Privacy Policy
PickEat Co., Ltd. (the "Company") complies with relevant laws and regulations regarding the protection of personal information, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Communications Secret Protection Act, and the Telecommunications Business Act, and strives to protect the rights and interests of users.
This Privacy Policy applies only to the services of the "PickEat" application provided by the Company and contains the following provisions.
Article 1 [Items of Personal Information Collected and Purposes of Use]
The Company collects the following personal information. Unless separate consent is obtained or otherwise required by law, the personal information processed will not be used for any purpose other than those stated below.
The Company collects personal information and health information of users only to the extent necessary for the provision of services, and such information is used solely for the following purposes:
Analysis and record management of users' health status
Provision of personalized diet recommendations and lifestyle management services
Service improvement and statistical analysis based on health data
Provision of customized content and improvement of service quality
The Company does not use personal information or health information for purposes other than those stated above without the user's explicit consent.
Purpose of Use / Items Collected / Retention Period
User registration and service provision
· Email, gender, date of birth
· Presence of certain conditions (diabetes, hypertension/hypotension, dyslipidemia, obesity)
· (Kakao account) Kakao linked ID, Kakao token, mobile number, name
· (Naver account) Naver linked ID, Naver token, mobile number, name
· (Google account) Google linked ID, Google token, mobile number, name
· (Apple account) Apple linked ID, Apple token, mobile number, name
→ Retained until user withdrawal
Identification when linking with PickEat Market
· Mobile carrier, mobile number
→ Retained until user withdrawal
Customer service
· User name, phone number, email
→ Retained for 5 years after consultation is completed
Event participation
· Shipping address, recipient name, recipient mobile number
→ Retained for 5 years after event ends
Statistical management and customized services for system and service improvement
· Device ID, device model, OS, app version
→ Retained excluding personal identifiers
(Including sensitive information) Provision of personal health record management
· Blood glucose, blood pressure, heart rate, weight, height, body composition, HbA1c, ketone levels, food intake (calories, nutrition, meal time), exercise (type, calories burned, duration), sleep, step count
→ Retained excluding personal identifiers
Article 2 [Provision of Personal Information]
1. The Company provides users' personal information to third parties only with prior consent and within the scope of the purposes of collection and use disclosed. The Company does not provide personal information to third parties beyond that scope without prior consent, except in the following cases:
1. When the user has given written consent
2. When required by law to submit the user's personal information
3. When provided in a form that does not allow identification of individuals for statistical, academic research, or market research purposes
2. The same applies to sensitive information. The Company obtains prior consent and provides sensitive information to third parties only within the disclosed scope.
The Company does not sell users' personal information or provide it to third parties for advertising purposes.
Article 3 [Procedures and Methods for Destruction of Personal Information]
Personal information is destroyed without delay when the retention period has elapsed or the purpose of use has been achieved. The Company's procedures and methods for destruction are as follows.
1. Destruction procedure: The Company records and manages matters related to destruction; destruction is carried out under the responsibility of the personal information protection officer, who verifies the results. The Company may retain personal information when required by other laws.
2. Destruction method: Paper records are shredded or incinerated. Electronic files are permanently deleted by means that make recovery impossible.
3. Retention of non-destroyed information: When retention is required by law, the Company stores and manages such information separately from other personal information and does not use it for purposes other than the retention purpose.
Article 4 [Rights of Data Subjects and Method of Exercise]
1. Users may at any time request access to their personal information, correction of errors, or withdrawal (user termination). They may request access to the status of the Company's use or provision to third parties and the status of consent given.
2. Users may correct their information or withdraw through "Modify Personal Information" (or "Edit User Information") or "User Withdrawal" after identity verification.
3. In such cases, the Company investigates the requested personal information without delay, takes necessary measures such as correction or deletion in accordance with the user's request, notifies the user of the result, and does not use or provide the relevant personal information until such measures are taken.
4. Users may at any time request suspension of processing of their personal information; the Company will comply without delay and take necessary measures including destruction of the suspended information.
5. For opinions regarding personal information, please contact the personal information protection officer or responsible person in writing, by phone, or by email.
6. Users should take care to prevent disclosure of personal information to others while logged in.
Article 5 [Technical and Administrative Safeguards]
The Company employs the following technical and administrative measures to ensure the security of personal information.
1. Password encryption: User passwords are stored and managed in encrypted form; the Company cannot view or modify them directly. Access to or change of personal information is possible only with the password.
2. Protection against hacking, etc.: The Company strives to prevent leakage or damage of users' personal information by hacking or computer viruses, backs up data regularly, uses up-to-date security software, and uses encrypted communications for secure transmission.
3. Minimization and training of personnel: Access to personal information is restricted to the minimum necessary personnel, and the Company emphasizes compliance with this policy through regular training. The Company is not responsible for problems arising from user carelessness or disclosure of IDs, passwords, etc.
Article 6 [Collection and Use of Health Information]
The Company may collect and use health-related information to provide users with personalized health management services.
Health information collected may include: blood glucose, blood pressure, weight and body composition, HbA1c, food intake information, exercise information, sleep information, and step count.
Such information is used only for: personal health record management; personalized diet and lifestyle recommendations; health status analysis and statistical service improvement.
Users give explicit consent to the collection and use of health information when first launching the app; refusal may limit the use of certain features.
The Company does not use users' health information for purposes other than service provision or provide it to third parties.
In the course of providing services, the following information may be transmitted to external service providers or systems: (1) Collected health data for AI chatbot service provision (2) Service usage records and app usage information.
The Company transmits data to the following external service provider for user data analysis and provision of customized services: OPENAI, L.L.C. (AI analysis service provider).
The Company obtains users' explicit consent before personal information or health information is transmitted to external service providers, and users may withdraw consent at any time.
The Company manages and supervises third parties that receive personal information to ensure they protect users' personal information in accordance with relevant laws and apply personal information protection measures at an equal or higher level.
Article 7 [Use of Third-Party Modules]
The Company may install third-party modules in the PickEat application for advertising effect measurement and analysis of service use. The modules include:
iOS: Facebook SDK, Kakao Open SDK, Naver Login SDK, Firebase (providers: respective companies; purpose: ad measurement, social login, analytics; data: non-identifying device information)
Android: Facebook SDK, Kakao Open SDK, Naver Login SDK, Firebase (same as above)
Article 8 [Contact Information of Personal Information Protection Officer]
You may report any complaints regarding personal information protection to the personal information protection officer. The Company will respond promptly.
Personal Information Officer: Name: Namgyu Kim / Phone: 070-4214-3670 / Email: ng.kim@0njourney.com
For other reports or counseling on personal information infringement: KISA Privacy Center (privacy.kisa.or.kr / 118), Supreme Prosecutors' Office Cyber Investigation (www.spo.go.kr / 02-3480-3571), National Police Agency Cyber Bureau (www.ctrc.go.kr / 182).
Article 9 [Scope of Application]
This Privacy Policy does not apply to the collection of personal information by other websites linked from the PickEat application. This Policy applies only to users who have entered into a service agreement with the Company and does not apply to members acting under the authority of such users; for them, the privacy policy of the respective organization applies.
Article 10 [Notice Obligation]
The Company may amend this Privacy Policy to reflect changes in law or service. When amended, the changes will be posted, and the amended Policy will take effect seven days after the date of posting.
Supplementary Provisions
1. This Policy is announced on March 6, 2026.
2. This Policy takes effect on March 13, 2026.