Privacy Policy

Effective date: 2026-04-30

The Korean original is the legally binding version. This English translation is provided for reference only.

1. What we collect

Sign-up: email address (handled by Supabase Auth). Passwords are never stored in plain text on our server — Supabase hashes them.
Profile: handle (@), display name, avatar, bio — only what you enter yourself.
Content: patterns, makes, posts, polls, comments, fabric/notion stash, ♥, reports — saved when you create them.
Analytics: anonymized page views and behavior events (Google Analytics 4). Not loaded if you decline the consent banner.
Newsletter: email address + locale + signup source (footer / hero / etc.). Unsubscribable at any time.

Service delivery: pattern storage and sharing, community interactions, notifications.
Safe operation: abuse and spam prevention (rate limits, report handling).
Service improvement: anonymized analytics to understand which features are used.
Announcements: only newsletter subscribers receive product/event updates.

Default: we do not share your data externally without your consent.
Supabase (DB / Auth / Storage): data storage infrastructure. US region.
Google Analytics: anonymized statistics. Active only with consent.
Vercel: static hosting. Request logs (IP, User-Agent) are auto-collected and deleted after 30 days.
We may disclose data only when legally required by a competent authority.

Member info: kept until account deletion. Account deletion follows a separate policy (see Account Deletion).
Analytics: GA4 default 14 months, then auto-deleted.
Reports / disputes: kept 3 months after resolution, then deleted.
Newsletter: deactivated immediately on unsubscribe; row deleted permanently after 1 year.

Access: see all your written/saved content from your account page.
Update: profile, handle, posts can be edited directly.
Delete: account deletion is available from the account menu. We follow a GitHub-identical policy (oldest fork promoted, anonymous ghost reassignment).
Restriction: request via support email; processed within 14 days.

Essential: login session (Supabase Auth refresh token). Required for sign-in.
Optional: GA4 analytics cookies. Decline via the consent banner.
Functional: locale preference, first-visit banner dismissal, etc. (localStorage).

All traffic over HTTPS (TLS 1.2+).
DB access uses Row-Level Security (RLS) so members cannot read each other's private data.
Passwords never touch our server in plain text — Supabase Auth bcrypt hash.
Service role keys are kept in operator-only environment variables.

Privacy inquiries: support@sewinghub.app (under setup — temporarily use GitHub Issues).
Change history is tracked in our git repository.