Introduction
iFamilySC Co., Ltd. operates Coloree, a personal color diagnosis solution available through the Shopify App Store. Store operators install the Coloree app to offer personal color diagnosis to their end users.
This Privacy Policy explains what personal information we collect, how we use and share it, and what choices you have. We comply with applicable privacy laws, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and the Korean Personal Information Protection Act (PIPA).
If we make significant changes to this policy, we will notify you through in-app notices or email before the changes take effect.
What information we collect
We collect the minimum personal information necessary to provide the Service. Our collection is limited to end users who perform personal color diagnoses. We do not collect personal information from Shopify store operators who install the app.
| Category | Purpose | Items Collected | Retention Period | Legal Basis |
|---|---|---|---|---|
| Service UseRequired | Storing and providing diagnosis results; personalized product recommendations | User identifier (User ID), personal color diagnosis results | Until termination of the service agreement or upon your request for deletion | User consent |
Where applicable laws require the retention of certain records, we keep them for the period prescribed by those laws.
| Records | Applicable Law | Retention Period |
|---|---|---|
| E-commerce transaction records (if applicable) | Act on Consumer Protection in Electronic Commerce (Korea) | 5 years |
| Access logs | Applicable laws and regulations | 3 months to 1 year |
Why we process your information
We use your personal information for the following purposes. If we need to use it for any other purpose, we will obtain your consent or take other necessary measures before doing so.
- Providing the Service: Delivering and storing your personal color diagnosis results
- Personalization: Recommending products based on your diagnosis results
- Service improvement: Analyzing errors and improving service quality
- Legal compliance: Fulfilling our obligations under applicable laws
Who we share your information with
Third-party disclosure
We do not disclose your personal information to third parties except in the following cases:
- When you have given explicit prior consent
- When required by law or upon a lawful request from an investigative authority
Service providers
We work with the following service providers to deliver the Service. We oversee and manage these providers to ensure the safe handling of your personal information.
| Service Provider | Services Provided |
|---|---|
| Shopify Inc. | App platform operation, data storage and processing |
| Amazon Web Services, Inc. (AWS) | Service infrastructure (servers, databases) operation and data storage |
Where we send your information
We are a Korean company, but the Service operates on infrastructure located in the United States. To provide the Service, your personal information may be transferred to and processed in countries outside your country of residence. You may refuse the international transfer; however, doing so may limit your use of the Service.
| Category | Details |
|---|---|
| Recipients | Shopify Inc. / Amazon Web Services, Inc. (AWS) |
| Destination | United States (and countries where Shopify and AWS data centers are located) |
| Timing and method | Transferred continuously via network during service use |
| Items transferred | User identifier, diagnosis result data |
| Retention period | Until termination of the service agreement |
How long we keep your information
We retain your personal information only for as long as necessary to fulfill the purposes described in this policy. When your information is no longer needed, we destroy it without delay.
How we destroy your information:
- Electronic files: Permanently deleted using methods that prevent recovery
- Physical records: Shredded or incinerated
Your rights over your information
You have the right to access, correct, delete, or restrict the processing of your personal information at any time. To exercise these rights, please contact our Privacy Officer using the information provided in the "How you can reach us" section below. We will respond to your request without delay.
California privacy rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and related U.S. state privacy laws:
- Right to Know: You can request details about what personal information we collect, where it comes from, how we use it, and whether we disclose it to third parties.
- Right to Delete: You can request that we delete the personal information we hold about you.
- Right to Non-Discrimination: We will not treat you differently for exercising any of these rights.
We do not sell your personal information. Therefore, the Right to Opt-Out of the sale of personal information does not currently apply to this Service.
To exercise your CCPA rights, please contact our Privacy Officer listed below.
How we protect your information
We take the security of your personal information seriously and have implemented administrative, technical, and physical safeguards to protect it.
Administrative safeguards
- We maintain an internal management plan for the safe handling of personal information.
- Access to personal information is limited to the minimum number of personnel necessary to perform their duties, and all such personnel receive regular privacy training.
- A dedicated privacy team continuously monitors compliance with our security policies.
Technical safeguards
- We manage access controls for personal information processing systems, including granting, modifying, and revoking access rights. Intrusion prevention systems block unauthorized external access.
- Personal information is encrypted using secure algorithms for both storage and transmission.
- We maintain up-to-date anti-malware protections, perform regular data backups, and use encrypted network communications to prevent unauthorized access or data loss.
Physical safeguards
Personal information processing systems are located in access-controlled facilities, and we maintain physical access control procedures to prevent unauthorized entry.
Cookies and tracking technologies
We may use cookies to collect usage statistics and improve the Service. Cookies are small pieces of data that a web server sends to your browser, which may be stored on your device.
- Why we use cookies: To collect usage statistics and improve the Service.
- Your choices: You can allow, block, or delete cookies through your browser settings.
How you can reach us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or need to file a complaint, please contact our Privacy Officer.
| Category | Details |
|---|---|
| Company | iFamilySC Co., Ltd. |
| Representative Directors | Tae Uk Kim, Sung Hyun Kim |
| Business Registration No. | 120-86-00633 |
| Address | 122 Dongnam-ro, Songpa-gu, Seoul 05804, Republic of Korea |
| Privacy Officer | Chun Su Kim, Executive Vice President |
| towno1@ifamilysc.com | |
| Phone | +82-2-6910-4112 |
Grievance resolution
If you are not satisfied with our response, you may contact the following authorities depending on your location:
United States
- Federal Trade Commission (FTC): reportfraud.ftc.gov
- Your State Attorney General's Office
California (CCPA)
- California Attorney General's Office: oag.ca.gov/privacy
Republic of Korea
- Personal Information Infringement Report Center (KISA): privacy.kisa.or.kr / 118
- Personal Information Dispute Mediation Committee: www.kopico.go.kr / 1833-6972
- Korean National Police Agency: 182 (ecrm.police.go.kr)
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in applicable laws, our services, or our practices. If the policy is revised, we will provide advance notice through in-app notifications or email. The revised policy takes effect seven (7) days after the notice is posted. For material changes that significantly affect your rights, we will provide at least thirty (30) days' advance notice.
- Privacy Policy version: 20260401_A
- Effective date: TBD