Privacy Statement

Learn how we collect, use, and protect your information.

Effective Date: June 9, 2025

1. Overview

Your privacy matters to us. This Privacy Statement explains how DiffBMP ("we", "our", "us") collects, processes, and safeguards personal information when you use the Service.

2. Information We Collect

Account Information: Age and gender added by user, and name and email address received via Google OAuth 2.0.
Usage Data: browser user‑agent, timestamps, API requests, and interaction logs.
Content: Uploaded image/graphic assets (e.g., .png, .jpg, .jpeg, .webp, .svg and related metadata), and generated outputs derived from those assets.
Cookies & Tracking: Session cookies and optional analytics cookies (Google Analytics 4; disabled for EU IPs by default).

3. How We Use Information

Operate and maintain the Service, including bitmap-primitive rendering pipelines and related caching.
Authenticate users and secure the Service.
Provide support, respond to inquiries, and send critical Service updates.
Analyze aggregated usage to improve algorithms and user experience.
Comply with legal obligations and prevent abuse.

4. Legal Bases

Processing relies on legitimate interest (Service operation), contract performance (providing requested features), and consent (non‑essential cookies).

5. Data Sharing & Processors

We share data only with trusted processors under data‑processing agreements:

Microsoft Azure – hosting & storage
Google OAuth – authentication
Sentry – error monitoring (pseudonymised IPs)

6. International Transfers

Where data is transferred outside South Korea or your country of residence, we rely on Standard Contractual Clauses or equivalent safeguards.

7. Security Measures

We employ encryption logic, role‑based access controls, automatic security patching, and annual penetration testing.

8. Data Retention

We retain account data while your account is active and for up to 90 days after deletion to preserve backups and comply with audit requirements. Generated art files remain public if you have published them.

9. Your Rights

Subject to local law, you may request access to, correction of, deletion of, or restriction on processing of your personal data, and object to certain processing. Submit requests to jonghean12@snu.ac.kr.

10. Changes & Contact

We may update this Privacy Statement from time to time. We will post changes on this page and update the “Effective Date”. For questions, contact jonghean12@snu.ac.kr.

This statement is provided for general information and does not constitute legal advice.