BurningON Diet Privacy Policy
BurningON Diet (hereinafter referred to as "the Service") protects users' personal information in accordance with privacy protection laws. This Privacy Policy explains how users' personal information is collected, used, and protected.
Article 1: Purpose of Processing Personal Information
The Service processes personal information for the following purposes:
- Member Registration and Management: Identity verification, membership maintenance and management, prevention of fraudulent use of services
- Diet Program Services: Provision of customized diet programs, progress tracking, goal achievement support
- Health Data Management: Recording and analysis of health indicators such as weight, body fat, sleep, and bowel movements
- Meal Management: Daily meal recording, calorie tracking, intermittent fasting time management
- Workout Recording: Recording workout types, sets/reps/duration, GPS route tracking, workout statistics analysis
- Quest System: Quest completion processing and progress synchronization
- Notification Services: Water reminders, fasting completion alerts, diet-related information
⚠️ Processing of Sensitive Information
The Service collects health-related sensitive information (weight, body fat percentage, etc.). This information is collected with the user's explicit consent and is used solely for providing diet program services.
Article 2: Types of Personal Information Processed
1. Information Collected During Registration
- Required: Email, password, name (nickname)
- Optional: Profile picture, date of birth, gender
2. Social Login Information
- Google: Email, name, profile picture
- Kakao: Email, nickname, profile picture
- Apple: Email, name (depending on user selection)
3. Information Collected During Service Use
- Health Information: Weight, height, body fat percentage, muscle mass, visceral fat, waist circumference, InBody measurement data
- Lifestyle Habits: Sleep hours, bowel frequency, water intake, menstrual period records
- Meal Information: Meal records, calories, nutrient information, intermittent fasting time, fasting timer records
- Workout Information: Workout type, sets, reps, duration, weight, rest time, GPS route coordinates, workout photos, steps, stairs
- Program Data: Diet phase, target weight, progress status, quest completion records
4. Automatically Collected Information
- Device Information: UUID, device model, OS version
- Push Notifications: FCM token
- Advertising Information: Advertising identifier (IDFA/GAID), ad interaction data
- App Usage Information: Access time, usage history, app version
- Health Data Integration: HealthKit (iOS) or Google Fit (Android) integration data (steps, stairs) - Collected only with user permission
Article 3: Processing and Retention Period of Personal Information
| Category |
Retention Period |
| Member Information |
Until membership withdrawal |
| Health Record Data |
Immediately deleted upon app deletion (locally stored) |
| Diet and Workout Records |
Immediately deleted upon app deletion (locally stored) |
| Quest Completion Records |
Immediately deleted upon app deletion |
However, if required by applicable laws and regulations, information will be retained for the period specified by law.
Article 4: Provision of Personal Information to Third Parties
In principle, the Service does not provide users' personal information to third parties. However, exceptions are made in the following cases:
- When the user has given prior consent
- When required by law or requested by investigative agencies
Article 5: Outsourcing of Personal Information Processing
| Contractor |
Outsourced Services |
| Supabase Inc. |
Data storage, authentication services, database management |
| Google LLC |
Firebase push notifications (FCM), Google AdMob advertising services |
| Google Drive |
Data backup (when selected by user) |
Article 6: Rights and Obligations of Data Subjects
Users may exercise the following rights at any time:
- Request to view personal information
- Request for error correction
- Request for deletion
- Request to stop processing
- Right to refuse processing of sensitive information
Rights can be exercised through the app's settings menu or customer service center.
Article 7: Destruction of Personal Information
When the purpose of processing personal information is achieved, the information will be destroyed without delay.
- Destruction Procedure: After achieving the processing purpose, information is transferred to a separate database and destroyed after a certain period according to internal policy
- Destruction Method: Electronic files are permanently deleted using irreversible methods; paper documents are shredded or incinerated
Article 8: Ensuring the Security of Personal Information
The Service takes the following measures to ensure the security of personal information:
- Encryption of personal information (passwords stored with one-way encryption)
- Encryption of data transmission via SSL certificates
- Technical measures against hacking
- Access restrictions and permission management for personal information
- Regular security checks and updates
Article 9: Data Storage Location
📱 Locally Stored Data: All sensitive personal health information such as weight, body fat, meal records, workout records, and health records are primarily stored in the local database on the user's device and are not transmitted to external servers.
☁️ Server Stored Data: Only quest completion information is stored on Supabase servers and synchronized upon login. This is to allow users to access their achievement records on other devices.
💾 Cloud Backup: Data is encrypted and stored on Supabase servers or Google Drive only when the user activates the backup feature.
Article 10: Advertising and Tracking
The Service may collect the following information to improve user experience and provide relevant advertisements:
- Advertising Identifier (IDFA/GAID): Used to provide personalized ads
- App Tracking Transparency: Tracking permission is requested on iOS 14.5 and above; all app features remain fully accessible even if the user declines
- Google AdMob: Ad display and ad performance measurement
- EU User Consent: Separate consent is obtained for EU users in accordance with GDPR
Users can limit ad tracking in their device settings. In this case, ads will still be displayed but will be generic rather than personalized.
Article 11: Processing of Personal Information of Children Under 14
The Service does not collect personal information from children under 14 years of age. Children under 14 require consent from their legal guardian to use the service.
Article 12: Installation and Operation of Automatic Collection Devices
The Service does not use cookies to provide personalized services. However, when accessing external websites through the app's webview, the cookie policies of those sites may apply.
Article 13: Privacy Officer
Article 14: Changes to Privacy Policy
This Privacy Policy is effective from the implementation date. If there are additions, deletions, or corrections to the content due to changes in laws and policies, we will notify you through the app's notice board 7 days before the implementation of the changes.
Effective Date: October 14, 2025