Privacy Policy

1. Controller and scope

This Privacy Policy explains how MachoSuit (BlueCode) processes personal information in connection with the multilingual public app information pages, the MachoSuit app, app APIs, notices, FAQ, support, AI fitting and related service operation.

The multilingual public pages can be viewed without login. App functions may require account authentication, social login, device identifiers, customer/photo uploads, payment verification and service logs.

This Policy applies together with any separate in-app consent screen, app-store notice, payment notice, customer photo upload notice or service-specific notice displayed at the time of use.

2. Principles of processing

The operator processes personal information only for specified service purposes, security, legal compliance, support, payment verification, AI fitting generation and operational management.

The operator aims to collect the minimum information necessary for the relevant function, retain it only for the required period, and delete or anonymize it when no longer needed unless retention is required by law or legitimate dispute/security needs.

Users should not upload third-party personal information unless they have proper authority and consent from the relevant person.

3. Information processed by use context

Public pages: IP address, browser/device information, access time, requested URL, language subdomain, referrer, error/security logs and similar technical information may be processed for security, operation, traffic analysis and abuse prevention.

App login/account: social login provider, provider user ID, token verification result, account identifier, name/nickname, email, phone number if provided, app token, device ID, app version, platform, login time and authentication logs may be processed.

Customer/fitting functions: customer name/code, contact details, gender, measurements, photos, body/garment images, fabric selections, style options, fitting orders, memo, render images, AI request data, AI result images, job status and service history may be processed.

Payment/wallet: app-store product ID, purchase token, order ID, payment verification result, wallet balance, transaction amount, transaction type, refund/restoration records and billing-related logs may be processed.

Support: inquiry category, title, content, reply, attachments if any, email/contact information, status, processing history and support logs may be processed.

4. Purposes of processing

Personal information may be processed to provide app information, operate public notices and FAQ, authenticate app users, manage customer/fitting records, generate suit preview and AI fitting results, process app-store payment verification, manage wallet records and provide support.

Information may also be processed to prevent fraud, duplicate charging, unauthorized access, payment abuse, system abuse, illegal uploads, security incidents and service misuse.

Information may be used for service improvement, troubleshooting, error analysis, backup, audit, legal compliance, dispute handling and communication related to important service changes.

5. Photos, body images and AI processing

Customer photos, body images, garment images, suit render images, prompts and fitting options may be processed to create AI fitting outputs requested by the user.

Photos may contain faces, body shapes, clothing, surroundings or other personal elements. The service does not intentionally use photos to identify a person, perform biometric authentication, diagnose body condition or make legal/medical decisions.

AI fitting results are generated for visual consultation reference only. Source images and outputs may be stored for result display, retry, support, troubleshooting, abuse prevention and operational records according to the retention policy.

6. Legal/operational basis and consent

Processing may be based on service contract performance, user request, consent, legitimate operational/security needs, legal obligations, dispute handling or app-store/payment verification requirements depending on the context.

Where consent is required by applicable law, the operator or the user operating a shop must obtain appropriate consent before uploading or processing the relevant data.

A shop user who uploads customer data is responsible for providing customer-facing notices and obtaining consent necessary for that shop’s own business operation.

7. Retention periods

Account and authentication records are retained while the account or app token is active and for a reasonable period afterward for security, dispute handling and legal compliance.

Customer, fitting, photo, render and AI result records are retained while needed for service use, result display, retry, support, dispute handling and operational records, then deleted or archived according to service policy.

Payment, wallet and transaction records may be retained for the period required by tax, accounting, electronic commerce, app-store, payment-provider and dispute-handling obligations.

Access logs, security logs and error logs may be retained for security, abuse prevention, service stabilization and legal compliance. Backup copies may remain for a limited backup cycle before deletion.

8. Deletion procedure and method

When the retention purpose is achieved or the retention period expires, the operator deletes or separates the relevant information unless continued retention is required by law, payment/accounting obligations, security, dispute handling or backup procedures.

Electronic files are deleted using technical methods that make ordinary restoration difficult. Printed records, if any, are shredded or destroyed by a secure method.

Because AI fitting involves image files and generated outputs, deletion may include database records, source images, render files, output images, temporary processing files and related logs where applicable.

9. Third-party provision

The operator does not sell personal information to advertisers or unrelated third parties.

Personal information may be provided to a third party only where the user has consented, where provision is necessary for payment/app-store verification, where required by law, where necessary to protect rights/security, or where another lawful basis exists.

If a separate third-party provision occurs beyond ordinary service processors, the operator will provide the required details such as recipient, purpose, items provided and retention period where required by law.

10. Processing by service providers

The operator may use service providers for hosting, database operation, storage, content delivery, security, email/support, social login, app-store payment verification, analytics, AI image generation, error monitoring and maintenance.

Service providers process information only as necessary to operate the relevant function and may be subject to their own security and privacy obligations.

The operator manages service providers through contracts, technical restrictions, access control and operational review where appropriate.

11. Overseas transfer and external AI/API infrastructure

Some app-store providers, social login providers, hosting/security tools, payment verification systems or AI API providers may process or store information outside the Republic of Korea depending on their infrastructure.

For AI fitting, images or derived request data may be transmitted to an external AI/API provider only as needed to generate, retry, moderate, secure or troubleshoot the requested result.

Where applicable law requires separate notice or consent for overseas transfer, the operator will provide additional information through the app, policy page or consent flow.

12. Children under 14

The service is not directed to children under 14. Users should not create accounts for children under 14 or upload photos/personal information of children under 14 unless a lawful basis and legally required guardian consent have been obtained.

If the operator becomes aware that information of a child under 14 has been processed without required consent, the operator may restrict use, request verification, delete the information or take other appropriate measures.

Shop users are responsible for following the child/guardian consent rules applicable to their own customer consultation and photo collection.

13. Sensitive information and biometric information

The operator does not request sensitive information such as health diagnosis, religion, political opinion, criminal record or unique identification numbers through the public multilingual pages.

Photos may visually reveal face, body shape, clothing, posture or surrounding information. The service uses such images for user-requested fitting generation and consultation reference, not for biometric identification or authentication.

Users must not upload sensitive information unless it is strictly necessary, lawful, and properly consented to. The operator may delete or restrict content that appears to create excessive privacy risk.

14. Cookies, logs and automatic collection

Public pages and app-related web pages may use cookies, sessions or similar technologies for language routing, security, login/session handling, service stabilization and basic traffic/error analysis.

Users may restrict cookies through browser settings, but some functions such as session-based pages, app WebView flows or security checks may not work properly if cookies are disabled.

The service does not use the multilingual public pages to provide behaviorally targeted advertising based on cross-site tracking unless separately disclosed.

15. Security measures

The operator applies reasonable technical and organizational measures such as HTTPS, authentication tokens, server access control, upload validation, file type checks, database access restrictions, logging, backup, abuse monitoring and operational separation where appropriate.

Access to personal information is limited to personnel or systems that need it for service operation, support, security, payment verification, AI processing, maintenance or legal compliance.

No internet-based service can be guaranteed completely secure. Users should protect their devices, app accounts, social login accounts and customer consent records.

16. User rights and requests

Where applicable, users may request access, correction, deletion, suspension of processing, withdrawal of consent, account deletion or explanation of processing related to their personal information.

Requests may be submitted to the contact email listed in this Policy. The operator may request verification to prevent unauthorized disclosure or deletion.

Some requests may be limited where retention is required by law, payment/accounting obligations, dispute handling, security investigation, backup cycle or protection of another person’s rights.

17. Account deletion and data separation

If the app supports account creation, users may request account deletion through the app, designated web page or support channel provided by the operator.

Account deletion may remove or deactivate account credentials and service access. However, payment records, transaction records, dispute records, security logs and legally required records may be retained separately for the required period.

Where a shop account contains third-party customer records, the operator may need to verify authority and preserve required business records before deleting or exporting data.

18. Data breach and incident response

If a personal information incident occurs, the operator will take measures to investigate, contain, recover, prevent recurrence and notify affected users or authorities where required by applicable law.

Users should immediately contact the operator if they suspect unauthorized access, leaked tokens, payment abuse, wrong image exposure or any security issue involving the service.

The operator may temporarily suspend affected functions or restrict suspicious accounts to protect users and the service.

19. Changes to this Policy

This Policy may be updated to reflect changes in law, service functions, AI providers, payment providers, app-store requirements, security measures, retention policy or business operation.

The updated Policy will display the effective date and version. Material changes may be announced through notices, app messages or policy pages where practical.

If a change legally requires separate consent, the operator will request consent through an appropriate method before applying the relevant processing.

20. Privacy contact

Service name: MachoSuit. Operator: MachoSuit (BlueCode). Representative: Lee Junyoung. Business registration number: 701-47-01015. Mail-order business report number: 2026-Goyang Ilsanseo-0222.

Address: Office 608, 240 Kintex-ro, Ilsanseo-gu, Goyang-si, Gyeonggi-do, Republic of Korea.

Privacy and service contact: [email protected].