FactBOGI
Submit Opinion

Privacy Policy

This Privacy Policy sets out how the individual operator (hereinafter "Operator") of the FactBOGI service (hereinafter "Service") processes personal data. The Operator protects Users' personal data in accordance with applicable law and has established and published this Privacy Policy to ensure prompt resolution of related concerns.

Section 1. Purpose of Processing Personal Data

We process personal data for the following purposes. Personal data processed shall not be used for purposes other than those listed below. If the purposes change, we will take necessary measures such as obtaining separate consent.

  1. Member registration and identity verification
  2. Service usage records management and prevention of unauthorized use
  3. Sending authentication codes via email
  4. Service improvement and statistical analysis (anonymized)
  5. Collection and analysis of service usage statistics via Google Analytics (GA4)
  6. Detection of security threats and blocking of abnormal access

Section 2. Categories of Personal Data Processed

We process the following personal data to provide the Service.

  • Collected at registration: Name (nickname), email address, password (bcrypt one-way encryption), date and time of consent to terms
  • Automatically collected during service use:
    • IP address (access and activity records)
    • Country of access (automatically detected by Vercel infrastructure)
    • Browser/device information (User-Agent)
    • Device identifier (Device ID): A UUID-format identifier is generated and stored in browser localStorage upon login
    • Risk score: Automatically calculated (0–100+) based on new device, country change, and multiple session status
  • Activity records:
    • Like/Dislike voting history (voter ID or IP, vote timestamp)
    • Report content (reason and description, stored with AES-256-GCM encryption)
    • Encrypted backup of original Opinion upon blind processing (AES-256-GCM)
  • GA4 collection: Page visit, click, scroll events; device and browser information (cookie-based)

Passwords are stored as one-way encrypted values (bcrypt) and cannot be viewed by anyone, including the Operator.

Section 3. Methods of Collection

  1. Collected when Users directly enter information during member registration.
  2. IP address, country of access, browser information, and device identifiers are automatically collected during use of the Service.
  3. A device identifier (UUID) is generated and stored in browser localStorage upon login.

Section 4. Retention and Use Period

  1. Upon member withdrawal, basic member information (name, email) is destroyed without delay, unless retention is required by applicable law, in which case the data is retained for the required period.
  2. Email authentication codes are valid for 10 minutes after issuance and are automatically destroyed upon expiration.
  3. Device sessions (DeviceSession) are destroyed 30 days after the last activity.
  4. Device identifiers (localStorage) are destroyed when the User deletes browser localStorage.
  5. Access logs and IP addresses are destroyed within a maximum of 3 months for purposes of unauthorized use prevention.
  6. Like/Dislike voting activity history (VoteActivity) is destroyed within a maximum of 1 year.
  7. Report data is retained for 1 year after processing completion (review or rejection) and then destroyed. Unprocessed reports are retained.
  8. Blind backups (encrypted original Opinions) are retained for 1 year from the date of blind processing and then destroyed.
  9. Statistical data collected through GA4 is automatically deleted after 14 months pursuant to Google Analytics settings.

Retention periods required by applicable law:

  • Communications records pursuant to the Protection of Communications Secrets Act: 3 months
  • Records of representations and advertisements pursuant to the Electronic Commerce Act: 6 months

Section 5. Provision to Third Parties

The Operator does not provide personal data to third parties without the User's consent. However, exceptions apply in the following cases:

  • When required by law or upon lawful request by investigative authorities
  • When the User has given prior consent

Section 6. Processing Consignment and Cross-Border Transfers

The Operator consigns the processing of personal data to the following companies for service operations. These companies are subject to cross-border data transfers pursuant to applicable privacy regulations and are managed in accordance with each company's data processing policies.

ProcessorPurposeLocation
Neon Inc.Database (PostgreSQL) hostingUnited States
Upstash Inc.Session cache (Redis) storageUnited States
Vercel Inc.Web service hosting and server operationsUnited States
Resend Inc.Email authentication code deliveryUnited States
Google LLCService usage statistics (GA4) collection and analysisUnited States

Section 7. User Rights and How to Exercise Them

  1. Users may access or modify their personal data at any time.
  2. Users may request deletion of personal data by withdrawing membership.
  3. Users may withdraw consent to personal data processing, in which case use of the Service may be restricted.
  4. Inquiries regarding personal data may be made through the in-service inquiry function or by contacting the Privacy Officer at the email address in Section 11.

Section 8. Destruction of Personal Data

  1. The Operator destroys personal data without delay upon expiration of the retention period or achievement of the processing purpose.
  2. Personal data in electronic file format is permanently deleted in a manner that prevents recovery.
  3. Encrypted backup data (report content, blind backups) is permanently deleted from the database after the retention period expires.

Section 9. Security Measures

The Operator implements the following measures to ensure the security of personal data.

  1. Passwords are stored with one-way encryption (bcrypt).
  2. Report content and blind backup originals are encrypted and stored using AES-256-GCM.
  3. Access to personal data is restricted to a minimum number of personnel.
  4. Data transmission encryption via HTTPS is applied.
  5. A security session management system is operated that requests email authentication upon detection of new devices or abnormal access.

Section 10. Use of Cookies and Local Storage

  1. Session cookies: Used to maintain login status. Deleted upon browser closure or retained for up to 7 days.
  2. GA4 cookies: Used for the purpose of collecting service usage statistics via Google Analytics.
  3. Device identifier (localStorage): A UUID-format identifier is stored in browser localStorage for security-based device recognition. If the User deletes browser localStorage, the device will be recognized as new and email authentication may be requested.
  4. Users may refuse cookie storage through browser settings, in which case use of services requiring login may be restricted.

Section 11. Privacy Officer

Users may contact the Privacy Officer below for all inquiries, complaints, or requests for redress regarding personal data protection arising during the use of the Service.

  • Name: Individual Operator
  • Email: privacy@factbogi.com

For reports or consultations regarding other personal data infringements, contact the following authorities:

  • Personal Data Infringement Report Center (privacy.kisa.or.kr / 118)
  • Supreme Prosecutors' Office Cyber Investigation Division (spo.go.kr / 1301)
  • National Police Agency Cyber Safety Bureau (cyberbureau.police.go.kr / 182)

Section 12. Changes to This Policy

If this Privacy Policy is changed, notice will be provided through the Service. The revised policy takes effect from the date of notice.

Section 13. Additional Rights for EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area:

Legal Basis for Processing:

We process your personal data based on:

  • Article 6(1)(b): Performance of a contract (account registration, service provision)
  • Article 6(1)(f): Legitimate interests (security, fraud prevention, service improvement)

Your Rights Under GDPR:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Request correction of inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your personal data
  • Right to Restriction of Processing (Art. 18): Request restriction of processing
  • Right to Data Portability (Art. 20): Receive your data in a structured, commonly used format
  • Right to Object (Art. 21): Object to processing based on legitimate interests

International Data Transfers: We transfer data to processors in the United States (Neon, Upstash, Vercel, Resend, Google). These transfers are made under Standard Contractual Clauses (SCCs) as approved by the European Commission.

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

Contact: privacy@factbogi.com

Section 14. California Privacy Rights (CCPA)

If you are a California resident:

  • We do not sell your personal information to third parties.
  • You have the right to know what personal information we collect and how we use it.
  • You have the right to request deletion of your personal information.
  • We will not discriminate against you for exercising your privacy rights.

To exercise your rights, contact: privacy@factbogi.com

Effective Date: February 27, 2026

Last Updated: March 3, 2026

Back to Home