WhiteVine Privacy Policy
- Established Date: May 12, 2026
- Effective Date: May 12, 2026
- Operator: YEONGBHIN KIM
- Contact: [email protected]
This Privacy Policy explains how YEONGBHIN KIM ("Operator") processes personal information in connection with the WhiteVine mobile application ("Service").
1. Purposes of Processing
The Operator processes personal information for the following purposes:
- Account registration and management: account creation, account maintenance, identification, authentication, required-consent confirmation, and abuse prevention.
- Providing the Service: providing WhiteVine's force-directed 3D social networking service, posts, profiles, feeds, and cosmos visualization based on user-entered tags and categories.
- User interaction features: operating friend, block, report, and related interaction features.
- User safety and service operation: report handling, automatic hiding of reported sexual or violent content, abuse prevention, dispute handling, and user support.
2. Personal Information We Process
2.1 Information Collected During Registration
- Required: email address or Sign in with Apple identifier, password for email sign-up where applicable, handle/display name, and required-consent records.
- Optional: profile image and profile text.
2.2 Information Created or Collected During Use
- posts, text, images, coordinate data, tags, categories, relationship information, and comments;
- friend, block, and report records;
- cosmos position data and tag/category connection information calculated by the server force engine;
- service usage records, access time, IP address, device information, operating system, device identifier, and app version.
2.3 Additional Information Processed
- The Service currently does not process additional personal information during sign-up.
3. Retention and Deletion
- The Operator keeps personal information for the period needed for the purposes described in this Policy or for the period consented to by the User.
- When a User deletes an account, the Operator deletes the User's personal information from active Service systems without undue delay, and some related information may be deleted together through database cascade deletion. However, information that must be retained under applicable law, security requirements, backup systems, or dispute-handling needs may be kept for the required or reasonably necessary period.
| Category | Retention Period |
|---|---|
| Account registration information, including email, handle, and password hash | until account deletion |
| User Content, including posts, images, coordinate data, tags, categories, relationship information, and comments | until account deletion or content deletion by the User, unless retention is required as described above |
| Service usage records, including IP address, device information, access time, and app version | for the period reasonably needed for security, debugging, abuse prevention, or legal compliance |
| Abuse, report, fraud-prevention, and security records | for the period reasonably needed to handle reports, prevent repeated abuse, protect the Service, or comply with law |
| Backup records | for a limited period needed for disaster recovery, security, and system integrity |
4. Sharing and Disclosure
- The Operator uses personal information only for the purposes described in this Policy.
- The Operator may share or disclose information when:
- the User has consented;
- required by law, legal process, or a lawful request from a competent authority; or
- reasonably necessary to protect the life, safety, property, rights, or security of a User, the Operator, the Service, or a third party.
5. Service Providers
The Operator uses service providers to operate the Service.
| Service Provider | Purpose | Retention |
|---|---|---|
| Supabase Inc. or successor provider | authentication, user information processing, content storage, and database operation | until account deletion or the end of the service-provider relationship |
| Apple Inc. | iOS authentication, App Store distribution, and Apple Push Notifications service integration | until account deletion or the end of the service-provider relationship |
Service providers process information only as needed to provide services to the Operator.
The Operator acts as the controller for personal information processed through the Service. Service providers process personal information on behalf of the Operator under applicable service-provider or data-processing terms.
5.1 International Data Transfers
Personal information may be processed in countries other than the country where a User lives, including the United States and other locations where the Operator's service providers operate.
Where personal information of residents of the European Economic Area, the United Kingdom, or Switzerland is transferred outside those regions, the Operator relies on appropriate safeguards where required, such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, an adequacy decision, or another lawful transfer mechanism.
For Korean residents, where required by the Personal Information Protection Act, the Operator provides separate notice of the recipient, country, purpose, retention period, and right to refuse the transfer at the time of consent.
Users may request information about the applicable transfer mechanism by contacting the Operator at the email listed in this Policy.
6. User Rights and Choices
- Users may access, correct, or delete account information through the app where the feature is available.
- Users may contact the Operator by email to request access, correction, deletion, restriction of processing, withdrawal of consent, or other privacy assistance.
- Users must not violate another person's privacy or misuse another person's personal information.
- If the Service collects personal information from a child under 14, consent from a parent or legal guardian is required. If the Operator learns that a child under 14 created an Account without required guardian consent, the Operator may restrict the Account or delete the Account and related information.
- Users, parents, or legal guardians may contact the Operator using the contact information in Section 10 to request access, correction, deletion, or other assistance related to personal information of a child under 14.
7. Deletion of Personal Information
- When personal information is no longer needed, the Operator deletes it without undue delay.
- When a User deletes an account, account information is deleted from active Service systems through an automated deletion process where technically supported.
- Electronic information is deleted through database deletion and cascade deletion where supported, subject to legally required retention, limited backup records, security records, and dispute-handling records.
8. Security
The Operator uses reasonable safeguards to protect personal information, including:
- limiting access to personal information;
- password protection through authentication infrastructure, including one-way password hashing where email sign-up is used;
- TLS encryption during transmission;
- storage and infrastructure protections provided by service providers, including provider-level encryption at rest where available;
- periodic review of privacy and security practices.
9. Automatically Collected Information
- The Service may automatically collect device identifiers, access logs, IP address, app version, and similar technical information for service operation, abuse prevention, security, debugging, and statistics.
- Users may limit some collection through device settings or by deleting the app, but some features may not work without necessary technical information.
9.1 Automated Processing and Force Engine
The Service uses a force-directed algorithm and tag/category connection processing (the "Force Engine") to calculate positions and connections used in the cosmos visualization. The Force Engine may process tags, categories, relationship information, and similar Service data to produce visualization coordinates and connection information.
Unless otherwise separately notified, cosmos coordinates are virtual visualization coordinates inside the Service and are not GPS, cellular, or real-world location information.
The Force Engine is intended to support visualization and Service operation. It is not intended to make decisions that produce legal effects or similarly significant effects on Users within the meaning of GDPR Article 22. Users may contact the Operator to request meaningful information about the logic involved or to request human review where applicable.
10. Privacy Contact
- Privacy contact: YEONGBHIN KIM, Operator
- Email: [email protected]
Users may contact the Operator with privacy questions, complaints, or requests.
11. Changes to This Privacy Policy
The Operator may update this Privacy Policy when the Service, processing items, retention period, service providers, or policies change. Material changes will be announced through the app, website, or another reasonable method.
12. Notice to EEA, UK, and Swiss Users
If a User is located in the European Economic Area, the United Kingdom, or Switzerland, the following additional terms apply.
The Operator is the controller for personal information processed through the Service. The Operator relies on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| account creation, authentication, and providing the Service | performance of a contract |
| abuse prevention, security, fraud detection, and service protection | legitimate interests |
| compliance with legal obligations and lawful requests | legal obligation |
Subject to applicable conditions and exceptions, Users in these regions may have the right to access, correct, erase, restrict processing of, or receive a portable copy of their personal information; object to processing based on legitimate interests; withdraw consent; and not be subject to a decision based solely on automated processing that produces legal or similarly significant effects.
Users may exercise these rights through in-app account settings where available or by contacting the Operator. The Operator will respond within the period required by applicable law.
Users may also lodge a complaint with their local data protection authority. EEA authorities are listed by the European Data Protection Board, and UK residents may contact the UK Information Commissioner's Office.
13. Notice to California Residents
If a User is a California resident, this section explains rights and practices under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
The Service may collect the following categories of personal information: identifiers, internet or other electronic network activity information, user-provided audio or visual information such as profile images, and inferences or derived information such as cosmos positions and tag/category connections. The Operator collects this information directly from Users and through use of the Service for the purposes described in Section 1.
The Operator discloses personal information to service providers for the purposes described in Section 5. The Operator does not sell personal information or share personal information for cross-context behavioral advertising as defined by California law.
California residents may have the right to know, access, delete, correct, opt out of sale or sharing, and not be discriminated against for exercising privacy rights. Because the Operator does not sell or share personal information for cross-context behavioral advertising, the opt-out right for sale or sharing is not applicable to current Service operation.
Users may submit verifiable requests by contacting the Operator at the email listed in this Policy. The Operator may verify a request by confirming control of the email address associated with the Account or by another reasonable method.
14. Security Incident Notification
If the Operator becomes aware of a personal data breach that is likely to result in a risk to affected Users, the Operator will notify affected Users without undue delay through the app, by email, or through a website notice where appropriate.
Where applicable law requires, the Operator will also notify the relevant supervisory authority within the required period. The notice may include the nature of the incident, categories of information involved, likely consequences, measures taken or proposed to address the incident, and a contact point for further information.
Operator Information
- Operator: YEONGBHIN KIM
- Privacy contact: [email protected]