Privacy Policy
개인정보 처리방침
Last Updated: 2026-06-27
WanderPlan ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application WanderPlan (the "App").
WanderPlan(이하 "회사")은 이용자의 개인정보를 중요하게 생각하며, 개인정보 보호법 등 관련 법령을 준수합니다.
1. Information We Collect (수집하는 개인정보)
a) Information You Provide
- Account information: name, email address, password (via Supabase Auth)
- Profile information: display name, phone number, location, bio, avatar image
- Travel preferences: preferred currency, language, travel style
- Travel itineraries: destinations, dates, activities, budgets, notes
- Collaborative project data: shared itineraries and comments
- Scanned receipts: receipt photos you capture or upload, and the transaction details extracted from them (merchant name, total amount, currency, date/time, address, and an item summary)
b) Information from Social Sign-In Providers (소셜 로그인 제공자로부터 수집하는 정보)
When you choose to sign in with Google or Apple, we receive limited profile information from the provider via Supabase Auth in order to create or sign you into your WanderPlan account. We do not receive your social provider password or any contacts, calendars, photos, or other data beyond the items listed below.
- Google Sign-In: email address, verified email status, display name, given/family name, and profile photo URL (when available).
- Apple Sign-In: a stable Apple user identifier and email address (which may be a private relay address such as ...@privaterelay.appleid.com if you choose "Hide My Email"). Apple only shares your name on the very first sign-in if you choose to share it.
- OAuth tokens (access / refresh / ID tokens) returned by the provider are handled by Supabase Auth for the duration of your session and are not persisted on our application servers.
Google 또는 Apple 소셜 로그인을 선택하시면, 회사는 Supabase Auth를 통해 계정 생성 및 로그인에 필요한 최소한의 프로필 정보(이메일, 이름, 프로필 사진 URL 등)만 제공자로부터 전달받습니다. 비밀번호, 연락처, 일정, 사진 등 그 외의 데이터는 일절 수집하지 않습니다. Apple "이메일 숨기기" 기능을 사용하시는 경우 비공개 릴레이 이메일 주소가 전달되며, 이름은 최초 로그인 시 사용자가 공유를 선택한 경우에만 1회 전달됩니다.
c) Automatically Collected Information
- Device information: device type, operating system, unique device identifiers
- Usage data: app interactions, feature usage patterns, timestamps
- Log data: IP address, access times, error logs
d) Location Information (위치정보)
When you tap the "Open Map" button while adding an activity, the App requests foreground location permission and reads your current device coordinates one time in order to open Google Maps centered on (or searching near) your current position. We do not store, transmit to our servers, or share these coordinates — they are used only on the device to construct the map URL and are discarded immediately. You may decline the permission prompt, in which case the App will simply not open the map.
이용자가 활동 추가 화면에서 "지도 열기" 버튼을 누르면, 앱은 일회성으로 기기의 전경(Foreground) 위치 권한을 요청하고 현재 좌표를 읽어 Google Maps를 현재 위치 기준으로 엽니다. 해당 좌표는 회사 서버로 전송되거나 저장되지 않으며, 기기 내에서 지도 URL을 만드는 즉시 폐기됩니다. 권한을 거부해도 지도 열기 기능만 동작하지 않을 뿐, 다른 앱 기능 이용에는 영향이 없습니다.
e) Camera & Photo Library (카메라 및 사진 접근)
When you use the Scan Receipt feature, the App requests access to your camera and/or photo library so you can take a photo of a receipt or choose an existing one. Access is requested only when you start a scan, and declining it does not affect other features of the App.
영수증 스캔 기능을 사용할 때, 앱은 영수증을 촬영하거나 기존 사진을 선택할 수 있도록 카메라 및/또는 사진 접근 권한을 요청합니다. 권한은 스캔을 시작할 때만 요청되며, 거부하더라도 다른 기능 이용에는 영향이 없습니다.
2. How We Use Your Information (개인정보 이용 목적)
- Provide, operate, and maintain the App and its features
- Create and manage your user account
- Store and synchronize your travel itineraries across devices
- Enable collaboration features (shared projects, itinerary sharing)
- Provide personalized travel recommendations and destination information
- Extract and auto-fill activity details from receipts you scan, using AI-based optical character recognition (OCR)
- Send service-related notifications (trip reminders, account updates)
- Improve the App through usage analytics (only with your consent)
- Respond to your inquiries and provide customer support
- Detect, prevent, and address technical issues or security threats
3. Third-Party Services (제3자 서비스)
We use the following third-party services to operate the App:
- Supabase — Authentication and session management (including the OAuth handshake for Google and Apple Sign-In)
- Google Sign-In (Google LLC) — When you choose "Continue with Google," Google processes the OAuth authentication request and returns a limited profile payload (email, name, picture) to Supabase Auth. Google's handling of your account is governed by Google's Privacy Policy. (Google 로그인 사용 시 OAuth 인증 요청과 프로필 정보 전달은 Google의 개인정보 처리방침에 따릅니다.)
- Apple Sign-In (Apple Inc.) — When you choose "Sign in with Apple," Apple processes the authentication request and returns a stable user identifier and (optionally) a name plus a real or private-relay email address to Supabase Auth. Apple's handling is governed by Apple's Privacy Policy and the "Sign in with Apple" terms. (Apple로 로그인 사용 시 인증 요청과 식별자/이메일(또는 비공개 릴레이 이메일) 전달은 Apple의 개인정보 처리방침 및 "Sign in with Apple" 약관에 따릅니다.)
- PostgreSQL (hosted) — Secure data storage
- Expo / React Native — App framework and push notifications
- OpenWeather API — Weather data for travel destinations
- Amadeus API — Flight and hotel search data
- Anthropic (Claude) — AI-assisted features (Scan Receipt OCR/extraction and AI itinerary generation) send the relevant content — such as the receipt image you scan or your trip parameters — to Anthropic's Claude API for processing. In accordance with Anthropic's API terms, this content is not used to train its models. Anthropic's handling is governed by Anthropic's Privacy Policy. (AI 기능 사용 시 영수증 이미지·여행 정보 등 해당 콘텐츠가 처리를 위해 Anthropic의 Claude API로 전송되며, Anthropic의 API 약관에 따라 모델 학습에 사용되지 않습니다. 처리 방식은 Anthropic의 개인정보 처리방침에 따릅니다.)
- Amazon Web Services (AWS S3) — Secure cloud object storage for images you upload, including profile avatars and scanned receipts. (이용자가 업로드한 프로필 사진·영수증 이미지는 AWS S3 클라우드 스토리지에 안전하게 저장됩니다.)
- Google Maps — Opened via a standard https link only when you tap "Open Map." Your current coordinates are passed in the URL on-device; the App does not send them to our own servers. Google's handling of the resulting request is governed by Google's Privacy Policy. (지도 열기 시 Google Maps 웹 URL을 통해 현재 좌표가 전달되며, 이는 Google의 개인정보 처리방침에 따라 처리됩니다.)
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
4. Data Storage & Security (데이터 보관 및 보안)
Your data is stored securely on servers protected by industry-standard encryption (TLS/SSL in transit, encrypted at rest). We implement access controls, rate limiting, and security headers to protect against unauthorized access.
회사는 이용자의 개인정보를 업계 표준 암호화 기술(전송 시 TLS/SSL, 저장 시 암호화)로 보호하며, 접근 제어, 속도 제한, 보안 헤더 등의 기술적 보호 조치를 적용합니다.
We retain your personal data only for as long as necessary to provide our services or as required by law. When you delete your account, all associated data is permanently removed from our systems.
Images you upload — profile avatars and scanned receipts — are stored in cloud object storage (AWS S3). A scanned receipt image is retained until you delete the activity it is attached to, remove the receipt, or replace it with a new scan, after which the image is deleted on a best-effort basis.
이용자가 업로드한 이미지(프로필 사진, 영수증 이미지)는 클라우드 객체 스토리지(AWS S3)에 저장됩니다. 영수증 이미지는 연결된 활동을 삭제하거나, 영수증을 제거하거나, 새 스캔으로 교체할 때까지 보관되며 이후 최선의 노력으로 삭제됩니다.
5. Your Rights (이용자의 권리)
- Access: View and download your personal data at any time through the App
- Correction: Update or correct your profile information
- Deletion: Delete your account and all associated data permanently
- Opt-out: Disable analytics data collection in App Settings
- Portability: Request a copy of your data in a portable format
이용자는 언제든지 앱 설정에서 개인정보를 열람, 수정, 삭제할 수 있으며, 계정 삭제 시 모든 관련 데이터가 영구적으로 삭제됩니다.
6. Account Deletion (계정 삭제)
You can delete your account at any time through the App's Profile Settings. When you delete your account:
- Your profile information is permanently deleted
- All travel itineraries and related data are removed
- All bookmarks and saved destinations are removed
- All scanned receipt images and extracted receipt data are removed
- All user preferences are deleted
- Your authentication credentials — including any linked Google or Apple Sign-In identity stored in Supabase Auth — are removed
This action is irreversible. If you signed in with Apple, you can additionally revoke the WanderPlan app's access from iOS Settings → Apple ID → Sign in with Apple at any time.
Apple로 로그인하신 경우, iOS 설정 → Apple ID → "Apple로 로그인" 메뉴에서 언제든지 WanderPlan 앱의 접근 권한을 해지하실 수 있습니다.
7. Children's Privacy (아동 개인정보)
The App is not intended for children under the age of 14. We do not knowingly collect personal information from children.
본 앱은 만 14세 미만 아동을 대상으로 하지 않으며, 아동의 개인정보를 의도적으로 수집하지 않습니다.
8. Changes to This Policy (방침 변경)
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the App and updating the "Last Updated" date.
9. Contact Us (문의)
If you have any questions about this Privacy Policy, please contact us at: privacy@getwanderplan.com