Privacy Policy (May 2025 Revision)
Last updated: April 22, 2025
Routinery Inc. ("Company") complies with applicable global data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection Act of South Korea. This Privacy Policy describes how we collect, use, store, and protect your personal information.
By accessing or using our service, you acknowledge that you have read and agree to be bound by this Privacy Policy and our Terms of Use.
1. Purpose of Personal Data Processing
We process personal data for the following purposes:
Users may provide or withdraw their consent to receive promotional messages by adjusting their preferences during sign-up or through in-app settings. This opt-in process is available at the time of account registration or guest profile creation.
- Account registration and management
To manage membership status, prevent misuse, and send notifications or announcements
- Customer support
To verify user identity, handle inquiries, and provide responses
- Service provision
To offer app features, content, and personalized user experiences
- Operational messaging (non-marketing)
To guide user experience based on app usage, such as reminders to complete onboarding or track routines, feature usage tips, or weekly performance summaries
These messages are considered service operations and do not require prior consent. Users may opt out via in-app settings.
- Marketing and promotional messaging (with consent)
To send newsletters, discounts, product updates, or promotional offers
Promotional messages, such as those about discounts or premium features, are sent based on user consent in accordance with applicable laws.
You can check or withdraw your consent at any time by navigating to [Profile] → [Account Settings] → [Marketing Preferences] within the app.
2. Retention and Use Period
We retain personal information only for the duration necessary to fulfill the purposes described above and in accordance with applicable legal obligations:
- We retain personal data for users who have not deleted their accounts or withdrawn consent, including those who may be inactive, solely for the purpose of maintaining service continuity and re-engagement communications where permitted.
- Certain behavioral data that is no longer necessary for service improvement is programmatically blocked from further processing and excluded from analytics, even if not physically deleted, in accordance with data minimization principles.
- Certain records may be retained for a longer period to comply with specific legal obligations (e.g., e-commerce, tax, consumer protection laws).
3. Types of Personal Data Collected
- Required information: anonymous user ID, email, gender, country/region, age group, preferred routines and goals (collected during onboarding)
- Usage data: login logs, IP address, device identifiers, routine creation and activity logs
- Optional (consent-based): profile image, feedback messages, routine descriptions, alert preferences
4. Data Processors and International Data Transfers
We entrust certain aspects of personal data processing to third-party service providers to operate, improve, and market our services.
All vendors are contractually obligated to comply with applicable data protection laws, and we implement appropriate safeguards to ensure the security of your personal data.
| Category | Processors | Country | Purpose of Use | Data Processed |
|---|---|---|---|---|
| Service Operation and Infrastructure | Google CloudGoogle FirebaseAWS | United States | Service provision and infrastructure management | User identifiers, profile images, etc. |
| App Analytics and Feature Improvement | Google Firebase Amplitude | United States | App usage analysis and feature enhancement | App usage data |
| Advertising and Marketing Performance Measurement | Google AdMob Airbridge AppsFlyer | United States, South Korea, Israel | Personalized ad delivery and marketing effectiveness analysis | Advertising identifiers, platform information, app usage data |
| Push Notifications and User Communication | OneSignal | United States | Push notification delivery and targeted message communication | User identifiers, app usage data |
※ The company may run interest-based marketing campaigns via external advertising platforms such as Meta.
App push notifications or emails are delivered through internal systems and analytics tools at appropriate times for the user.
5. Behavioral Data Collection and Use
- Collected items: routine activity status, usage duration, click behavior, app interaction logs
- Purpose:
- Improve service performance and user experience
- Send operational messages based on user journey (e.g., reminders, onboarding prompts)
- Marketing use (e.g., promotions or paid feature recommendations) only applies if the user has explicitly consented to receive marketing messages
- Method: automatically collected via Firebase, Amplitude, Airbridge etc.
- Opt-out: Users may disable such use in their device or in-app settings, or unsubscribe from emails at any time. Specifically, users can manage their opt-out preferences through the Account Management menu under the Settings tab within the app.
6. Data Subject Rights
Users have the right to access, correct, delete, or restrict the processing of their personal data at any time:
- In-app account settings
- Email request to: routinery.help@gmail.com
- Requests by a legal representative must be accompanied by appropriate documentation
Residents of the European Economic Area (EEA) may also lodge complaints with their respective national supervisory authorities. Examples include:
- Germany: Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) – www.bfdi.bund.de
- France: Commission Nationale de l’Informatique et des Libertés (CNIL) – www.cnil.fr
- Ireland: Data Protection Commission – www.dataprotection.ie
- Netherlands: Autoriteit Persoonsgegevens – www.autoriteitpersoonsgegevens.nl
For California residents, you may also contact the California Attorney General or file complaints via www.oag.ca.gov/privacy/ccpa.
7. Data Deletion and Destruction
We delete personal data when it is no longer necessary for the purposes for which it was collected. This includes cases such as expiration of the retention period, user account deletion, or withdrawal of consent.
Personally identifiable information—such as email addresses and nicknames—is securely and permanently deleted, subject to approval by the Data Protection Officer.
Some behavioral data may be retained in an anonymized or de-identified format for statistical analysis and service improvement. These datasets are no longer linked to any individual and cannot be used to re-identify users.
For personal data deletion requests, please refer to Section 7: Data Subject Rights.
8. Data Security
Retained behavioral data, even in anonymized or de-identified form, is continuously protected under the following security measures.
We implement the following safeguards:
- Role-based access control and employee training
- Encryption of sensitive data during transmission and storage
- Access logs and audit trails
- Intrusion detection and prevention systems
9. Changes to This Policy and User Notification
We may update this Privacy Policy as required by applicable laws or internal policies. In such cases, we will notify users as follows:
- For logged-in users: via in-app notifications, email, or push messages
- For non-logged-in users: via app banners, pop-ups, or public notices on the start screen
Continued use of the service following such notices will be deemed acceptance of the updated policy.
Major changes affecting users' rights will be notified at least 30 days in advance.
10. Integration with Terms of Use
Subscription payments are managed through third-party platforms such as Apple App Store or Google Play. These platforms may automatically renew your subscription based on your initial agreement with them. Users may manage or cancel auto-renewals via their respective account settings on those platforms.
This Privacy Policy is incorporated by reference into our Terms of Use. In the event of any conflict between this Privacy Policy and the Terms of Use, the provision offering greater protection to personal data shall prevail.
11. User Contributions
Users may submit content through features such as routine sharing or task listing (“Contributions”). You retain ownership of your Contributions, but by submitting them, you grant Routinery a worldwide, royalty-free, non-exclusive, transferable license to use, display, reproduce, adapt, and distribute such content for the purposes of service enhancement, community promotion, and marketing.
Routinery will only use Contributions that do not contain personally identifiable information (PII), such as real names, photographs of identifiable individuals, contact details, or identifiers that can reasonably be used to trace or identify a person. Nicknames, illustrations, avatars, or stylized representations (e.g., caricatures) that do not allow for real-world identification may be used without additional consent.
To the extent permitted by applicable law, you waive any moral rights you may have in such Contributions. This waiver does not apply in jurisdictions where such rights cannot be waived.
Nothing in this section limits your rights under applicable data protection laws, including the rights to access, rectify, erase, or object to the use of personal data contained in any Contribution.
12. Contact Information
Privacy Officer: Inseok Seo
Contact: hello@routinery.app / +82-10-7630-1582
Users may also contact local data protection authorities (e.g., KISA, KCC, GDPR supervisory authorities, etc.) for further assistance.
13. Supplemental Provisions by Region
EEA (European Economic Area)
We process your personal data in accordance with the legal bases under Article 6 of the GDPR, including consent, contractual necessity, and legitimate interest. You have the right to access, rectify, erase, and port your data, as well as to object to or restrict processing. You may also lodge a complaint with your local supervisory authority.
California, USA (CCPA/CPRA)
We do not sell or share your personal data in exchange for monetary value. You may opt out of targeted advertising or profiling at any time. You have the right to request access to, deletion of, or disclosure about your personal information collected in the past 12 months.
Japan (APPI)
We comply with the Act on the Protection of Personal Information. We do not use your personal data for new purposes beyond what has been explicitly stated, unless we obtain renewed and clear consent from you. You may request the purpose of use, correction, or suspension of your personal data.
Brazil (LGPD)
We comply with the Lei Geral de Proteção de Dados. You have the right to confirm the existence of processing, access, correct, anonymize, or delete your data. All processing is based on legal grounds such as consent or legitimate interest.
Singapore (PDPA)
We observe the Personal Data Protection Act and collect, use, and disclose your personal data with your knowledge and consent. You may withdraw consent at any time, and we will cease processing except for legal or operational reasons.
South Africa (POPIA)
We adhere to the Protection of Personal Information Act. Personal data is collected only for specific, explicitly defined purposes, and we ensure appropriate safeguards are in place. You have the right to access, correct, or object to the use of your data.
Effective Date: May 1, 2025