세이프클릭
Privacy Policy
최종 수정일: June 14, 2026
1. Information We Collect
1.1 Required Information
| Category | Data Collected | Purpose |
|---|---|---|
| Account | Supabase anonymous UUID or Google Sign-In (IdToken) | User identification for the service. Google Sign-In is used when crediting, referrals, or package purchases. Name and email are only received if you choose to sign in with Google; they are not stored beyond credit attribution. |
| Link check | Raw URL being checked, SHA-256 hash of sender info, sourceApp (messenger type), userLocale, (if dangerous) first 50 chars of message body | Google Web Risk lookup and short-URL destination resolution. SAFE links are not stored on the server. Only advisory/dangerous links are kept in history. |
| Message summary | Message body up to 1,500 chars, messenger type, locale (raw sender name/number NOT included) | Summary generation via Cloudflare AI Gateway → Google Gemini 2.5 Flash. Deleted immediately after analysis — not retained. |
| Catch (billing reconciliation) | Idempotency key yearMonth ("YYYY-MM") only | Preventing duplicate monthly package charges. Room names, raw message content, and sender info are NOT transmitted. |
| FCM token | App server registration | Sending in-app announcements, recovery (NLS reconnect), and update notifications. |
No contacts access: SafeClick does not access your device contacts (READ_CONTACTS). Sender classification is performed solely by SHA-256-hashing the sender info displayed in the notification.
1.2 Data Stored on Device Only (Not Transmitted to Server)
| Item | Retention | Details |
|---|---|---|
| Catch captured message content | 14 days | Full text of messages captured by your keyword/sender rules. Full text is kept only while Premium is active; during free tier, only the first 50 chars are stored. Never transmitted to the server. |
| seen_rooms (room name + messenger) | 30 days | Names of group chats that have sent notifications and their messenger type. Used for auto-populating the rule editor. Never transmitted to the server. |
| Link check history | 90 days | For in-app history display. (SAFE links not stored; advisory/dangerous only.) |
1.3 Optional Information
No optional information is currently collected.
2. How We Use Your Information
- Link safety check: URLs are looked up via the Google Web Risk API to detect phishing and malicious sites
- Message summary: Long message bodies requested by the user are summarised by AI (credits deducted; deleted immediately after analysis)
- Catch alerts: Messages matching your keyword/sender rules are captured and an audible alert is sent (captured content stored locally on your device)
- Service operation and improvement: Anonymised statistical analysis (no individual identification)
3. Data Retention
| Data | Retention | Deletion |
|---|---|---|
| Server-side link check history (advisory/dangerous) | 90 days | Automatic expiry deletion |
| Message summary body | Immediate deletion | Not retained on server or KV after analysis |
| FCM token | Account lifetime | Deleted immediately on account deletion |
| Catch captured content (device local) | 14 days | Automatic expiry on device |
| seen_rooms (device local) | 30 days | Automatic expiry on device |
| Anonymous account (inactive) | 30 days | Auto-deleted 30 days after last activity |
4. Third-party Processors
We do not sell or share your personal data for advertising purposes.
| Processor | Task | Data shared |
|---|---|---|
| Google LLC (Web Risk) | URL threat lookup | Raw URL (processed per Google policy immediately after lookup) |
| Google LLC (Gemini via Cloudflare AI Gateway) | Message summary generation | Message body up to 1,500 chars (raw sender not included; deleted immediately after analysis) |
| Cloudflare, Inc. | API processing and AI gateway | Request data (transient relay only) |
| Supabase, Inc. | Authentication and data storage | Anonymous UUID or Google IdToken, credit and package records |
| Google LLC (Firebase Cloud Messaging) | Push notifications | FCM token |
5. Your Rights
You may exercise the following rights at any time:
- Access: View the information we hold about you
- Correction: Fix inaccurate information
- Deletion: Delete your account and all associated data
- Restriction: Stop specific processing activities
Contact us at the address below and we will respond without undue delay.
6. Account & Data Deletion
6.1 Automatic Deletion
- Anonymous accounts: Automatically deleted after 30 days of inactivity.
- Server link check history: Auto-expired after 90 days.
- Device-local Catch content: Auto-deleted after 14 days.
- Device-local seen_rooms: Auto-deleted after 30 days.
- FCM tokens: Deleted immediately on account deletion or app removal.
6.2 Manual Deletion Request (Immediate)
You may request immediate deletion of your account and all associated data through either of the following:
- In-app deletion: App Settings → Account → Delete Account
- Email request: Send "Account Deletion Request" to support@getsafeclick.com
6.3 Data Deleted and Processing Time
Within 48 hours of receiving your request we delete:
- Anonymous UUID or Google account link
- All server-stored link check history
- Credit and package records
- FCM token
Message summary bodies are deleted immediately after analysis and are not retained on the server. Catch captured content and room names are stored only on your device and are never transmitted to the server.
7. AI Processing for Message Summary
SafeClick uses AI only when the user explicitly requests a summary of a long message. This feature activates only when you tap the summary button — it does not automatically analyse or judge messages.
7.1 External Processing Services
- Cloudflare AI Gateway (https://developers.cloudflare.com/ai-gateway/)
- Google Gemini 2.5 Flash (https://ai.google.dev/)
7.2 Data Handling
| Stage | Processing location | Retention |
|---|---|---|
| Summary request | In-app button tap | No processing before transmission |
| AI summary call | Cloudflare AI Gateway → Google Gemini 2.5 Flash | Message body up to 1,500 chars sent (raw sender name/number NOT included). Deleted immediately after analysis — not retained. |
| Summary result | User device | Displayed in-app; not stored on server |
Important: SafeClick does not retain message summary bodies on the server. They are deleted immediately after analysis, and the summary result is viewable on your device only.
8. Security Measures
- Encryption in transit: All server communication is encrypted with TLS 1.2 or higher.
- Hashing: Sender information is processed as SHA-256 hashes only; raw values are never transmitted to the server.
- Access control: Supabase Row Level Security (RLS) ensures you can only access your own data.
- Data minimisation: We collect only the minimum information required to provide the service.
- Device-local storage: Sensitive content such as Catch captured messages and room names is stored only on your device and never transmitted to the server.
9. Revision History
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2026-04-21 | Initial release |
| 1.1 | 2026-04-21 | Detection data sources section added |
| 1.2 | 2026-04-22 | Solo mode anonymous account guidance added |
| 1.3 | 2026-04-23 | Operator business information added |
| 1.4 | 2026-04-30 | Section 6 (Account & Data Deletion) added — 30-day inactivity auto-delete and manual request procedures |
| 1.5 | 2026-05-04 | Section 8 added — International Scam Call/SMS Alert privacy provisions |
| 1.6 | 2026-05-04 | Section 8.3 added — Guardian escalation relay: no server storage principle |
| 1.7 | 2026-05-17 | Section 7 added — AI Analysis (v1.8.0+): external processors, 14-day auto-delete, three user rights |
| 1.8 | 2026-06-14 | v2 simplification — pairing/guardian/AI verdict/international-prefix features removed; Message Summary, Catch, and Premium Package reflected |
If this policy is revised, we will notify you at least 7 days in advance via in-app notification or email.
10. Operator Information
| 항목 | 내용 |
|---|---|
| 상호 | 이호트레이더스 |
| 사업자등록번호 | 525-38-00249 |
| 대표자 | 윤준호 |
| 사업장 소재지 | 서울특별시 구로구 고척로33라길 14-20, 102호 |
| 개인정보 처리 담당자 이메일 | krisakma@gmail.com |
| 고객센터(CS) | 010-3236-6754 |
| 카카오톡 문의 | ehotraders |