Privacy Policy
Last updated: 2026-06-10
TrueSnap ("the Company") collects and uses personal information at sign-up under Article 15 and Article 22 of the Personal Information Protection Act of Korea (PIPA). This policy complies with the Google API Services User Data Policy and Google API Terms of Service, and clearly describes how Google user data accessed via Google Sign-In (OAuth) is handled. You have the right to refuse consent; however, refusing the required items will prevent membership registration and use of the service.
1. Information We Collect and Purpose
We collect only the following information for membership and service operation. [Required Items] A. At sign-up (Google OAuth) - Email address, name, profile image URL, Google account identifier (sub), consent records (timestamp, IP, User-Agent) - Purpose: account identification, session maintenance, identity verification, fraud prevention - We never collect or store passwords. B. At payment - Date and amount of payment, number of credits purchased, payment method type, transaction ID issued by the payment gateway - Purpose: payment processing, refunds, accounting/tax compliance, transaction proof - Card numbers and other sensitive payment data are handled directly by the PG provider; we do not store them. C. While using the service (auto-generated) - Web page content captured by you (evidence package: screenshots, HAR, page source, metadata, hashes) and its metadata (capture timestamp, target URL, package hash) - Service usage logs (access timestamp, IP, browser type) - Purpose: secure storage and delivery of capture results, service operation, security response [Optional Item (Marketing Communications Consent)] - Email address (same as the required item; used for marketing purposes only) - Purpose: announcements of new features, events, promotions, and discounts - This item is optional. Refusing it does not restrict membership or service use, and you can opt out anytime from the dashboard even after consenting.
2. How We Collect It
- From Google upon your consent during Google OAuth login - From the payment gateway upon transaction completion - Generated and uploaded by you during normal service use
3. Purpose of Use
Collected information is used solely for the following purposes: 1) Account identification and session maintenance 2) Credit payment processing, refunds, and accounting/tax compliance 3) Safe storage and delivery of your captured evidence packages 4) Service operation, maintenance, fraud prevention, and security incident response 5) Compliance with legal obligations and dispute handling
4. Retention Period
Personal information is destroyed without delay once the purpose of collection and use has been achieved. Where required by law, it is retained for the periods below. - Account info and consent records: until membership is terminated (destroyed promptly upon termination) - Payment / transaction records: 5 years (Act on the Consumer Protection in Electronic Commerce, Art. 6) - Records on display/advertising: 6 months (same Act) - Records on consumer complaints or dispute handling: 3 years (same Act) - Captured evidence packages: until you delete them (deleted promptly upon your request) - Access logs / IP: up to 3 months (Protection of Communications Secrets Act, Art. 15-2) - Marketing consent records: until consent is withdrawn
5. Sharing & Sub-processors
We do not share your personal information with third parties without your consent. The following sub-processors are used solely to operate the service: - Authentication: Google LLC (Google OAuth) - Payment processing: PortOne We may disclose information to authorities only when required by law.
6. Your Rights
You may at any time request access, correction, deletion, suspension of processing, or withdrawal of consent (membership termination) regarding your personal information. If you consented to marketing communications, you may withdraw that consent at any time without any disadvantage to other service usage. You can do this from your dashboard or by contacting us; requests are handled without undue delay. ※ Children under 14 cannot register without the consent of a legal guardian. The Company does not collect personal information of children under 14.
7. Security Measures
- No password storage: authentication is via Google OAuth only - Transport encryption (HTTPS/TLS) - Principle of least privilege and access logging - Integrity verification of captured data (SHA-256 hashing & blockchain anchoring)
8. Cookies and Similar Tools
We use essential cookies to maintain your login session. You may disable cookies in your browser settings, but some service features such as login may then be unavailable.
9. Changes to This Policy
This policy may be updated to reflect legal or service changes. We will notify you in-product at least 7 days (30 days for material changes) before the new version takes effect.
10. Privacy Officer & Contact
Privacy Officer / Personal Information Protection Manager - Name: Jin Yujeong - Position: CEO - Phone: 070-8064-7132 - Email: support@truesnap.ai For privacy questions, please reach us using the contact information above.
11. Google User Data (Google API Services User Data Policy Compliance)
TrueSnap uses Google OAuth 2.0 for member authentication and complies with the Google API Services User Data Policy and Google API Terms of Service. [Google User Data We Access and Collect] When you sign in with Google, we access and collect only the following information within the openid, email, and profile OAuth scopes you authorize: - Email address (email) - Display name (name) - Profile photo URL (picture) - Google account unique identifier (sub) We do not access Gmail, Google Drive, Google Calendar, contacts, or any other Google service data outside these scopes. We never collect or store your Google account password. [How We Use Google User Data] Google user data we collect is used, processed, and managed solely for: - Creating and identifying your member account and maintaining login sessions - Identity verification and account security (fraud and account takeover prevention) - Essential service communications (payments, evidence packages, etc.) via email We do not use Google user data for advertising targeting, AI/machine learning model training, selling or renting data, or profiling unrelated to Google Sign-In. [Sharing of Google User Data] We do not sell Google user data and do not share it with third parties except as needed to provide Google Sign-In and the Service: - Google LLC: Minimal information is exchanged with Google's authentication servers as part of the standard OAuth 2.0 flow. - Payment processor (PortOne): Google user data is not transmitted during payment processing. We may disclose information to authorities only when legally required. [Storage and Protection of Google User Data] - Storage: PostgreSQL database operated on trusted cloud infrastructure - Transport encryption (HTTPS/TLS) - Least-privilege access and access logging - Session and auth tokens protected via httpOnly cookies and industry-standard practices - No password storage (Google OAuth authentication only) [Retention and Deletion of Google User Data] - Retention: Until you delete your account. Profile information from Google (email, name, profile photo URL, sub) is deleted promptly upon account deletion. - Deletion requests: Delete your account from the dashboard, or email support@truesnap.ai. We process requests within 7 business days. - Revoke Google access: You can disconnect TrueSnap at https://myaccount.google.com/permissions.