Privacy and generative AI guidance reflected

bebeflow Privacy Policy

How bebeflow processes caregiver accounts, child profiles, childcare records, notifications, advertising, and AI features.

Effective April 30, 2026 Updated April 30, 2026 Contact Privacy inquiries: [email protected]
Childcare and health-related records are not used for advertising targeting.
Personal data is deleted within 1 month after account deletion or service termination.
Purposes, items, retention, refusal rights, processors, and possible overseas processing are stated.

1. Controller and Scope

금성랩 (representative 곽수창) operates the bebeflow app and service server and processes personal data needed to provide the service.

  • Privacy contact: [email protected]
  • Covered services: mobile apps, service server, widgets, notifications, Live Activity, advertising, support, and record-based AI summaries/chat.
  • Child data is managed by caregivers, and caregivers or legal representatives may exercise rights.

2. Consent and Right to Refuse

  • At registration, social sign-in, onboarding, notification settings, and advertising consent, bebeflow explains purposes, data items, retention, refusal rights, and consequences.
  • If required processing is refused, account-based records, household sharing, device sync, AI summaries/chat, and other core functions cannot be used.
  • Marketing, personalized notices, and advertising choices are optional and can be withdrawn in app or platform settings.
  • We do not directly register children under 14; child information is entered and managed by caregivers or legal representatives for childcare record management.

3. Purposes

  • Identify members, sign in, maintain sessions, and protect accounts
  • Manage households, child profiles, co-caregiver invitations, and roles
  • Store and sync feeding, sleep, diaper, medication, temperature, solid food, hospital, play, and memo records
  • Provide home summaries, timelines, statistics, reports, recommendations, and notifications
  • Provide record-based AI summaries/chat, report assistance, and support responses
  • Improve quality, analyze errors, respond to security issues, and comply with legal obligations
  • If consented, show ads, manage advertising consent, and provide new-feature or personalized notices

4. Data Processed

Account and Authentication

  • Email, name or nickname, provider identifier, Apple/Google authentication result, session token, invite code, household/role information

Child and Records

  • Child name or nickname, birth date or corrected-age reference, sex, feeding amount, sleep time, diaper status, medication name/dose, temperature, solid food, hospital, play, memo, record times, and edit history

Use and Device

  • App settings, language, notification settings, device token for app notifications, installation identifier, access/error logs, sync status, support inquiries

AI and Advertising

  • AI questions, parts of conversation, related records selected as answer grounds, advertising identifier, ad consent status, ad impressions and clicks

5. Social Sign-In

  • For Google sign-in, we receive the Google account identifier, email, name, and minimal information needed for sign-in.
  • For Apple sign-in, we receive the Apple account identifier, email or private relay email, and authentication information provided by Apple.
  • bebeflow does not access Google Drive, Gmail, contacts, search history, or location information.
  • Provider policy changes, account deletion, or token expiration may require re-authentication.

6. Generative AI Processing

  • When AI features are used, questions, recent conversation, child profile, and some related records may be sent to the server and generative AI API to generate answers.
  • Requests are limited to the minimum information needed for the answer.
  • bebeflow does not automatically decide medical diagnosis, prescriptions, treatment, medication instructions, emergency judgment, or final health decisions, and does not use childcare or health-related records for advertising targeting.
  • Input screens tell users not to enter unnecessary sensitive information such as resident numbers, insurance numbers, detailed addresses, or payment information.
  • Under the provider's default policy, inputs and outputs are not used to train models, although operational logs for abuse detection may be retained for a limited period.

7. Retention and Deletion

  • Accounts, households, child profiles, records, and consent status are retained until service use ends.
  • After account deletion or service termination, personal data is deleted within 1 month.
  • Information subject to legal retention duties is stored separately for the required period and then deleted.
  • Notification device tokens may be updated or deleted when logging out, deleting the app, refreshing tokens, or disabling notifications.
  • Electronic files are deleted in a manner that is difficult to restore.

8. External Processors and Overseas Processing

  • Railway processes service server operations.
  • Google processes Google sign-in, Android notification delivery, Google AdMob advertising, and ad consent management.
  • Apple processes Apple sign-in, iOS notification delivery, and App Store platform features.
  • OpenAI processes request data needed for record-based AI answers and summaries.
  • Depending on each service's countries or regions, personal data may be processed overseas.
  • External processors must process information only for designated purposes under contracts, terms, and security policies.

9. User and Legal Representative Rights

  • Users may request access, correction, deletion, suspension of processing, and withdrawal of consent.
  • Caregivers or legal representatives may exercise rights over child information and childcare records.
  • Requests can be made through app settings, support, account deletion paths, or [email protected].
  • If required processing is refused, account-based record and sync services cannot be used.

10. Security Measures

  • Encryption in transit, access restrictions, server/DB access control, and access/error log management
  • Session-token authentication, device registration management, and minimum necessary data transfer
  • Generative AI input-scope limitation, operational log review, and external processor security-policy checks

11. Publication and Change Notice

  • This policy is available in the app legal/information screen and public web page.
  • If it changes, effective date, reason, and major changes will be posted on the web page and in-app screen.
  • Important changes to data items, purposes, retention, processors, overseas processing, or rights are normally announced 7 days before; materially adverse changes are announced 30 days before.
  • If urgent reasons prevent advance notice, notice will be provided as soon as possible afterward.