Privacy Policy

Effective Date: May 2026

1. Collected Information and Data Minimization

In compliance with global data protection standards (including GDPR, CCPA, and the Korean Personal Information Protection Act), the Company collects the minimum necessary data required to process cross-border bookings:

Mandatory Full name (English/Korean script), email address, payment transaction data (safely tokenized and processed via Stripe; no raw credit card details are stored directly on the Company's servers), requested appointment date/time, and specific beauty treatment items.
Optional Contact information (international mobile number / WhatsApp / Line / iMessage handle). This field is completely optional. If provided, it is used strictly for operational emergencies, such as immediate schedule conflicts or sudden shop closures while the traveler is roaming in South Korea.

2. Third-Party Provision and Cross-Border Data Transfer

The Company does not share or sell user personal data to unauthorized third parties. However, to finalize the cross-border reservation, minimum data fields must be securely transferred to the local establishment in South Korea:

Item Detail
Recipient The specific individual South Korean beauty salon and designated designer selected by the user.
Purpose Booking slot confirmation, local salon ledger registration, and customer identification upon arrival.
Transferred Items Full name, scheduled date/time, and requested treatment details.
Retention Period Data transferred to the local salon is scheduled for deletion within 30 days following the completion of the beauty service, unless extended retention is explicitly mandated by relevant US or South Korean financial and business record-keeping regulations.

3. Data Security and Technical Safeguards

The Company implements strict technical security measures to safeguard user data. All communication between the user's browser, custom designer WebViews, and backend servers is fully encrypted using SSL/TLS protocols. Financial transactions are routed entirely through Stripe, adhering to the Payment Card Industry Data Security Standard (PCI-DSS) to ensure no exposure of raw card credentials.