logo
Hemogry Privacy Policy (Global)
Effective date: November 16, 2025

VIVIVAVA Inc. (“we”, “us”, “our”) operates the Hemogry service (“Service”).
We are committed to protecting your personal information and processing it fairly, lawfully, and transparently.
This Privacy Policy explains what we collect, how we use it, who we share it with, how long we retain it, and the rights you have.
This policy applies globally. Where regional laws (for example, GDPR or CCPA) provide additional rights, those are reflected below.

1. Who we are
   Controller: VIVIVAVA Inc. (Hemogry)
   Email: official@vivivava.co.kr

Address: 12, Daewangpangyo-ro 645beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea

If required by law, we may appoint an EU/UK representative and disclose contact details on our website.

2. Information we collect and how
   We collect personal information in three main ways: information you provide, information collected automatically, and information created by our AI systems.

(1) Account and Identity

- Email address, display name or nickname, social login identifier

- Optional: profile image

(2) Service Use and Device Data

- Device type, operating system, browser, model, IP address, language, region

- Session logs, cookies, crash/error logs, analytics events

(3) Content and Moderation (Quarantine)

- Video links and metadata (title, description, channel)

- Upload time, content hash, automatic detection scores (e.g. cooking relevance, NSFW/harmful content)

- Moderation results such as “public”, “hold”, or “delete”

(4) AI Processing Logs

- AI inputs (limited excerpts of text or content)

- Model output metadata (summary, score, error code)

- Detection of restricted prompt patterns or abnormal requests

(5) Support and Communication

- Contact information you provide when contacting support

- App version, screenshots, logs (optional)

- Marketing preferences (opt-in or opt-out)

We collect this data through forms, automatic logging, cookies, SDKs, and analytics tools.

3. How we use information
   We use personal information only for the following purposes:

- To provide and maintain the Service (recipe generation, My Recipe Book, multilingual output)

- To create and manage your account and authentication

- To detect and prevent fraud, abuse, and harmful behavior

- To review and moderate uploaded content (Quarantine system)

- To improve AI model quality and prevent prompt injection or misuse

- To provide customer support and respond to inquiries

- To send service updates or marketing messages when legally allowed

- To comply with legal obligations and resolve disputes

4. Legal bases for processing (for EEA/UK users)
   We process data under these legal bases:

- Contract necessity (providing the Service)

- Legal obligation (for example, accounting, tax)

- Legitimate interests (security, quality improvement, abuse prevention)

- Consent (marketing communications where required)

5. Cookies and analytics
   We use cookies and similar technologies for login sessions, security, and usage analytics.
   You may disable cookies in your browser settings, but some features may not work correctly.

6. Sharing and disclosure
   We do not sell your personal data.
   We may share data only with:

- Service providers such as AWS, Cloudflare, Google (Analytics/Cloud), Mixpanel (analytics)

- Law enforcement or government authorities when legally required

- Business partners involved in legitimate processing (for example, payment processors or email delivery)

- Entities involved in a merger or acquisition, subject to this Policy

- With your consent, when you intentionally connect with external services

7. International data transfers
   Your information may be processed in countries outside your residence, including Korea and the United States.
   For EEA/UK residents, we rely on Standard Contractual Clauses and additional safeguards when transferring data.

8. Data retention
   We keep personal information only as long as necessary:

- Quarantine and abuse-prevention logs: kept up to 1 year, then deleted or anonymized

- AI processing logs (prompt or response metadata): kept up to 90 days, then anonymized

- Legal or transactional records: retained for the period required by law (for example, tax or e-commerce laws)

- When no longer needed, data is deleted or irreversibly anonymized.

9. Security
   We implement technical and organizational safeguards, such as encryption, access controls, and network monitoring.
   However, no online system is completely secure. We continually improve our security measures.

10. Your rights
    Depending on where you live, you may have certain rights:

For EEA/UK residents (under GDPR):

- Access, correction, deletion, restriction, or objection to processing

- Data portability and withdrawal of consent

- Right to request human review for automated moderation decisions

- Right to complain to a supervisory authority

For U.S. residents (including California):

- Right to know, access, correct, delete, and portability

- Right to opt out of “sale” or “sharing” of personal information

- Right to limit the use of sensitive information
  We do not sell personal data. If we use cross-context advertising in the future, a “Do Not Sell or Share” link will be provided.

For other regions, we comply with local privacy laws and honor applicable rights.

To exercise rights, contact: official@vivivava.co.kr

11. Children’s privacy
    The Service is not intended for children.
    We do not knowingly collect information from users under 14 (or the age defined by local law).
    If we become aware that a child has provided data without parental consent, we will delete it promptly.

12. Automated processing and AI disclosures
    Hemogry uses automated systems to convert cooking videos into recipes and to detect harmful or irrelevant content.
    These systems assist human reviewers.
    If you believe automated moderation was incorrect, you may request manual review.
    AI logs are retained only for limited periods described above.

13. How to contact us
    Email: official@vivivava.co.kr

Data Protection Officer: Soyun Park/CTO
We will respond within the time limits required by applicable law.

14. Updates to this Privacy Policy
    We may update this Policy from time to time.
    When we make significant or unfavorable changes, we will notify users at least 30 days before the new policy takes effect by email, push notification, or in-app notice.
    Continuing to use the Service after the effective date means you accept the updated Policy.

Regional Addendum (summary)

EEA/UK:
We rely on Contract, Legitimate Interests, Legal Obligation, or Consent.
Transfers outside the EEA/UK use Standard Contractual Clauses.
Contact us or your local supervisory authority to exercise rights.

California (CCPA/CPRA):
Categories collected include identifiers, internet activity, inferences (AI moderation scores), and limited technical information.
We do not sell or share personal information.
We will provide an opt-out mechanism if we ever engage in cross-context advertising.

End of Policy.
해먹으리 | Hemogry Video to Recipe