Ketomate (the "Service") is operated by Thebareuncs (더바른파트너스), a sole proprietorship registered in the Republic of Korea, under the brand Phare. This policy describes how we collect, use, retain, and dispose of personal data, in accordance with the Korean Personal Information Protection Act (PIPA) and related laws.
"Company" or "Controller" in this policy refers to the business listed below. Pursuant to Article 30 of PIPA, the Company adopts and publishes this policy to protect the personal data of users and to handle related grievances promptly.
| Trade name | Thebareuncs (더바른파트너스) |
|---|---|
| Operating brand | Phare |
| Representative | Sangwan Ahn |
| Business registration no. | 176-01-01166 |
| Mail-order business no. | 2021-Seoul Gangnam-04022 |
| Service | Ketomate (iOS) |
| Website | https://phare.me/ketomate |
| Contact | app.phare@gmail.com |
The Service currently launches in the Republic of Korea only. PIPA is the governing data-protection law. EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are not currently applicable; this policy will be updated at the time of any future expansion.
The Company collects only the minimum data necessary to provide the Service.
| Item | Description |
|---|---|
| Pseudonymous session identifier | A 32-byte random token issued at first launch. Stored in the device Keychain; the server retains only the SHA-256 hash. This is a pseudonymized identifier; once linked to an account at sign-in, it is processed thereafter as ordinary personal data. |
| Device environment | OS type and version, app version, timezone |
| Service usage logs | Access timestamps, screen enter/exit events, feature usage, error and crash logs (pseudonymous events that may be linked to the account) |
| Network information | IP address recognized momentarily during request handling (not stored; logs retain only pseudonymized form) |
| Landing-page session-replay data | Behavioral flow (clicks, scrolls, mouse movement, page-level inputs) reconstructed as video for sessions on phare.me/ketomate via Amplitude session replay at 100% sampling. Form fields (e.g., email input) are masked, so actual entered values are not captured. Not applicable to the iOS app. |
The following items, collected during onboarding, are processed only with the user's explicit separate consent. See Section 3 for details.
Pursuant to PIPA Article 23, the Company obtains separate consent before processing sensitive data. Consent is collected via a checkbox separate from general personal-data consent; users may consent to general processing while declining sensitive-data processing.
| Field | Detail |
|---|---|
| Items (statutory sensitive) | Pregnancy/lactation status, chronic disease, medication use, insulin-resistance proxy |
| Items (self-protected, treated equivalently) | Keto experience level, target weight, weight-loss intent |
| Purposes | Apply safety guardrails (e.g., exclude keto recommendations during pregnancy/lactation), compute daily carb target, personalize AI coach responses |
| Retention | Disposed immediately upon account withdrawal or pseudonymous-session deletion. Users may revoke and erase via Settings → Reset personalization at any time. |
| Third-party sharing | None. However, processors listed in Section 6 (Supabase Inc., Google LLC — Gemini API paid tier) may transiently process this data to deliver the Service. |
| Right to refuse and consequences | Users may decline sensitive-data processing. Doing so disables personalized coaching, daily carb-target computation, and safety guardrails. Core features (meal logging, photo upload, macro entry) remain available. Consent may be revoked any time via Settings → Reset personalization. |
Caution: Ketomate is not a medical device, drug, or diagnostic tool. Always consult your healthcare provider before adopting a dietary regimen during pregnancy, lactation, diabetes, or while taking medication. See Section 15.
The Company will not use personal data beyond these purposes; if purposes change, separate consent will be obtained.
| Item | Period |
|---|---|
| Meal photos (Company Supabase Storage `meal-photos` bucket) | Auto-deleted 7 days after upload |
| Meal photos (transient copies sent to Google Gemini for AI processing) | Processed transiently for response generation only; not stored separately in Company DB. See Google retention in Section 7. |
| Pseudonymous session token hash | Retained for up to 90 days after last activity, then deleted |
| Meal memos, macros, onboarding responses | Disposed immediately upon withdrawal or session deletion |
| Chat messages (user/AI) | Disposed immediately upon withdrawal or session deletion |
| Account info (email, name) | Disposed immediately upon withdrawal (fraud-related records retained 6 months) |
| Service access and crash logs | 3 months |
| Analytics events (Amplitude, PostHog) | 13 months, then retained only as pseudonymous aggregates |
| Landing session-replay data (Amplitude) | Auto-deleted after 30 days (Amplitude default retention) |
| Launch-alert subscriber email (Resend Contacts) | Stored in Resend Contacts to deliver launch announcements. Deleted upon unsubscribe or upon a deletion request under Section 8. |
| Server-side log of launch-alert sign-ups | Delivery-verification log (masked email, platform, source page). Email addresses are stored only in the form `a***b@example.com`. Retained for 3 months, then auto-purged. |
| Inquiry records | 1 year after resolution |
Where applicable law requires retention for a fixed period, such records are stored separately for that period.
* No paid features are offered in v1, so payment-related items do not yet apply.
The Company delegates processing tasks to the following third parties to operate the Service. Pursuant to PIPA Article 26, delegation contracts forbid out-of-purpose processing, prescribe technical and managerial safeguards, restrict re-delegation, and provide for indemnification. Each processor publishes its own list of sub-processors at the URL shown; the Company reviews changes thereto.
| Processor | Service | Data processed | Sub-processors |
|---|---|---|---|
| Supabase Inc. | Authentication, database, file storage, serverless functions | Email, pseudonymous session token hash, meal photos, macros, messages, onboarding responses — all user data | supabase.com/legal/sub-processors |
| Google LLC (Gemini API, paid tier) | AI dietary coaching response generation | Meal photos, memos, macros, chat messages, sensitive onboarding responses (when personalization is enabled) | cloud.google.com/terms/subprocessors |
| Apple Inc. | Sign in with Apple authentication | Email (or private alias), name, Apple user identifier | Apple infrastructure — apple.com/legal/privacy |
| Google LLC (Sign-In) | Google login authentication | Email, name, profile image URL, Google user identifier | cloud.google.com/terms/subprocessors |
| Amplitude Inc. | Product analytics + landing-page session replay | Pseudonymous event logs, pseudonymous session identifier, device environment, autocapture (auto-tracked clicks and pageviews), and 100%-sampled landing visitor behavioral recordings (form fields masked) | amplitude.com/legal/subprocessors |
| PostHog Inc. | Product analytics | Pseudonymous event logs, pseudonymous session identifier, device environment | posthog.com/handbook/company/security#sub-processors |
| Resend, Inc. | Launch-alert email delivery (landing only) | Subscriber email address | resend.com/legal/sub-processors |
| Meta Platforms, Inc. (Meta Pixel + Meta Conversions API) | Ad-effectiveness measurement on the landing page (phare.me/ketomate); not applied to the iOS app | (Browser-side Pixel) PageView events, browser advertising cookies (_fbp/_fbc), user agent, page URL · (Server-side CAPI) Lead event on launch-alert sign-up — SHA-256-hashed email, IP address, user agent, sign-up page (platform/source meta) | facebook.com/legal/terms/dataprocessing |
Gemini data-use policy: The Company uses only the paid tier of Google's Gemini API. Per Google's official terms, data sent to the paid tier is not used for model training and is retained only briefly (up to 30 days, for responsible-AI safety review) before deletion (ai.google.dev/gemini-api/terms). The Company does not use the free tier.
iOS app advertising-tracking policy: The Ketomate iOS app contains no advertising SDKs (Meta SDK, AdMob, etc.) and does not use the Identifier for Advertisers (IDFA). The Apple App Tracking Transparency (ATT) prompt is not shown. The advertising trackers above (Meta Pixel/CAPI, Amplitude session replay) operate only on the web landing page. See Section 10.
All processors above operate on US or global infrastructure, which entails cross-border transfer of user data. The following information is provided pursuant to PIPA Article 28-2.
| Recipient / Contact | Country / Region | Purpose | Items | Legal basis | Time / Method | Retention |
|---|---|---|---|---|---|---|
| Supabase Inc. privacy@supabase.com | USA (AWS us-east-1) | Backend infrastructure | All Section 6 delegated items | PIPA Art. 28-2(1)(3)(a) — contract performance | TLS 1.2+ at API call | As per Section 5 |
| Google LLC (Gemini API) privacy contact form | USA (us-central1, etc.) | AI response generation | Meal photos, memos, macros, messages, sensitive responses | PIPA Art. 28-2(1)(3)(a) | TLS 1.2+ at request | Up to 30 days for safety review at Google, then deleted; not used for training |
| Apple Inc. apple.com/legal/privacy/contact | USA (Apple data centers) | Sign in with Apple | Authentication info, email (or alias), name | PIPA Art. 28-2(1)(3)(a) | TLS 1.2+ at sign-in | Per Apple Privacy Policy |
| Google LLC (Sign-In) privacy contact form | USA | Google login | Authentication info, email, name, profile image URL | PIPA Art. 28-2(1)(3)(a) | TLS 1.2+ at sign-in | Per Google Privacy Policy |
| Amplitude Inc. privacy@amplitude.com | USA (us-west-2) | Product analytics + landing session replay | Pseudonymous event logs, autocapture, landing visitor behavioral recordings (form fields masked) | PIPA Art. 28-2(1)(3)(a) | TLS 1.2+ at event | Events 13 months / session replay 30 days |
| PostHog Inc. privacy@posthog.com | USA (us.i.posthog.com) | Product analytics | Pseudonymous event logs | PIPA Art. 28-2(1)(3)(a) | TLS 1.2+ at event | 13 months |
| Resend, Inc. privacy@resend.com | USA (AWS us-east-1) | Launch-alert email | Subscriber email | PIPA Art. 28-2(1)(3)(a) | TLS 1.2+ at send | Deleted on delivery / unsubscribe |
| Meta Platforms, Inc. privacy contact form | USA / Ireland | Landing-page ad measurement (Pixel + CAPI) | PageView events, advertising cookies (_fbp/_fbc), IP, user agent, SHA-256-hashed email on launch-alert sign-up | PIPA Art. 28-2(1)(3)(a) and user consent | TLS 1.2+ on landing visit and sign-up | Per Meta Privacy Policy (up to 24 months) |
Users may exercise the following rights with respect to their personal data:
The Company will act without delay upon verification, and may request additional documents to confirm identity. Rights may also be exercised through a legal representative or duly authorized agent.
Pursuant to PIPA Article 29, the Company implements the following technical and managerial controls:
The iOS app does not perform advertising tracking. The Ketomate iOS app contains no advertising SDKs (Meta SDK, AdMob, TikTok, etc.) and does not use the Identifier for Advertisers (IDFA). Apple's App Tracking Transparency (ATT) prompt is not shown. The trackers below operate only on the web landing page (phare.me/ketomate).
Ketomate uses Amplitude and PostHog as first-party analytics for product improvement inside the app. These measure in-app usage patterns in pseudonymous form only and are not combined with activity from other companies' apps or websites.
For landing-page usability analysis and debugging, the Company runs the Amplitude analytics SDK and the session-replay plugin. Session replay reconstructs visitor click, scroll, mouse-movement, and page-input flows as video, sampled at 100% of all visitors. Form fields (e.g., email input) are masked per Amplitude's default policy, so actual entered values are not captured.
To measure ad effectiveness on the landing page, the Company runs Meta Pixel (browser-side) together with Meta Conversions API (server-side). This applies to the web landing page only; the iOS app is not affected.
* If a paid-subscription feature is introduced in a future version of Ketomate, in-app advertising SDKs may be added at that time. Any such change will be announced 14 days in advance and an Apple ATT consent flow will be presented separately at that point.
Ketomate accepts users aged 14 or older. We do not collect personal data from children under 14; if registration indicates age under 14, signup is blocked.
For users aged 14–17, the Company applies these protections:
Minors and their legal representatives may exercise the rights in Section 8 to access, correct, or delete personal data.
The Company has appointed the following Privacy Officer to oversee personal-data processing and to address user complaints and remedies:
| Officer | Sangwan Ahn (Representative) |
|---|---|
| Affiliation | Thebareuncs (더바른파트너스) |
| app.phare@gmail.com |
Users may direct any privacy-related inquiries, complaints, or remedy requests to the contact above. The Company will respond and resolve them without delay.
For redress of personal-data infringements, users may contact the following Korean authorities:
| Authority | Phone | Website |
|---|---|---|
| Personal Information Dispute Mediation Committee | +82-1833-6972 | www.kopico.go.kr |
| Korea Internet & Security Agency — Privacy Infringement Report Center | 118 (within Korea) | privacy.kisa.or.kr |
| Supreme Prosecutors' Office — Cybercrime Investigation | +82-2-3480-3573 | www.spo.go.kr |
| Korean National Police Agency — Cyber Bureau | 182 (within Korea) | ecrm.cyber.go.kr |
Where a user's rights or interests are infringed by the Company's action or inaction concerning rights under PIPA Articles 35 (access), 36 (correction/deletion), or 37 (suspension of processing), administrative appeal under the Administrative Appeals Act is available.
Material additions, deletions, or amendments will be announced in-app and on this page at least 14 days before they take effect. Changes that materially affect user rights will be announced at least 30 days in advance, and renewed consent will be obtained where required.
Revision history is tracked at the top of this page and below:
Ketomate is a lifestyle tool that helps users log keto meals and provides general dietary guidance. Specifically: