WordGift (the "Service") protects user privacy in accordance with the Korean Personal Information Protection Act (PIPA) and applicable laws.

1. Information we collect

Required: email, nickname, auth provider identifier
Optional: profile image, real name, country code, gender, birth year/month, region, hashed phone number
Automatically: access logs, device info, cookies/session, FCM push token

2. Purpose of processing

Account identification and login
Friend matching via hashed phone numbers and gift exchange
Regional ranking and statistics
Product analytics in aggregated, non-identifying form
Fraud prevention and legal compliance

3. Retention

Personal data is deleted upon account withdrawal. Certain records required by law are retained separately for the legally mandated period.

4. Third-party sharing

We share personal data only with explicit user consent or when legally required. Any new third-party sharing will be announced with recipient, items, purpose, and retention period.

5. User rights

You may request access, correction, deletion, or restriction of processing at any time through in-app settings or the contact below.

6. Security measures

TLS in transit, bcrypt password hashing
Phone numbers stored only as SHA-256 hashes
Minimum access privileges and audit logging

7. Data Protection Officer

Contact: privacy@nnmy.it

8. Changes

Material changes will be announced on the site and in-app at least 7 days before taking effect.