1. Information We Collect

We collect the following information when you sign up and use the Service. If you browse as a guest without signing in, the account information in items 1–2 below is not collected.

• Social login (Google/Kakao) data: name (display name), email address, profile image — limited to what the provider supplies
• Trainer profile: in-game nickname, friend code (optional), language preference — entered by you
• Login session information: session identifier used to keep you signed in
• Social login tokens: OAuth-related tokens (access/refresh/ID tokens, etc.) that may be technically stored during authentication. We do not use these tokens for external API calls or any other purpose; they are merely retained during authentication.
• Usage records: access date/time, pages visited, device/browser information, error logs, analytics identifier (cookie-based)

2. Purpose of Collection and Use

We use the personal information we collect only for the following purposes.

• Member identification
• Keeping you signed in (authentication)
• Managing and displaying your trainer profile (nickname, friend code)
• Providing, operating, and improving the Service
• Diagnosing errors and ensuring stability
• Analyzing usage statistics

3. Retention Period

In principle, we destroy personal information without delay once the purpose of collection is achieved or the member withdraws.

• Account data (login data, trainer profile): deleted immediately upon account deletion
• Login session: up to 30 days (auto-expires thereafter)
• Social login tokens: deleted together with the account
• Usage records (analytics data): retained per the analytics provider (PostHog) policy or the operator-configured period
• Where a separate retention period is required by law, kept for that period

4. Provision to Third Parties

We do not, in principle, provide your personal information to outside parties, except in the following cases:

• When you have given prior consent
• When required by law or lawfully requested by an investigative authority

5. Processing Entrustment and Overseas Transfer

For stable operation, we entrust the processing of personal information as follows. Some processors operate servers located overseas, so personal information is transferred abroad.

6. Cookies and Automatic Collection

We use cookies and similar technologies (local storage) to keep you signed in and to analyze usage.

• Authentication cookie (essential): required to maintain your login session; if refused, you cannot use the login feature.
• Analytics cookie (PostHog): used to analyze usage patterns and is not essential to using the Service.
• Local storage: stores preferences such as theme and language

For users in regions where prior consent for analytics cookies is required (e.g., EU/EEA), we may obtain separate consent before using analytics cookies.

You may limit or refuse cookies through your browser settings or via the analytics settings at the bottom of this policy. However, refusing the authentication cookie may limit features such as sign-in.

7. About the Analytics Tool (PostHog)

We use PostHog to analyze usage statistics.

• Automatic capture of clicks/inputs (autocapture) is not used.
• We collect page views, page leaves, error/exception logs, and whether the app (PWA) was launched.
• If a member is signed in, the analytics identifier may be linked to the internal service user ID.
• As a principle, we do not send identifiable profile information such as the trainer nickname as an identification property to the analytics tool.

8. Handling of Friend Codes

The friend code is information you optionally enter, and when entered it is stored for service operation purposes.

If features such as friend search or public friend codes are introduced in the future and you choose to make it public, your friend code may be visible to other users. In that case, whether and to what extent it is public can be managed directly in the service settings, and we will provide separate notice before any disclosure. The default is private.

9. Your Rights and How to Exercise Them

You may exercise the following rights regarding your personal information at any time.

• Request access, correction, deletion, suspension of processing, or withdrawal of consent
• View and edit your trainer profile directly on the Settings page
• Delete directly via the withdrawal feature under Settings > Account
• The above rights may also be requested via the privacy officer email below.

10. Destruction of Personal Information

Personal information is destroyed without delay once the retention period expires or the purpose of processing is achieved. Electronic files are permanently deleted in an unrecoverable manner.

Upon account deletion, login data, auth tokens, sessions, and the trainer profile stored in our database are cascade-deleted and removed immediately.

11. Security Measures

• Encryption in transit (HTTPS)
• Minimized and separated access privileges for authentication and data
• Social login tokens are not used for external calls and are not separately accessed

12. Children Under 14

The Service does not permit sign-ups from children under the age of 14.

• We may include a step at sign-up to confirm that you are 14 or older.
• If a child under 14 is found to have signed up, the account and personal information will be deleted without delay.
• If we permit sign-ups from children under 14 in the future, we will establish a procedure to obtain the consent of a legal guardian.

13. Privacy Officer

For inquiries, complaints, or remedies regarding the processing of personal information, please contact us below.

• Privacy Officer: PoGoMate operator
• Email: pogomate.official@gmail.com

14. Changes to This Policy

This Privacy Policy may be revised in line with changes in law or the Service. We will notify you of any changes through an in-service notice.