PaintLaterPAINTLATER

Privacy Policy

Effective Date: April 7, 2026

1. Personal Information Collected

PaintLater collects the following personal information to provide services.

  • Email address
  • Nickname
  • Profile image
  • Bio, interest tags, painting experience level (optional)
  • Social media links — Instagram, YouTube, X (Twitter), website (optional)
  • Google profile information (when using Google login)
  • Kakao profile information (when using Kakao login)
  • Apple profile information (when using Apple login)

2. Purpose of Collection

  • User identification and authentication
  • Providing miniature painting record management services
  • Delivering service-related notices and push notifications
  • Providing AI painting guide, recoloring, and painting evaluation services
  • Operating community and gallery services
  • Service improvement and statistical analysis

3. Retention Period

Collected personal information is destroyed without delay upon account deletion. However, the following data is retained for the specified periods: Contract/transaction records under the Act on Consumer Protection in Electronic Commerce (5 years); connection logs under the Protection of Communications Secrets Act (3 months). Data transmitted for AI services is not separately stored on PaintLater servers after generating results.

4. Third-Party Provision and Delegation

PaintLater uses the following external services to provide its features, and only the minimum necessary information is transmitted.

  • Google OAuth: Social login authentication
  • Kakao OAuth: Social login authentication
  • Apple OAuth: Social login authentication
  • Firebase Cloud Messaging (FCM): Push notification delivery (device tokens)
  • OpenAI API: AI painting, AI painting guide, AI coaching (uploaded images, text descriptions, owned paint information)
  • Cloudflare R2: Image storage and delivery
  • Google Analytics: Service usage statistical analysis (login methods, content creation/search events, page visit patterns)

Beyond the above, PaintLater does not provide users' personal information to third parties. However, exceptions apply when required by law.

5. Cookies and Authentication

PaintLater uses JWT (JSON Web Token) based authentication tokens to maintain login status. In web environments, tokens are stored as HttpOnly cookies; in mobile app environments, tokens are stored in the app's local storage (localStorage).

6. Image and AI Data Processing

Images uploaded by users and AI service usage are processed as follows.

  • Miniature photos, progress log photos, etc. are transmitted via encrypted connection (HTTPS) and stored in Cloudflare R2.
  • When using AI painting, AI painting guide, or AI coaching, uploaded images, text descriptions, and owned paint brand/color information are sent to the OpenAI API.
  • Data sent to OpenAI is used solely for generating AI results for PaintLater, and OpenAI's privacy policy applies.
  • When users delete their content, stored images are also deleted.

7. Paint Data

Paint color information and conversion (color matching) data provided by the service are based on product information and conversion charts published by each manufacturer and do not constitute personal information. Paint inventories and painting records registered by users are managed in connection with their accounts and will be deleted upon account deletion.

8. User Rights

Users may exercise the following rights at any time.

  • Request to view personal information
  • Request to correct personal information
  • Request to delete personal information
  • Account deletion

9. Contact

For inquiries regarding personal information, please contact us below.

Email: paintlater@proton.me

Operator: Beomsoo Kim

Website: https://paintlater.org

10. Children's Privacy

PaintLater is not directed at children under 14 years of age and does not knowingly collect personal information from them. If we become aware that a user under 14 has registered, the account and associated personal information will be deleted without delay. Parents or guardians may request deletion by contacting paintlater@proton.me.

11. Data Security

PaintLater implements the following security measures to protect users' personal information.

  • All data transmissions are encrypted via SSL/TLS (HTTPS).
  • Authentication tokens are stored in HttpOnly cookies or the app's local storage (localStorage).
  • Passwords are stored using one-way hashing.
  • Server access is restricted to authorized administrators only.

12. International Data Transfer

PaintLater's servers are located in South Korea, and image storage (Cloudflare R2) is served through a global CDN. When using AI features, data may be transmitted to OpenAI servers located in the United States, and is processed only within the scope necessary for service provision.

13. Account Deletion

Users can delete their account at any time through 'My Page > Account Management > Delete Account' in the app. Upon account deletion, all personal information, posts, and images are immediately and irreversibly deleted. If deletion through the app is difficult, users may request deletion by emailing paintlater@proton.me. Email requests will be processed within 2 business days.