) | Photo and image file storage | User-uploaded photos, OCR scan images, feedback screenshots | Until user deletion request or account deletion |
| Sentry (sentry.io) | Error and crash reporting | Stack traces, device info, breadcrumbs | Per Sentry retention policy (default 90 days) |
| Expo / EAS (expo.dev) | OTA updates, push notification delivery | Push tokens, app version | Per Expo's terms of service |
| LLM provider | OCR menu text extraction | Menu image content | Immediately discarded after processing |
The Service entrusts the processing of personal information as follows to ensure smooth service delivery.
| Trustee | Entrusted Tasks |
|---|---|
| Google Cloud Platform (GCP) | Server infrastructure operation (Cloud Run, asia-northeast3 Seoul region), database (PostgreSQL) and file storage (Google Cloud Storage) hosting |
| Clerk | User authentication and account management system operation |
| Sentry | Application error monitoring and crash reporting |
| Expo / EAS | Mobile app OTA update distribution and push notification delivery |
When entering entrustment contracts, matters concerning the prohibition of processing personal information beyond the purpose of the entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and liability including compensation for damages are specified in the contract documents in accordance with Article 26 of PIPA.
Data subjects may exercise the following rights regarding their personal information at any time.
The above rights may be exercised by contacting the Service via email at communication@ptokos.com. The Service will take action without delay.
If a data subject requests correction or deletion of personal information due to errors, the Service will not use or provide such personal information until the correction or deletion is completed.
Within the app, users can directly delete their coffee records, photos, and other content. To request account deletion, please contact us via email.
The Service takes the following measures to ensure the security of personal information.
The Service designates the following Personal Information Protection Officer who is responsible for overseeing all personal information processing and handling complaints and remedies related to personal information.
Data subjects may direct all inquiries, complaints, and requests for remedy related to personal information protection to the Personal Information Protection Officer. The Service will respond to and process inquiries without delay.
For reporting or consultation on personal information infringement, please contact the following organizations:
The Service operates as a mobile app and does not use cookies.
The Service performs the following automated processing.
Data subjects have the right to request an explanation of or refuse automated decisions. Please contact us at communication@ptokos.com.
This Privacy Policy may be amended due to changes in laws, policies, or the Service. Any changes will be announced in advance through in-app notices or email.
Effective date: February 25, 2026