Privacy Policy

Last updated: 2026-05-27 · Effective: 2026-05-27

girok ("the site") treats user data with care and complies with applicable data-protection laws. This policy explains what we collect, how we use it, how long we keep it, and how we destroy it.

1. Information we collect

• Email signup: email address, optional display name, password. Passwords are stored as bcrypt one-way hashes; we never store plaintext.
• Google sign-in: Google subject identifier (sub), email, name, profile picture URL.
• Your memorial dates: name, date, category, note. Private — only you can view them.
• Access & operational data: IP address, browser, request time (server logs). Collected automatically for security.

2. How we use it

• Account identification and login
• Storing and displaying your personal memorial dates
• Abuse prevention and site security
• Operation and improvement of the service

3. Retention and deletion

• Account and memorial data: deleted immediately on account closure.
• Access logs: retained up to 90 days, then automatically deleted.
• Records required by law are kept for the legally mandated period.

4. Third-party disclosure

We do not share personal information with third parties, except:

• With your prior consent.
• In response to lawful requests by public authorities.

5. Connected services

The site uses the following external services; their respective privacy policies also apply.

• Google sign-in (OAuth 2.0): for member authentication. Google Privacy Policy
• Google Analytics 4 (measurement ID: G-T03544N2YZ): collects anonymised visit statistics (IP anonymisation enabled) to understand site usage and improve the service. How Google Analytics processes data. You may install the Google Analytics opt-out browser add-on to disable tracking.
• Public JSON API (/api/v1/*): callable by anyone, including guests. Responses do not include member-only data (personal memorial dates, groups, etc.). API requests themselves are logged identically to ordinary web requests (IP, user-agent, timestamp) and we do not attach any tracking identifier to API callers.
• Google AdSense (to be enabled after approval): some pages may display personalised ads. When active, ad cookies (__gads, __gpi, NID, IDE, etc.) are used and the ad script is loaded only when you have given consent for the "ads" category. Member-only pages and legal pages (Privacy Policy, Terms of Service) never display ads.

6. Your rights

• Access, correction, deletion of your data
• Restriction of processing
• Withdrawal of consent and account closure

7. Security measures

• Passwords stored as bcrypt one-way hashes
• All traffic encrypted with HTTPS (TLS)
• Session cookies marked HttpOnly + SameSite=Lax
• Separation of admin privileges and access control

8. Cookies

Cookies set directly by the site:

• girok_sess: login session identifier (required)
• lang: language preference
• (localStorage) theme: light/dark mode preference
• (localStorage) lang: client-side language cache

Cookies set by Google Analytics (when analytics consent is given):

• _ga, _ga_T03544N2YZ: visitor identification and session tracking (valid up to 2 years)

Cookies set by Google AdSense (when ads consent is given, after AdSense activation):

• __gads, __gpi: ad frequency capping and ad identification (up to 13 months)
• NID, IDE: ad personalisation (on google.com / doubleclick.net domains)

9. Privacy Officer and Contact

• Privacy Officer: bark zeno
• Email: ceo@4bun.com
• Phone: +82-70-7613-1599 (Weekdays 10:00–17:00 KST)
• Address: 1209, IBC Diobil, 72, Gonghang-ro 424beon-gil, Jung-gu, Incheon, Republic of Korea

10. Change history

• 2026-05-27: Reflected the broadened scope (public calendar + private memorial dates); §5 now explicitly notes the Public JSON API.
• 2026-05-26: Initial release.