Privacy Policy

0. Controller & Contact

The data controller is Youngjae Kim (sole trader, trading as “Hoju&I”).

Contact: hojuandi.service@gmail.com

1. Scope

This Policy applies to hojuandi.com and related services we operate.

2. Purpose & Collection

We use Clerk for authentication and user management. We collect and store only what is necessary for account operation: Clerk ID, username, and profile image URL.Clerk’s Privacy Policy.

We rely on consent for processing sensitive information, certain direct marketing, or new purposes not reasonably necessary for our functions, as required by the Privacy Act 1988 (Cth) and the APPs. Consent is informed, specific, current, and voluntary.

2-1 Notice at Collection (APP 5)

Before collecting any personal information, we clearly explain what we collect, why, and how it’s used, including our contact details and a link to this Privacy Policy.

2-2 Impacts of Non-Provision

Failure to provide required information will prevent account creation or use of authenticated features. You may still browse publicly available content without logging in.

3. Categories Collected

We collect only what is reasonably necessary to provide the service:

• Account Information:
  • Clerk ID, username, and profile image URL (via Clerk authentication)
• Service Data: Posts, comments, notifications, and other user-generated content or service-related records linked to your account.
• Security Logs: For security, our servers automatically log access details (IP address, request path, timestamp, User-Agent) for audit and protection purposes.
• User-Submitted Content (Public). Posts may include text, images, and contact details you choose to publish (e.g., phone number, email, name, location). Content placed in a post is publicly visible by default and may be indexed by search engines or copied by third parties. Even if you later delete the post, we cannot guarantee removal of external copies (e.g., search engine caches). Do not include sensitive information or another person’s personal information (including their phone/email/address) without their lawful consent. We process user-submitted content only to operate, display, back up, and secure the Service.

We allow anonymous or pseudonymous use where reasonable. Under APP 3 & APP 6, we collect, use and disclose only what is reasonably necessary for our functions, and will not use it for unrelated purposes without a legal basis or your express consent. If we receive unsolicited personal information, we assess it within a reasonable period and destroy or de-identify it if not required (APP 4).

3-1. Cookies & Tracking

We use essential cookies for login/session. Traffic statistics are aggregated from server logs. If we later introduce non-essential technologies, we will update this Policy and obtain consent where required by the APPs.

3-2. No Government Identifiers (APP 9)

We do not collect, store, or use government-issued identifiers (e.g., passport, driver licence, Medicare, TFN) for service operation.

4. Purposes of Processing

• User identification and authentication
• Storage/display of user content
• Service stability and security
• Prevention of violations/unlawful acts and dispute handling

We do not conduct direct marketing under APP 7. If we introduce direct marketing in the future, we will give clear notice and an opt-out option before sending any communication.

5. Overseas Transfer & Third Parties (APP 8)

We may disclose and process personal information overseas through third-party providers we use to operate and secure the Service. We take reasonable steps to ensure substantially similar protections apply to personal information handled outside Australia.

Exact data locations depend on provider routing and failover. Based on public provider documentation, processing commonly occurs in the US and/or EU, and may involve global edge/CDN networks.

Providers and processing regions may change from time to time due to technical routing or service maintenance. We remain accountable under APP 8 and take reasonable steps to protect personal information handled by overseas providers. Material changes will be updated here and consent obtained where required by law.

For detailed information about each provider's data handling practices, retention policies, and security measures, please refer to their respective privacy policies linked above.

5-1 Processing Regions, Failover & Force Majeure

Processing regions & failover. Our providers may process data in different regions (incl. temporary failover for BCDR / force majeure). We take reasonable steps under APP 8. Where required, we rely on a valid legal basis under APP 8 (e.g., reasonable steps to ensure substantially similar protections, or an applicable exception). If consent is needed, we will obtain it.

5-2. Security Measures

We take reasonable steps to protect personal information from unauthorised access, misuse, or loss in accordance with APP 11. Security logs are used only for protection and maintenance purposes.

5-3. Retention & Deletion (APP 11)

We retain personal information only for as long as is reasonably necessary for the purposes described in this Policy or as required by law. We apply documented schedules and delete or de-identify data once the purpose ends, subject to lawful holds (e.g., disputes or legal requests).

Third-party providers apply their own documented retention and backup schedules (see each provider’s privacy policy).

We take reasonable steps to destroy or de-identify personal information that is no longer required for our functions or activities, consistent with APP 11. Lawful holds may extend retention only as required by law.

5-4. Notifiable Data Breaches (NDB)

We operate a four-step response process: Contain, Assess, Notify, and Review.

• Contain: Immediately secure systems, rotate secrets, and limit further exposure.
• Assess (within 30 days): Evaluate whether the incident is likely to cause serious harm.
• Notify (as soon as practicable): If eligible, notify affected individuals and the OAIC, including a description of the breach, the kinds of information involved, the steps taken, and recommended actions for affected individuals.
• Review: Address the root causes and update security controls, policies, and staff training.

Contact: hojuandi.service@gmail.com (Subject: Data Breach)

6. User Rights

Users are responsible for keeping their personal information accurate and up to date. You may access, update, or request deletion of your personal information at any time by contacting hojuandi.service@gmail.com. We will take reasonable steps to verify your identity and respond in accordance with the Australian Privacy Principles (APP 12 & 13).

We aim to keep personal information accurate and up to date as required by law.

7. Lawful Requests

We respond to lawful requests from authorities after verifying their jurisdiction and validity, in accordance with the Privacy Act 1988 (Cth).

8. Governing Law & Jurisdiction

This Policy is governed by NSW law. Disputes are subject to courts in NSW.

9. Complaints & OAIC

Send complaints to hojuandi.service@gmail.com. We aim to respond within a reasonable time.

If you are not satisfied with our response, you may lodge a complaint with the OAIC (Office of the Australian Information Commissioner).

10. Changes to this Policy

We may update this Policy to reflect legal or service changes. Material updates will be announced in service. The latest version is always available on hojuandi.com.