Dripbook Privacy Policy

Publication Date 2026-05-11 · Effective Date 2026-05-11 · v1.0

Bublica ("the Company") respects the privacy of its users and is committed to protecting personal information in accordance with applicable laws, including the Korean Personal Information Protection Act (PIPA), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). This Privacy Policy explains how we collect, use, share, and protect your information when you use our mobile application Dripbook (Bundle ID: com.bublica.dripbook).

1. Information We Collect

1-1. Automatically Collected (on app install and use)

Category	Data	Notes
Identifier	Advertising Identifier (IDFA)	Only with your ATT consent
Identifier	Vendor Identifier (IDFV)	iOS standard, reset on app deletion
Device Info	iOS version, device model, screen resolution, language/region
Usage Logs	App launch/exit time, navigation events, ad impression and click logs
Diagnostics	Crash logs, performance metrics
Network	IP address, access timestamp	For ad delivery and abuse prevention
Server operation logs	Logged-in user email, AI scan call timestamp, response result (success/failure), recognition metadata (roastery, bean name, origin, roast level)	Collected on our backend for monitoring, usage limits, and abuse prevention

1-2. User-Provided Information

Category	Data	Collection Trigger
Account credentials	Email address, password	On sign-up / sign-in (stored in device localStorage only; never transmitted to our servers)
Recipe data	User-entered coffee recipes, notes, ratings, favorites list	Stored locally in-app (device localStorage, not sent to server)
App preferences	Language setting, "remember me" flag	Stored locally in-app (device localStorage)
Inquiry	Email address, message body	When you contact support
Bean bag image	Photos of coffee bean packaging you upload	When using AI analysis (see § 15)

1-3. Device Permissions (used only with your explicit consent)

Dripbook uses the following iOS permissions, all of which trigger a system permission dialog on first use.

Permission	Purpose	How We Handle It
Camera (`NSCameraUsageDescription`)	Take a photo of your coffee bag for AI recognition	The captured image stays in memory and is sent off-device only when you trigger AI analysis (see § 15)
Photo Library — Read (`NSPhotoLibraryUsageDescription`)	Select an existing bean-bag photo from your gallery	Only the photo you actively select is processed
Photo Library — Add (`NSPhotoLibraryAddUsageDescription`)	Save a recipe card image to your gallery (optional feature)	Triggered only by your explicit save action

Denying any permission still allows full use of the manual entry flow and other core features. You can change permissions anytime in iOS Settings → Dripbook.

1-4. Automatic Collection via Advertising SDK

The app integrates the following advertising SDK. Some data is collected and processed directly by the third party (Google LLC) on our behalf.

SDK	Google Mobile Ads SDK for iOS (Capacitor wrapper: `@capacitor-community/admob` v8.x)
AdMob App ID	`ca-app-pub-7332080403904454~5549308360`
SKAdNetwork	38 SKAdNetwork identifiers registered (Apple's privacy-preserving ad attribution standard)
Data collected	Advertising identifier (IDFA, only with ATT consent), device info, ad impression / click data, approximate IP-based location (country / city level)
Content rating filter	Maximum Ad Content Rating is enforced so that ads inconsistent with our app's age rating are filtered out

For more detail, see the Google Privacy Policy:
👉 https://policies.google.com/privacy

2. How Long We Keep Your Data

Item	Retention	Basis
Account credentials (email, password)	Until account deletion or app uninstall (stored in device localStorage; not sent to server)	User consent
Auto-collected (IDFA, device info, usage)	12 months from collection, or until deletion request	User consent
Recipe data, favorites, app preferences (local)	Until app is deleted (device localStorage, not sent to server)	—
Server operation logs (email, call time, recognition meta)	Up to 30 days (Railway log retention policy)	Operations / abuse prevention
Monthly AI scan usage counter	Auto-resets on the 1st of every month (UTC); held in server memory	Usage management
Inquiry email records	3 years after resolution	e-Commerce Act § 6 (KR)
Ad-related logs (AdMob)	14 months	Google AdMob policy
Crash / diagnostic logs	90 days	Operations
Uploaded images for AI analysis	Not stored on our server (passes through memory and is discarded immediately). Anthropic side: up to 30 days	Anthropic data policy

3. Sharing With Third Parties

We share your information only to the extent necessary for the purposes described in §§ 4 and 5, and only with your consent or as required by law.

Recipient	Purpose	Data Shared	Retention
Google LLC (AdMob)	Ad delivery, performance measurement, personalized advertising	IDFA (with consent), device info, ad identifiers, IP	Per Google policy (~14 months)
Apple Inc.	App distribution, in-app diagnostics, attribution (App Store Connect, TestFlight, SKAdNetwork)	Device info, crash logs, in-app purchase info (if introduced)	Per Apple policy
Anthropic, PBC	AI image analysis of coffee bean bags (Claude Sonnet model)	Image uploaded by user (Base64), analysis prompt	Up to 30 days (Anthropic policy)

We do not sell your personal information.

4. Processing on Our Behalf (Sub-processors)

Processor	Service	Country
Railway Corp.	Backend hosting, server operation logs (infrastructure)	United States
Google LLC	Ad serving and analytics (Google AdMob, Google Mobile Ads SDK)	United States
Apple Inc.	App distribution, in-app diagnostics, ad attribution (App Store Connect, TestFlight, SKAdNetwork)	United States
Anthropic, PBC	AI-based bean bag image analysis (Claude Sonnet)	United States

5. International Data Transfers

Because Dripbook integrates Google AdMob, Apple App Store, Anthropic AI, and is hosted on Railway, certain data is transferred outside Korea.

Recipient	Country	When & How	Data	Purpose	Retention
Railway Corp.	USA	On API call, HTTPS	Email, IP, call timestamp, recognition meta	Backend hosting / logs	Up to 30 days
Google LLC	USA	On ad call, network	IDFA, device info, IP	Ad delivery	14 months
Apple Inc.	USA	On app install/launch, network	Device info, crash logs, SKAdNetwork attribution data	App distribution / diagnostics / ad attribution	Per Apple policy
Anthropic, PBC	USA	On AI analysis use, HTTPS	Uploaded image (Base64), analysis prompt	Image AI analysis	Up to 30 days

You may refuse international transfers under § 7 below; some features (such as personalized ads) may then be limited.

6. App Tracking Transparency (ATT)

Per Apple's App Tracking Transparency framework, Dripbook requests your explicit consent before using the IDFA.
You can grant or deny tracking when the system permission prompt appears on first launch.
Denying tracking does not affect any core feature; you will only see non-personalized ads.
Even when you deny tracking, Apple's SKAdNetwork may still perform privacy-preserving attribution; this uses only anonymized data and cannot identify you individually.
You may revoke or grant consent anytime in iOS Settings → Privacy & Security → Tracking.

7. Your Rights

You may exercise the following rights at any time:

Access your personal information
Request correction or deletion
Request restriction of processing
Withdraw consent
Account deletion (see § 16)
Under GDPR (EEA users): Right to data portability, right to lodge a complaint with your supervisory authority
Under CCPA (California users): Right to know what we collect, right to delete, right to opt-out of sale (we do not sell personal information)

How to exercise:

📧 Email: bublica@naver.com
📮 Postal: 48-8 Hotan-gil, Geumnam-myeon, Sejong, Republic of Korea (2nd floor)

8. Data Destruction

When personal data is no longer needed, we destroy it without delay.

Electronic files: securely deleted (logical + physical destruction)
Paper documents: shredded or incinerated

9. Security Measures

Account credentials (email and password) are stored only on the user's device and never transmitted to our servers — server-side compromise cannot expose user passwords
All traffic encrypted with HTTPS / TLS 1.2+ (including our custom domain dripbook.bublica.com)
The X-User-Email header used for API user identification is transmitted only within HTTPS-encrypted channels
Per-account monthly AI scan call limit (30 / month) enforced server-side to block abnormal call patterns
Least-privilege access controls
Intrusion detection and prevention
Regular security patching and vulnerability checks
Designated Data Protection Officer (see § 12)

10. Automatic Collection Tools and Opt-Out

Dripbook uses IDFA, IDFV, and device localStorage for advertising and service improvement.
localStorage usage: login session, favorites list (max 10), language setting, "remember me" flag — stored only on your device, never sent to our server.
You may block tracking and clear local storage at any time:
- iOS Settings → Privacy & Security → Tracking → "Allow Apps to Request to Track" OFF
- iOS Settings → Privacy & Security → Apple Advertising → "Personalized Ads" OFF
- Delete the app: removes all locally stored data on the device.
If you block tracking, you'll see only non-personalized ads.

11. Children's Privacy

Dripbook's App Store age rating is 12+. However, in compliance with the Korean Personal Information Protection Act (Article 22-2), we do not collect personal information from children under 14 in Korea without verifiable consent from a legal guardian.
During sign-up, the user confirms they are 14 or older. If we discover that an account was created by someone under 14 without legal-guardian consent, we delete the account and all related data immediately.
Parents or legal guardians who suspect their child under 14 is using this app may notify us at bublica@naver.com; we will erase the relevant data without delay.
Ad content is filtered via Maximum Ad Content Rating to ensure only ads compatible with the 12+ rating are served.

12. Data Protection Officer (DPO)

Name: Hyunmin Park
Role: Representative
Email: bublica@naver.com
Phone: +82 10-6404-8155

13. Complaints & Remedies (Korea)

Authority	Phone	Website
Personal Info Dispute Mediation Committee	1833-6972	www.kopico.go.kr
Personal Info Infringement Center (KISA)	118	privacy.kisa.or.kr
Cybercrime Investigation Unit	1301	www.spo.go.kr
National Police Cyber Bureau	182	cyberbureau.police.go.kr

14. AI Image Analysis

Dripbook uses Anthropic Claude Sonnet (claude-sonnet-4-6 or successors) for automatic bean bag image recognition.

14-1. Purpose

To extract roastery, bean name, origin, process method, roast level, and flavor notes from a user-uploaded coffee bean bag image.

14-2. Model & Processor

Model	Anthropic Claude Sonnet (`claude-sonnet-4-6`)
Processor	Anthropic, PBC
Processing Location	United States
Transport	HTTPS / TLS encryption

14-3. Data Flow

You take or upload a coffee bean bag photo in-app.
Our backend (Dripbook server, Railway hosting) Base64-encodes the image and sends it to the Anthropic API (https://api.anthropic.com/v1/messages).
Anthropic's API returns analysis results in JSON.
Our server forwards only the JSON results to the app; the original image is never persisted on our servers (passes through memory and is immediately discarded).
For monitoring and abuse prevention, only the call metadata (email, timestamp, recognition summary: roastery, bean name, origin, roast level) is recorded in our server logs and retained for up to 30 days (see § 1-1).

14-4. Anthropic Data Policy

Anthropic does not use API data for model training (default policy).
Anthropic retains received data for up to 30 days for operational and safety review, then deletes it.
More: Anthropic Privacy Policy

14-5. Usage Limits

To protect against abuse and runaway costs, AI scan calls are limited to 30 per account per month. The counter resets automatically on the 1st of every month (UTC). The Manual Entry flow is unlimited and unaffected by this cap.

14-6. Your Rights and Cautions

You may decline to use the AI analysis feature; doing so only restricts that specific feature and does not affect other Dripbook functionality.
Please do not include identifying information (ID cards, business cards, faces, etc.) in your uploaded images. We are not liable for personal information exposure caused by your own carelessness.

15. Changes to This Policy

This Privacy Policy applies from the effective date. We will notify users of any changes at least 7 days before they take effect via in-app notice or this page.
For material changes affecting user rights, notice will be given at least 30 days in advance.

16. Account Deletion

You may delete your account and associated data at any time.
In-app deletion (recommended): Tap [Account → Delete account] in the top-right of the app. The following data is deleted immediately and automatically:
- Device localStorage: account credentials (email, password), favorites, review & auto-tune data, app preferences
- Server in-memory monthly AI scan usage counter
Server operation logs (email, call timestamps, recognition metadata) are automatically discarded according to our retention policy — up to 30 days from collection (see § 2). No separate manual deletion request is required.
Email request (fallback): If you cannot use the app, you may email bublica@naver.com; we will process the request within 7 days.
Data legally required to be preserved (e.g. inquiry records for 3 years under the e-Commerce Act) will be held in isolated storage for the prescribed period and then destroyed.

17. Governing Law and Disputes

This Privacy Policy is governed by the laws of the Republic of Korea.
Any disputes shall be brought in the competent courts of Korea under the Civil Procedure Act.

Appendix

Publication	2026-05-11
Effective	2026-05-11
Current Version	v1.0
Operator	Bublica
Representative	Hyunmin Park
Business Reg. No.	656-79-00658
Mail-Order Reg. No.	N/A
Address	48-8 Hotan-gil, Geumnam-myeon, Sejong, Republic of Korea (2nd floor)
Email	bublica@naver.com
App Name	Dripbook
Bundle ID	`com.bublica.dripbook`
Policy URL	https://dripbook.bublica.com/privacy/en

Revision History

Version	Date	Changes
v1.0	2026-05-11	Initial publication