Privacy Policy

1. Scope

• This Policy applies to the saving, organizing, sharing, media/file storage, offline saving, reader, sign-in, synchronization, subscription, advertising, and data deletion features provided within the Swoopbox mobile app.
• Original websites connected through the app, the App Store, Google Play, Google, Apple, Meta, AdMob, and other external services may process personal information separately under their own policies.

2. Personal Information and Service Data We Process

Information that users save in the app or enter directly

• Link and saved-item information: URL, normalized URL, title, domain, box affiliation, favorite status, pin status, creation time, open count, last opened time, content type (link/photo/file), MIME type, original filename, and thumbnail-related metadata.
• Box and organization information: box names, creation times, sort order, recent search terms, domain filters, favorite filters, and UI preference settings.
• Memo and stored-file information: link memos, offline save type (such as WebArchive, full-page capture, and legacy PDF/Markdown remnants), local paths or cloud-sync asset paths for photos/files, save time, file size, file path, thumbnail, and save error status.
• Usage status information: whether local notifications are enabled, scheduled unread reminder history, recent save/open activity logs, and offline reader entitlement status (such as monthly free opens used and additional opens earned through rewarded ads).

Additional information processed when sign-in, synchronization, or payment linkage is used

• Account information: Firebase UID, email address, display name, profile image URL, and sign-in provider information (Google or Apple).
• Cloud synchronization data: boxes, links, photo/file items, link memos, offline save metadata, offline save files, uploaded asset files, pinned links, recent search terms, and certain UI preferences.
• Subscription and storage management information: plan tier, storage quota, storage usage, store provider (App Store or Google Play), product ID, subscription status, and current billing period end time.
• Purchase validation information: transaction identifiers, purchase tokens, restoration status, and other data needed for server-side validation.

Information that may be processed through device, advertising, and third-party integrations

• Device and app information: operating system, app version, advertising tracking permission status, notification permission status, time zone, network condition, and other technical information required for feature operation.
• Advertising-related information: advertising identifiers, device information, ad requests, impressions, interaction data, and approximate location information handled under provider policies.
• Original site request information: when metadata is fetched or thumbnails are downloaded while saving a link, or when a user opens a link or performs offline saving, standard web request information such as IP address, User-Agent, and request URL may be sent to the original site or related oEmbed or social-preview endpoints.
• Social-preview enrichment information: when a signed-in user enriches the title, author name, or thumbnail of a supported social link, the link URL and request information may be sent through Firebase Functions to provider APIs such as Meta.
• Remote offline saving information: if a signed-in user uses an offline saving feature that requires remote rendering or remote capture, the URL, title, save identifier, and box information may be processed through Firebase Functions and related storage services.
• Sharing information: if a user executes individual link/photo/file sharing or box bundle sharing, titles, URLs, files, and grouped share text may be sent to the operating system share sheet and any external app selected by the user.

3. How Information Is Collected and Processed

• Through direct user input, link/photo/file saving, memo writing, and box creation or editing.
• Through iOS/Android system share menus, app links, and deep links for links, photos, and files.
• When Google or Apple sign-in and cloud synchronization are used.
• When offline saving, reader access, save restoration, or data deletion features are performed.
• When subscriptions are purchased, restored, validated, or cancelled through the App Store or Google Play.
• When the advertising SDK is initialized, banner ads are shown, or rewarded ads are watched.
• When local notification permission is granted, notification switches are changed, or unread reminders are scheduled.

4. Purposes of Processing

• To provide core features such as link/photo/file saving, box organization, search, recommendations, memos, and sharing.
• To create WebArchive and full-page captures, restore saved files, and provide reader views.
• To support Google or Apple sign-in, cloud backup/synchronization, storage usage display, and photo/file asset restoration.
• To reflect subscription status, validate in-app purchases, apply ad removal, and manage storage tiers and usage.
• To enrich link metadata, thumbnails, and social-preview information.
• To provide banner ads and grant offline reader entitlements based on rewarded ads.
• To provide local notifications such as unread reminders.
• To respond to errors, maintain service stability, prevent abuse, and handle customer inquiries.

5. Retention and Deletion

• Local data remains stored on the user’s device until the user deletes individual links, boxes, memos, offline saves, or all app data.
• Cloud synchronization data, uploaded photo/file assets, and offline save files may remain in Firebase-based storage while the account is maintained and may be deleted through all-data deletion or account deletion procedures in the app.
• Subscription validation records, security logs, remote processing outputs, and customer support records may be retained separately for a reasonable period if required for settlement, security, dispute response, or delayed system reflection.
• Whether local data is removed when the app is deleted depends on the operating system policy. Device backups or shared content already transferred to external apps are subject to the policies of those providers.

6. Third-Party Provision, Outsourcing, and External Services

The Service uses the providers and infrastructure listed below. Depending on the feature selected by the user, relevant information may be transmitted to those services or processed on that infrastructure. We do not sell user information.

• Google Firebase Authentication, Firestore, Storage, Functions: sign-in, synchronization, link/photo/file asset storage, remote offline saving, account deletion, purchase validation, and storage-usage synchronization.
• Google Sign-In / Sign in with Apple: social sign-in services.
• App Store / Google Play: subscription purchase, restoration, billing status confirmation, refunds, and cancellation processing.
• Meta Platforms / Instagram oEmbed: retrieval of titles, author names, thumbnails, and related metadata for supported social links.
• Google Mobile Ads (AdMob): banner ads, rewarded ads, advertising performance measurement, and abuse prevention.
• Operating system share sheets and external apps selected by the user: delivery of information the user chooses to share directly.

7. Cross-Border Processing

External services such as Google Firebase, Google Sign-In, Meta, AdMob, Apple sign-in, the App Store, and Google Play use global infrastructure, so personal information or service data may be processed outside the Republic of Korea. The specific destination countries, retention periods, and safeguards depend on each provider’s policy and infrastructure operations.

8. User Rights and How to Exercise Them

• Users can directly modify or delete links, boxes, memos, offline saves, notification settings, and some filters and organization settings within the app.
• Users may choose Local Mode or sign out to disconnect their account, and may proceed with all-data deletion or account deletion through the data/account management menu.
• Users can manage notification permissions, ad tracking preferences, and store subscription status through their device settings.
• Requests regarding cloud data deletion, account deletion, or other personal information processing matters may be made through the contact channel below.

9. Security Measures

• Local data uses encrypted Hive storage, and encryption keys are kept in the platform’s secure storage.
• Cloud data is separated by authenticated account, and server requests are validated through authentication tokens.
• Network communications use generally accepted secure transport methods, and the Service is designed to request only the minimum permissions needed to perform each function.

10. Location Information and Advertising Tracking

• The Service does not collect precise location data such as GPS information.
• Advertising SDKs may use approximate location at the country or city level, and the details depend on the relevant provider’s policy.
• On iOS, advertising tracking permission may be requested under operating system policy. If permission is not granted, non-personalized ads may be shown.

11. Children’s Personal Information

The Service is not designed exclusively for a specific age group. However, where laws relating to children or minors apply, we will endeavor to support requests by legal guardians and appropriate protective measures.

12. Changes to This Policy

This Privacy Policy may be amended if Service features, third-party integrations, applicable laws, or store policies change. If there is a material change, we may provide notice through the app, website, or other appropriate notice channels.

13. Contact

• Contact person: Minjae Lee
• Email: millenniumrhino@gmail.com
• Business Registration Number: 758-19-02579
• Business Name: Millennium Rhino