Privacy Policy
Effective Date: January 1, 2026
1Fate (the "Company") values user privacy and complies with applicable privacy laws including GDPR and CCPA. This Privacy Policy explains how we collect, use, and protect your personal information.
1. Information We Collect
A. Types of Information
1) Account Registration
- Required: Email address, password
- Optional: Name, profile photo
2) Service Usage (Report Generation)
- Required: Date of birth, birthplace, gender, name
- Optional: Birth time (recommended for accurate analysis)
- Purpose: Generating personalized insight reports
3) Payment
- Required: Payment information (card details processed directly by payment processor)
- Company retains: Buyer name, payment amount, date, order number
4) Automatically Collected Information
- IP address, cookies, service usage logs, visit timestamps, device information
B. Collection Methods
- Website registration and service usage
- Payment process
- Customer support inquiries
- Automatic collection tools
2. How We Use Your Information
A. Service Provision
- Generating and providing personalized insight reports
- Managing access to purchased content
- Providing AI conversational insight services
B. Account Management
- Identity verification for membership services
- Personal identification, registration confirmation, age verification
- Preventing fraudulent use and unauthorized access
- Preventing duplicate registrations
C. Payment and Refund Processing
- Processing payments for paid services
- Identity verification and processing for refund requests
- Managing purchase and payment history
D. Marketing (Optional, with consent only)
- New service development and personalized services
- Event and promotional information
3. Data Retention
We retain personal information only as long as necessary to fulfill the purposes for which it was collected. The following information is retained for the periods specified:
A. Internal Policy
- Fraudulent use records: 1 year (fraud prevention)
B. Legal Requirements
1) Consumer Protection Laws
- Contract and withdrawal records: 5 years
- Payment and delivery records: 5 years
- Consumer complaint records: 3 years
2) Communications Privacy Laws
- Service usage logs: 3 months
C. Account Deletion
- Personal information is deleted immediately upon account deletion, except where retention is required by law.
4. Third-Party Sharing
We do not share your personal information with third parties except in the following cases:
A. Payment Processing
- Recipient: Payment processors (Toss Payments, Stripe)
- Purpose: Payment processing and identity verification
- Information shared: Buyer information, payment amount, order number
- Retention: 5 years after transaction (as required by law)
B. Legal Requirements
- When required by law or to comply with legal obligations
5. Data Processing Partners
We work with the following service providers to deliver our services:
1) Payment Processing
- Provider: Toss Payments, Stripe
- Purpose: Payment processing and identity verification
- Information shared: Buyer information, payment amount, order number
2) Cloud Services
- Provider: Vercel, Fly.io
- Purpose: Service infrastructure operation
- Information shared: Data necessary for service operation
3) AI Interpretation Generation (De-identified)
- Provider: OpenRouter and connected LLM providers (Anthropic, OpenAI, etc.)
- Purpose: Natural language interpretation based on de-identified analysis data
- Information shared: De-identified information only (Heavenly Stems, Earthly Branches, etc.)
- Retention: Deleted immediately after processing (not used for AI training)
De-identification Process
- User input (name, birthdate, birthplace) → Converted to de-identified analysis data by Ho Engine (domestic server)
- Only de-identified analysis data is sent to AI (personally non-identifiable)
- Example: Only transmitted as "Day pillar Gap-In, Month pillar Gi-Chuk"
- Personal information (name, birthdate, etc.) is never sent to AI
6. Your Rights
You have the following rights regarding your personal information:
1. Right to access your personal information
2. Right to rectification of inaccurate information
3. Right to deletion (right to be forgotten)
4. Right to restrict processing
5. Right to data portability
To exercise these rights, please contact us at privacy@whynot.so. We will respond to your request within 30 days.
7. Data Destruction
A. Destruction Procedure
- Information is destroyed after the purpose is achieved, following internal policies and legal retention requirements.
B. Destruction Methods
- Electronic files: Permanently deleted using irrecoverable methods
- Paper documents: Shredded or incinerated
8. Security Measures
A. Technical Measures
1. Personal information is encrypted during storage and management.
2. Firewalls are installed to prevent unauthorized external access.
3. SSL encryption is used to securely transmit personal information.
B. Administrative Measures
1. Access to personal information is limited to the minimum necessary personnel.
2. Employees handling personal information receive regular training.
3. Access logs to personal information systems are maintained.
9. Cookies
We use cookies to store and retrieve user information.
A. Purpose of Cookies
- Maintaining login sessions
- Analyzing service usage patterns
- Providing personalized services
B. How to Reject Cookies
You can reject cookies through your browser settings. However, some services requiring login may not function properly without cookies.
10. Data Protection Officer
We have designated a Data Protection Officer to handle privacy-related inquiries and complaints:
Data Protection Officer
- Name: Hongno Yun
- Email: privacy@whynot.so
11. Policy Changes
This Privacy Policy is effective from the date stated above. We will notify you of any material changes at least 7 days before they take effect through our website.
Supplementary Provisions
This Privacy Policy is effective from January 1, 2026.
For privacy-related inquiries, please contact us at privacy@whynot.so.