CareRoute logoCareRoute Korea

Privacy Policy

This Privacy Policy explains what personal data CareRoute Korea collects, why it is used, how long it is kept, and what rights users have.

Effective date: 2026-06-23

Service Operator

Operator
Oswarld's Boutique Consulting Firm
Business Registration No.
735-23-01161
Contact Person
Kwangseob Ahn / 안광섭 / 安光涉
Privacy Contact
Kwangseob Ahn / 안광섭 / 安光涉
Business Address
2, Gukjegeumyung-ro 8-gil, Yeongdeungpo-gu, Seoul

1. Controller

CareRoute Korea is operated by Oswarld's Boutique Consulting Firm. The person in charge of privacy-related matters is Kwangseob Ahn (안광섭 / 安光涉).

2. Data we collect

  • Account data: email address, authentication identifiers, and basic profile data provided through Google sign-in where applicable.
  • Planning data: procedure type, elapsed days, city, nationality, clinic and hotel information, movement limits, interests, and dietary, religious, and privacy preferences.
  • Optional profile data: full name, gender, passport number, flight number, emergency contact details, and blood type.
  • Technical data: session cookies, basic access logs, and limited operational logs used for security and service reliability.

3. Purposes of processing

  • To authenticate users, keep them signed in, and provide saved plans and sharing features.
  • To generate routes, localize recommendations, manage shared links, and operate My Page.
  • To respond to inquiries, maintain security, prevent abuse, troubleshoot incidents, and improve service quality.

4. Retention

  • Account data and saved plans may be retained until deleted by the user or no longer needed for service operation.
  • Operational and security logs may be retained as needed for abuse prevention, incident response, and legal compliance.
  • If applicable law requires longer retention, the data is kept for that period and then deleted or de-identified.

5. Processors and disclosures

  • We may use external processors such as Supabase for storage and authentication and Vercel for hosting and infrastructure.
  • Google, Kakao, OpenAI, Gemini, and public data or map providers may process limited data where needed for sign-in, mapping, search, AI-assisted generation, or public-data integrations.
  • We do not sell personal data. Sensitive profile fields are not intended to appear in public share links.

6. International transfers

Because cloud, authentication, AI, and infrastructure vendors may operate globally, personal data may be processed outside the Republic of Korea. We seek to use reasonable safeguards for those transfers.

7. Your rights

  • You may request access, correction, deletion, or restriction of your personal data, subject to applicable law.
  • Where processing is based on consent, you may withdraw consent without affecting prior lawful processing.
  • If you use a share link, you can disable that link to stop further public access to the shared route.

8. Security

  • We use reasonable technical and organizational measures such as access controls, authenticated sessions, and permission-based restrictions.
  • No internet transmission or storage method is completely secure, so absolute security cannot be guaranteed.

9. Children

The Service is not primarily directed to children, and we do not intend to knowingly collect children’s personal data without appropriate legal authorization.

10. Changes

If this Policy changes materially, we will provide notice in the Service or by another appropriate method together with the updated effective date.