Privacy Policy

Nomad88 Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses this Privacy Policy to protect data subjects’ rights under the Personal Information Protection Act and other applicable laws, and to safeguard personal information.

Article 1 (Purposes of Processing Personal Information)

The Company processes personal information within the scope necessary to provide the HeyFast app service (the “Service”). The Company collects and uses only the minimum personal information necessary for providing and operating the Service. If the purpose of processing changes, the Company will obtain prior consent from users.

  1. Membership Registration and Management

    The Company processes personal information to confirm the intent to register, manage accounts for Service use, deliver notices and announcements, and handle inquiries and support related to Service use.

  2. Service Provision and Improvement

    The Company processes personal information to provide health management features such as intermittent fasting logs and meal and water intake records, and to improve Service quality. Health-related information for example weight, age, gender, and fasting records is, in principle, stored locally on the user’s device. For server-side processing such as AI analysis, data will be stored on the server only after obtaining the user’s explicit consent.

  3. Use for Marketing and Advertising

    The Company may collect and use advertising identifiers for example ADID and IDFA to display advertisements within the Service, analyze advertising effectiveness, and compile marketing statistics. Collected information is used only within the minimum scope necessary for Service provision and ad operations.

  4. Use of Pseudonymized Information

    The Company may use pseudonymized information for Service usage statistics, research and development, and analysis for the public interest.

Article 2 (Items of Personal Information Collected and Collection Methods)

  1. Items Collected

  • Basic Service Usage Information

    Nickname, email address optional, device information for example model name, OS version, advertising ID, app version, app usage logs, and error logs

  • Health Information when entered by the user

    Weight, age, gender, fasting records, meal and water intake records, and similar items. This information is, by default, stored only on the device.

  • Advertising and Marketing Information

    Advertising ID ADID or IDFA, ad impression and click records. These are used only within the minimum scope necessary for advertising and marketing analysis.

  1. Methods of Collection
  • Direct input by users during membership registration and Service use
  • Automatic collection of information generated and transmitted during app use
  • When social login for example Google or Apple is selected, collection of identifier information provided by that service

Article 3 (Sharing and Provision of Personal Information)

As a rule, the Company does not provide users’ personal information to external parties. However, personal information may be provided in the following cases:

  1. When the user has given prior consent
  2. When required by law or upon a lawful request from investigative or related authorities
  3. When providing information to third parties for advertising and analytics services, within the minimum scope necessary
RecipientItems ProvidedPurposeRetention and Use Period
Google AdMobAdvertising IDAd deliveryIn accordance with each party’s policy
RevenueCat, Inc.User ID, purchase history, subscription status, device identifiersIn-app purchase and subscription managementIn accordance with each party’s policy

※ Health information (e.g. weight, fasting records) is not shared with advertising or payment processors. It may only be transmitted to infrastructure or AI providers for Service functionality, with explicit user consent.

Article 4 (Outsourcing of Personal Information Processing)

For Service provision, AI functionality, and infrastructure management, the Company may outsource certain personal information processing tasks to external processors. All such functions are enabled by the user’s choice, and there is no limitation on basic Service use if the user does not consent.

ProcessorOutsourced TasksPersonal Information TransferredRetention and Use Period
Amazon Web Services, Inc.Service infrastructure management and data storageEmail, fasting records, weight, and other Service dataUpon fulfillment of purpose or end of contract
RevenueCat, Inc.In-app purchase and subscription managementUser ID, purchase history, subscription status, device identifiersIn accordance with RevenueCat’s privacy policy
OpenAI OpCo, LLCData processing for AI analysis for example meal analysis, fasting summariesMinimal input data for example weight, meal records, fasting recordsMay be temporarily retained per each processor’s policy
Anthropic PBCData processing for AI analysis for example meal analysis, fasting summariesMinimal input data for example weight, meal records, fasting recordsMay be temporarily retained per each processor’s policy
Google LLCData processing for AI analysis for example meal analysis, fasting summariesMinimal input data for example weight, meal records, fasting recordsMay be temporarily retained per each processor’s policy

※ The above processors do not permanently retain data. For technical reasons necessary to process API requests, data may be temporarily stored and processed within the scope of each AI service provider’s privacy and data retention policies. AI features and cloud storage features are enabled only with the user’s explicit consent.

Article 5 (Overseas Transfers of Personal Information)

  1. Amazon Web Services, Inc. (aws-korea-privacy@amazon.com)

    • Destination Country: United States
    • Method of Transfer: Transmission over the network upon Service use
    • Items Transferred: Email, fasting records, weight, and other Service usage data
    • Retention and Use Period: Upon fulfillment of purpose or end of outsourcing contract

  2. RevenueCat, Inc. (compliance@revenuecat.com)

    • Destination Country: United States
    • Method of Transfer: Transmission over the network upon use of in-app purchase features
    • Items Transferred: User ID, purchase history, subscription status, device identifiers
    • Retention and Use Period: In accordance with RevenueCat’s privacy policy

  3. OpenAI OpCo, LLC / Anthropic PBC / Google LLC

    • Destination Country: United States
    • Method of Transfer: Transmission over the network if and when AI features are integrated and executed
    • Items Transferred: Minimum input data necessary for AI functionality for example weight, meal records, fasting records
    • Retention and Use Period: May be temporarily stored in accordance with each processor’s policy and deleted after processing

Users may refuse overseas transfers by contacting the Personal Information Protection Officer at nomad88.software@gmail.com. However, in such cases, certain AWS-based cloud storage features or AI analysis features may be unavailable.

Article 6 (Retention and Use Period of Personal Information)

As a general rule, the Company promptly destroys personal information once the purpose of collection and use has been achieved. However, information may be retained for a certain period in accordance with laws and internal policies.

  • Records of fraudulent use: 1 year
  • Service usage records de-identified: 5 years
  • Retention required by applicable laws for example the Act on Consumer Protection in Electronic Commerce and the Protection of Communications Secrets Act

Article 7 (Procedures and Methods for Destruction of Personal Information)

  • After the processing purpose has been achieved, personal information is destroyed without delay. Electronic files are deleted using methods that prevent restoration.
  • Paper documents are destroyed by shredding or incineration.

Article 8 (Technical and Managerial Safeguards for Personal Information)

To prevent loss, leakage, alteration, or damage of users’ personal information, the Company takes reasonable and effective protective measures at the level required by applicable laws and makes its best efforts to protect personal information.

  1. Security Management and Access Control Personal information is stored and managed in encrypted form, and access rights are restricted to the minimum necessary.

  2. Safeguards During Data Transmission Secure encrypted communication methods such as SSL are used.

  3. System Security Management The Company implements technical measures to prevent leakage, including security inspections and anti-malware programs.

Article 9 (Users’ Rights and How to Exercise Them)

Users may, at any time, request access, correction, deletion, suspension of processing, or withdrawal of consent regarding their personal information. Requests can be submitted via email at nomad88.software@gmail.com, and the Company will take necessary measures within a reasonable period.

Article 10 (Matters Related to the Collection, Use, Provision, and Refusal of Behavioral Information)

The Company collects and uses users’ behavioral information during Service use to provide optimized services.

The Company uses the following analytics tools to collect and analyze users’ behavioral information. The collected information is unlikely to identify a specific individual.

  • Google Analytics
  • Firebase Crashlytics
  • Microsoft Clarity

The Company collects behavioral information as follows:

Behavioral Information CollectedMethod of CollectionPurpose of CollectionRetention and Use Period
Users’ Service usage records, access logs, advertising IDsAutomatically collected and transmitted during useStatistical analysis for improvementDestroyed 5 years from collection

The Company collects only the minimum behavioral information necessary for statistical analysis to improve the Service, and does not collect sensitive behavioral information that could clearly infringe upon individuals’ rights, interests, or privacy, including ideology, beliefs, family and kinship, educational background or medical history, and other social activity history.

The Company does not knowingly collect behavioral information from children under the age of 14, and does not provide personalized advertising to them.

For online personalized advertising in mobile apps, the Company collects and uses advertising identifiers ADID or IDFA. Users can block or allow personalized advertising through their mobile device settings.

[Blocking or Allowing Advertising Identifiers on Smartphones]

  1. Android

    1 Settings → 2 Security and Privacy → 3 Other Privacy Settings → 4 Ads → 5 Reset Advertising ID or Delete Advertising ID

    1 Settings → 2 Google → 3 Ads → 4 Reset Advertising ID or Delete Advertising ID

  2. iPhone

    1 Settings → 2 Privacy → 3 Tracking → 4 Turn off “Allow Apps to Request to Track”

    1 Settings → 2 Privacy → 3 Advertising → 4 Limit Ad Tracking

※ The menu and steps may vary depending on the mobile OS version.

Article 11 (Personal Information of Children Under 14)

Pursuant to Article 22 paragraph 5 of the Personal Information Protection Act, the Company does not collect or use personal information of children under the age of 14, nor provide it to third parties.

If it is confirmed that personal information of a child under 14 was collected without the consent of a legal guardian, the Company will promptly delete such information and may restrict Service use.

Article 12 (Privacy for Overseas Users)

The Company’s Service is provided and operated in accordance with the laws of the Republic of Korea, and this Privacy Policy is written in Korean as the official version. This Policy may be provided in English, Japanese, or other languages. In the event of any inconsistency between a translation and the Korean version, the Korean version shall prevail.

The Company complies with privacy-related regulations applicable to users’ jurisdictions and the laws of each country where the Service is used.

Article 13 (Contact Information of the Personal Information Protection Officer and Staff)

For reports or consultations regarding personal information infringement, please contact the following agencies:

  • Personal Information Infringement Report Center privacy.kisa.or.kr / 118
  • Personal Information Dispute Mediation Committee www.kopico.go.kr / 1833-6972
  • Supreme Prosecutors’ Office www.spo.go.kr / 1301
  • National Police Agency ecrm.police.go.kr / 182

Article 14 (Duty to Notify)

If there are additions, deletions, or modifications to this Privacy Policy, the Company will announce them via the website, in-app notices, or app store release notes at least seven days prior to the effective date.

Supplementary Provisions

This Privacy Policy takes effect on November 1, 2025.