EatingSeoul

Privacy Policy

Last updated: April 8, 2026

1. Introduction

EatingSeoul ("we," "us," or "our") operates the website eatingseoul.com. We are committed to protecting your personal information in accordance with the Korean Personal Information Protection Act (PIPA), the Act on Promotion of Information and Communications Network Utilization and Information Protection, and all applicable data-protection regulations.

This policy explains what information we collect, why we collect it, how we use and safeguard it, and your rights regarding your data.

2. Personal Information We Collect

We collect the minimum information necessary to provide our services:

2.1 Account Registration

  • Name / Display name
  • Email address
  • Country
  • Password (email sign-up only; stored as a bcrypt hash via Supabase Auth)
  • Google profile picture URL (Google OAuth sign-up only)

2.2 Booking Requests

When you submit a booking request through our "Book Now" feature, we additionally collect:

  • Preferred date & time of the reservation
  • Party size (number of guests)
  • Phone number or WhatsApp number (optional, for faster confirmation)
  • Questionnaire responses (reason for booking, how you discovered the restaurant, food preferences)

2.3 Automatically Collected Data

  • IP address, browser type, device info, pages visited, referrer URL — collected via Google Analytics 4 for website analytics
  • Cookies — session cookies for authentication; analytics cookies (GA4)

3. Purpose of Collection

  • User account management and authentication
  • Processing and managing restaurant booking requests on your behalf
  • Communicating booking confirmations, cancellations, or changes via email, phone, or WhatsApp
  • Improving our services and website through analytics
  • Preventing misuse (e.g., blocking no-show offenders)

4. Sharing of Personal Information

We do not sell your personal information. We share it only as follows:

  • Restaurants — your name, party size, date, time, and contact info are shared with the restaurant you requested a booking for, solely to arrange your reservation.
  • Service providers — we use Supabase (database & auth), Google Analytics (analytics), and SMTP email services (booking notifications). These providers process data on our behalf under contractual obligations.
  • Legal obligations — we may disclose information if required by law, court order, or regulatory authority.

5. Retention Period

  • Account data — retained until you delete your account or request deletion.
  • Booking request data — retained for 1 year after the booking date for service quality and dispute resolution, then deleted.
  • Analytics data — aggregated and anonymized; individual-level data follows Google Analytics' retention settings (default 14 months).
  • Access logs — server access logs are retained for a minimum of 6 months as required by Korean law (Article 29, PIPA Enforcement Decree).

6. Security Measures

We implement the following safeguards in compliance with Article 29 of the Personal Information Protection Act and its Enforcement Decree:

  • Internal management plan — documented policies and procedures for handling personal information.
  • Access control — database access is restricted through Supabase Row Level Security (RLS) policies. Only authorized personnel (admin role) can access booking or user data.
  • Encryption — all data is transmitted via HTTPS (TLS 1.2+). Passwords are hashed using bcrypt. Sensitive environment variables (API keys, private keys) are stored as encrypted server-side secrets, never exposed to the client.
  • Access log retention — server and application access logs are maintained for a minimum of 6 months.
  • Anti-malware — server infrastructure is monitored and patched regularly.

7. Your Rights

Under Korean PIPA and applicable regulations, you have the right to:

  • Access your personal information we hold.
  • Correct inaccurate or outdated information.
  • Delete your personal information (subject to legal retention requirements).
  • Withdraw consent for data processing at any time.
  • Request suspension of processing your personal data.

To exercise any of these rights, contact us at stan@eatingseoul.com.

8. Cookies

We use essential cookies for authentication (session management) and analytics cookies via Google Analytics 4. You can disable cookies through your browser settings, though this may affect the functionality of the website.

9. International Data Transfers

Our database is hosted on Supabase (cloud infrastructure). Analytics data is processed by Google. These providers may process data outside of Korea but maintain appropriate safeguards (Standard Contractual Clauses or equivalent) as required by Korean data protection law.

10. Children's Privacy

Our service is not intended for children under the age of 14. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us to have it removed.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

Data Controller: EatingSeoul
Email: stan@eatingseoul.com