1. Controller and Contact Details
The data controller for NudgeCat is Cheon Youngseok (Korean individual operator: 천영석).
| Controller | Cheon Youngseok (천영석) |
|---|---|
| Address | 201, Songpa The Hill, 35-6 Baekjegobun-ro 42-gil, Songpa-gu, Seoul, Republic of Korea |
| Registration number | Not registered as a business entity |
| gaoriquest@gmail.com | |
| Phone | +82 10-9059-6243 |
No Data Protection Officer has been appointed. For privacy questions, contact the controller at the email above.
No EU Representative has been appointed yet. If NudgeCat actively targets EU/EEA users at scale, appointing an EU representative under GDPR Article 27 may be required.
2. Personal Data We Process
| Category | Examples | Source |
|---|---|---|
| Service configuration data | Selected app list, usage limit, rest period, interruption screen settings | Provided or configured by you in the app |
| Usage data | App usage time for selected apps, app open events, feature interaction events | Generated when you use the app |
| Device and analytics data | Device model, OS version, app version, language, timezone, Amplitude device or installation identifier, IP-derived approximate region | Collected automatically by the app or analytics SDK |
| Contact data | Email address, message content, response history | Provided when you contact us |
| Website log data | IP address, browser type, access time, security logs | Collected automatically by Cloudflare or web hosting infrastructure |
We do not intentionally collect special categories of personal data under GDPR Article 9, national identification numbers, passport numbers, driver's licence numbers, or alien registration numbers.
3. Purposes and Legal Bases
| Purpose | Data used | Legal basis |
|---|---|---|
| Provide the digital wellbeing features | Selected app list, usage time, settings | Performance of a contract (GDPR Art. 6(1)(b)) |
| Maintain, secure, and improve the Service | Usage events, device data, logs | Legitimate interests (GDPR Art. 6(1)(f)): operating a reliable and secure app |
| Analytics through Amplitude | App events, analytics identifiers, device information | Consent where required by local law; otherwise legitimate interests (GDPR Art. 6(1)(a) or 6(1)(f)) |
| Respond to inquiries | Email address, message content | Legitimate interests or steps prior to a contract (GDPR Art. 6(1)(f) or 6(1)(b)) |
| Comply with legal obligations | Relevant records and requests | Legal obligation (GDPR Art. 6(1)(c)) |
5. International Transfers
The controller is located in the Republic of Korea. The European Commission has adopted an adequacy decision for Korea, which may support transfers from the EEA to Korea under GDPR Article 45.
Some service providers are located in the United States or use global infrastructure. Where required, transfers are protected by appropriate safeguards such as the EU-U.S. Data Privacy Framework for certified recipients, Standard Contractual Clauses, and supplementary technical and organisational measures.
6. Retention
| Data | Retention period or criteria |
|---|---|
| App settings, selected app list, usage-time data stored on device | Until you delete the app or reset the relevant settings |
| Amplitude analytics events | Up to 24 months from collection or the configured analytics retention period |
| Inquiry emails and response history | Up to 3 years after the inquiry is resolved, for dispute handling and service records |
| Website logs | Up to 12 months for security, troubleshooting, and abuse prevention |
After the retention period expires, data is deleted, anonymised, or isolated where legal retention is required.
7. Your GDPR Rights
Subject to the conditions and limits in the GDPR, you may exercise the following rights:
- Right of access (Article 15)
- Right to rectification (Article 16)
- Right to erasure (Article 17)
- Right to restriction of processing (Article 18)
- Right to data portability (Article 20)
- Right to object (Article 21)
- Right not to be subject to solely automated decisions with legal or similarly significant effects (Article 22)
- Right to withdraw consent at any time, where processing is based on consent (Article 7(3))
To exercise your rights, email gaoriquest@gmail.com. We will respond within one month unless the GDPR allows an extension for complex requests.
You also have the right to lodge a complaint with your local data protection supervisory authority. The European Data Protection Board lists authorities at edpb.europa.eu.
9. Automated Decision-Making
NudgeCat does not make automated decisions that produce legal effects or similarly significant effects, such as eligibility, approval, rejection, credit scoring, hiring, or insurance decisions.
10. Children
NudgeCat may be used by people under 16 with consent and supervision from a holder of parental responsibility. Where consent is the legal basis for processing a child's personal data in relation to an information society service, consent is valid only if the child is at least 16 years old unless a lower age applies under the relevant Member State law. For younger children, parental consent is required.
If you believe a child has used NudgeCat without appropriate consent, contact us and we will take appropriate steps, including deletion or restriction where required.
11. Security
We use appropriate technical and organisational measures, including access limitation, account security, transport encryption where available, review of third-party provider security settings, logging, and incident response procedures.
12. Changes to This Notice
We may update this Notice. Material changes will be communicated through the website, app notice, or another appropriate channel.
- 2026-05-28: First version