Leafy ("Company" or "App") takes the protection of users' personal information very seriously and complies with relevant laws including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.
This Privacy Policy describes what personal information the Leafy app collects, how it is used, and how it is protected.
The Company collects the following personal information to provide services:
Required Collection Items
Google Login Information: Email address, name, profile picture
Firebase Authentication ID: Unique user identifier
Information Generated During Service Use
Recipe Data: Recipe titles, ingredient information, cooking processes, notes
Image Files: Photos and images related to recipes
Folder Information: Folder names for recipe organization
Service Usage Records: Creation dates, modification dates, etc.
Automatic collection through Google Login
Information directly entered by users during app usage
Automatic collection during image uploads
The Company processes collected personal information for the following purposes:
Service Provision: Providing recipe recording, storage, and management features
User Authentication: Login and account management
Service Improvement: Enhancing user experience and service quality
Customer Support: Handling inquiries and providing technical support
The Company processes and retains personal information within the retention and use period required by law or consented to by the data subject at the time of collection.
Service Use Period: Retained until membership withdrawal
After Membership Withdrawal: Immediately deleted (however, if retention is required by relevant laws, retained for the applicable period)
The Company does not provide users' personal information to external parties in principle. However, exceptions are made in the following cases:
When users have given prior consent
When required by law or requested by investigative agencies according to procedures and methods defined by law for investigative purposes
The Company uses the following external services to provide its services:
Google Firebase Services
Firebase Authentication: User authentication and account management
Cloud Firestore: Recipe data storage and management
Firebase Storage: Image file storage
Firebase Analytics: Service usage statistics analysis
Firebase follows Google's Privacy Policy. See Google Privacy Policy: https://policies.google.com/privacy
Users can exercise the following rights:
Request to view personal information
Request correction or deletion of personal information
Request suspension of personal information processing
Delete personal information through membership withdrawal
These rights can be exercised directly through the "Delete Account" function in the app, or by contacting the Company in writing, by phone, email, etc.
The Company destroys personal information without delay when it becomes unnecessary, such as upon expiration of the retention period or achievement of processing purposes.
Destruction Methods
Electronic files: Deleted using technical methods that prevent reproduction
Firebase Storage images: Complete deletion
Firestore data: Complete deletion
The Company has designated a Personal Information Protection Officer who is responsible for overall personal information processing as follows:
Personal Information Protection Officer Email: doyhosae@gmail.com
The Company takes the following measures to ensure the safety of personal information:
Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
Technical Measures: Access authority management, access control system installation, encryption, security program installation
Physical Measures: Access control to server rooms, data storage rooms, etc.
Firebase Security: Data protection through Google's security infrastructure
When there are additions, deletions, or modifications to the content of this Privacy Policy due to changes in laws, policies, or security technology, notice will be provided through in-app announcements at least 7 days before the implementation of the changes.
Matters not specified in this Privacy Policy follow relevant laws and guidelines.
This Privacy Policy is effective from December 2025.