Privacy Policy

Effective: 2026-05-28

1. Data controller

카라멜 랩 (Cuevent) — CEO 이찬서. Address: 경기도 부천시 원미구 중동로254번길 78, 6층 c75호 (중동, 필타운). Contact: caramellabkorea@gmail.com.

2. What we collect

  • Account: email, password (hashed), display name, profile photo (optional).
  • Event content: plans, copy, images, attendee forms, and submissions you create.
  • Attendee data (if you're a host): applicant name, email, phone, custom form fields. You control retention.
  • Usage: pages visited, features used, IP, browser user-agent, timestamps.
  • Payment: processed by Polar — we receive subscription status and invoice metadata, but never your card details.
  • AI prompts: the text you send to AI is processed by our LLM providers (Google Gemini and others); we don't store raw prompts beyond what's saved in your event plan.

3. How we use it

  • Provide and improve the Service.
  • Send transactional emails (signup verification, password reset, applicant approvals, reminders).
  • Marketing emails (opt-in only; unsubscribe anytime).
  • Detect abuse and enforce our Terms.
  • Legal compliance (tax records, anti-fraud, etc.).

4. Third-party processors

We share data with the following processors to provide the Service:
  • Supabase — database & authentication (servers in AWS regions).
  • Polar — payment processing as Merchant of Record.
  • Resend — transactional email delivery.
  • Google (Gemini) — AI inference for plan generation. NVIDIA may be used as a fallback.
  • Vercel — application hosting & CDN.
  • Kakao Maps — venue geocoding & map previews.
Each processor has its own privacy policy and security certifications.

5. International transfers

Your data may be transferred to and processed in countries outside your own, including the United States and other regions where our processors operate. We rely on Standard Contractual Clauses (SCCs) and similar mechanisms where applicable.

6. Your rights (GDPR, CCPA, PIPA)

You may request:
  • Access to your personal data
  • Correction of inaccurate data
  • Deletion ("right to be forgotten")
  • Export of your data (portability)
  • Withdrawal of consent (e.g. marketing emails)
  • Lodging a complaint with your local supervisory authority
Email caramellabkorea@gmail.com to exercise these rights. We respond within 30 days.

7. Cookies & tracking

We use essential cookies for authentication (Supabase session) and anonymous analytics. We do not use third-party advertising trackers. You can control cookies via your browser settings.

8. Data retention

  • Account data: kept while your account is active; deleted within 30 days of account closure.
  • Event content & attendee submissions: retained as long as you keep the event published. Soft-deleted events are restorable for 30 days, then permanently deleted.
  • Marketing consent records: retained for 3 years after consent withdrawal, for dispute evidence (per Korean PIPA §39).
  • Tax & billing records: retained for 5 years per Korean Commercial Code.

9. Security

We use industry-standard practices: encrypted transport (HTTPS), row- level security on the database, hashed passwords, least-privilege access for staff, and audit logging. No security can be 100% guaranteed — please use a strong, unique password.

10. Children

Cuevent is not intended for children under 14. If we discover an account belongs to a child under 14, we delete it.

11. Changes

We may update this policy. Material changes will be notified via email or in-app at least 30 days in advance. The "Effective" date at the top indicates the last revision.

12. Contact

For privacy questions or to exercise your rights: caramellabkorea@gmail.com

The Korean version is legally binding for users in Korea. View Korean policy →