인연
Back

Privacy policy

Inyeon takes the protection of your personal data very seriously. This policy explains how we collect, use and protect your information, in compliance with the General Data Protection Regulation (GDPR).

Last updated: 2026-04-24

1. Data controller

The controller of the data collected on inyeon.world and app.inyeon.world is Inyeon. Contact: contact@inyeon.world

2. Data collected

We only collect data strictly necessary for the operation of the platform: • Account: email, name, profile photo • Profile: city, country, languages, interests • Adoption data (optional, encrypted): birth date, birth city, agency, file number, orphanage, flight number • Messages exchanged with other members • Shared travels, events you attended Each field is filled in voluntarily by the user. Sensitive fields are encrypted server-side with AES-256-GCM before storage.

3. Purpose of processing

Your data is used exclusively to: • Let you identify yourself and access the platform • Connect you with other Korean adoptees based on your criteria • Operate the services (messaging, search, map, events) • Suggest potential links (sibling, orphanage friend) via the Links feature • Contact you strictly within the scope of the service (moderation, notifications)

4. Legal basis

The processing of your data is based on your explicit consent (acceptance of the Terms upon registration) and on the execution of the service contract you enter into with Inyeon by signing up.

5. Recipients

Your data is never sold, shared or monetized. The only recipients are: • Yourself • Other community members, according to the visibility settings you control field by field • The Inyeon team, only for moderation and technical support • Strictly necessary technical subprocessors (Contabo for hosting, Google Firebase for authentication) — all GDPR-compliant and EU-hosted

6. Retention period

Your data is kept as long as your account is active. At any time, you can: • Edit any information from your profile • Hide fields via visibility settings • Delete your account, which triggers the definitive erasure of all your personal data within 30 days Some data may be retained beyond that for legal reasons (anonymized security logs, up to 12 months).

7. Security

We implement appropriate technical and organizational security measures: • AES-256-GCM encryption of sensitive fields at rest • TLS 1.2+ connections (HTTPS) in transit • Encryption key stored separately from data, in a secure environment variable • European hosting, subject to GDPR • Firebase (Google) authentication with protection against brute-force attacks • No third-party tracking, no advertising, no behavioral analytics

8. Your rights

Under the GDPR, you have the following rights: • Right of access to your data • Right of rectification • Right to erasure ('right to be forgotten') • Right to restriction of processing • Right to data portability • Right to object To exercise these rights, write to contact@inyeon.world. You also have the right to lodge a complaint with the French data protection authority (CNIL, cnil.fr) or your local equivalent.

9. Cookies

The public site inyeon.world uses no tracking, advertising or analytics cookies. The authenticated app (app.inyeon.world) only uses technical cookies essential for authentication and session — no external tracking.

10. Changes

This policy may evolve. Any substantial change will be notified to logged-in users and the last updated date will be refreshed.