Privacy Policy

Effective Date: April 15, 2026
Last Updated: April 6, 2026
Service: OsonDauSon (오손도손)
Operator: SMK Labs ("Operator", "we", "us", "our")
Founder: Minkyu Seol
Contact: support@smk-labs.com
Website: https://osds.smk-labs.com

SMK Labs ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the OsonDauSon mobile application and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

When	What	Why
Account creation	Social login identifier (Google/Apple/Kakao/Naver unique ID), email, name or nickname	Account identification and service delivery
Child profile	Child's name (or nickname), date of birth, gender	Personalized parenting information, D-day calculations
Sleep records	Sleep start/end times, notes	AI sleep pattern analysis
Feeding records	Feeding start/end times, type (breast/bottle/solid), amount	AI feeding pattern analysis
Diaper records	Change time, type	Health pattern analysis
Bath records	Bath time, water temperature, notes	Daily record keeping
Vaccination records	Date, vaccine name, clinic, notes	Vaccination schedule management
Photos/images	Child photos, record photos, marketplace product photos	AI story generation, record attachments, product listings
Location data	GPS coordinates (latitude, longitude)	Nearby hospital search, marketplace location display
Audio data	Microphone recording (only during emergency detection)	AI emergency situation analysis
Community posts	Post content, comments, likes	Community features
Suggestions	Feedback content, category, votes	Service improvement
Marketplace	Product information, trade type, price	Secondhand trading, group buying
Payment info	Payment amount, method, status (card numbers are processed directly by our payment processor and are never stored by us)	Group buy payments

1.2 Information Collected Automatically

Usage data: Feature usage, screen navigation, session duration
Device information: Device model, OS type and version, app version
Log data: IP address, access times
Error reports: Crash reports via Sentry (non-identifying device info, error logs)

1.3 How We Collect Information

Social login authentication (Google, Apple, Kakao, Naver OAuth)
Direct user input within the app
Automatic generation during service use
Third-party payment processor (PortOne)

2. How We Use Your Information

We use collected information solely for the following purposes:

2.1 Service Delivery

Sleep, feeding, diaper, bath, and vaccination recording and analysis
AI-powered pattern analysis and personalized insights
Location-based hospital search
AI story generation
Caregiver record sharing (via QR invitation)
Community features (posts, comments)
Marketplace and group buying
Suggestion system ("Build Together")

2.2 AI Services

AI models for sleep/feeding pattern analysis
AI-generated parenting advice
AI story creation from photos
Emergency audio analysis (only upon explicit user request)
AI memory system (learning child characteristics, milestones, health information)

2.3 Service Improvement

De-identified usage statistics analysis
New feature development and existing feature improvement
Error detection and quality improvement (Sentry integration)
Suggestion analysis and feature prioritization

2.4 Account Management

Identity verification and authentication
Account maintenance, fraud prevention
Service-related notifications

2.5 Marketing (only with opt-in consent)

New feature announcements, event notifications
Personalized content recommendations

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

3.1 With Your Consent

Recipient	Data Shared	Purpose	Retention
Co-caregivers (linked to same child)	Child's sleep, feeding, diaper, vaccination records	Shared parenting	Until caregiver link is removed
Community users	Nickname, post/comment content	Community features	Until post/account deletion
Marketplace counterparties	Nickname, general area (not exact address)	Secondhand trading	3 months after transaction

3.2 Service Providers (Data Processing)

Provider	Purpose	Data Shared
Third-party AI model providers	AI analysis, story generation	Record data (de-identified before transmission)
PortOne	Payment processing	Payment amount, order information
Amazon Web Services (AWS)	Image storage (S3)	Uploaded image files
Sentry	Error monitoring	Error logs, device information
SMTP provider	Email delivery	Email address, message content

3.3 Legal Requirements

Court orders or legal process
Law enforcement requests as required by applicable law
To protect the rights, property, or safety of users or others

4. Data Retention and Deletion

Data Type	Retention Period
Account information	Until account deletion
Child records	Until account deletion or child profile removal
Community posts	Until post deletion or account deletion
Marketplace transactions	3 months after completion
Payment records	5 years (as required by applicable law)
Access logs	3 months
Suggestions/votes	Until account deletion
AI memory data	Until account deletion or memory deletion request

Deletion Process: Upon account deletion request, all personal data is permanently deleted within 5 business days, except where retention is required by law.

5. Your Rights

You have the following rights regarding your personal information:

Access: View your collected personal data
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data
Restriction: Request restriction of data processing
Portability: Export your data in machine-readable format (JSON)
Withdrawal: Withdraw consent for data collection and use
Account deletion: Delete your account and all associated data through Settings

How to Exercise Your Rights

In-app: Settings > Privacy Management
Account deletion: Settings > Delete Account
Data export: Settings > Export My Data
Email: support@smk-labs.com (processed within 10 business days after identity verification)

6. Children's Privacy

6.1 Nature of the Service

OsonDauSon is a parenting support app used by parents and caregivers. Children do not directly use the service. All child-related data is entered by parents/caregivers.

6.2 Protection Measures

Child data is used solely for parenting records and analysis
Child photos sent to AI services for story generation are deleted from AI servers immediately after processing
Child information is accessible only to linked caregivers
Parents/caregivers can delete all child data at any time

6.3 COPPA Compliance (United States)

Data related to children under 13 is collected with verifiable parental consent (parents directly use the service)
Parents can review, delete, or refuse further collection of their child's data at any time

6.4 GDPR — Children (European Economic Area)

For children under 16 in the EEA, data processing requires parental consent
As parents are the direct users, this requirement is inherently satisfied

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption: Sensitive data is encrypted at rest; all data is transmitted via HTTPS (TLS 1.2+)
Access Control: Personal data access is restricted to minimum necessary personnel
Security Headers: Helmet.js security HTTP headers
Rate Limiting: API request rate limiting to prevent abuse (300 requests/15 min general; 20 requests/15 min for auth)
Cloud Security: Servers hosted on AWS with enterprise-grade physical security

8. AI Services — Special Provisions

Data sent to AI services is used solely for analysis purposes and is not used to train AI models
AI analysis is processed through third-party AI model provider APIs, subject to each provider's API data use policy
Directly identifying information (names, contact details) is removed before data is sent to AI services
Voice data (emergency detection) is deleted immediately after AI analysis and is never stored on our servers
All AI responses include a disclaimer that AI-generated content is not professional advice

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence:

Recipient	Country	Purpose	Safeguards
Third-party AI model providers	United States, etc.	AI analysis · response generation	Each provider's Data Processing Terms
AWS	South Korea (ap-northeast-2)	Cloud storage	AWS Data Processing Addendum
Sentry	United States	Error monitoring	Sentry Privacy Policy

For EEA users: International transfers are conducted under Standard Contractual Clauses (SCCs) or other appropriate safeguards as required by GDPR.

10. Additional Rights for EEA Users (GDPR)

If you are located in the European Economic Area, the following additional provisions apply:

Legal Basis for Processing

Consent (Art. 6(1)(a)): Explicit consent for data collection and use
Contract Performance (Art. 6(1)(b)): Processing necessary for service delivery
Legitimate Interests (Art. 6(1)(f)): Service security, fraud prevention, service improvement

Additional Rights

Right to Object: Object to processing based on legitimate interests
Right to Lodge a Complaint: File a complaint with your local Data Protection Authority
Rights Related to Automated Decision-Making: Request human intervention regarding AI analysis results

EU Representative

Email: support@smk-labs.com
EU Representative: [To be designated]

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 7 days before they take effect (30 days for significant changes) through in-app notifications and push notifications.

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related inquiries, complaints, or data subject requests:

Email: support@smk-labs.com
Response time: Within 10 business days

Supplementary Provision
This Privacy Policy is effective as of April 15, 2026.