# Roomfit Studio — Data Safety / App Privacy 선언서 > Play Console "Data safety" 양식과 App Store Connect "App Privacy" 양식 작성용 공식 답변지. > 제출 시 이 문서의 응답을 그대로 웹 UI에 입력. > 최종 수정: 2026-04-20 --- ## Google Play — Data Safety ### 1. Does your app collect or share any of the required user data types? **Yes** (email, app activity, financial info는 없음) ### 2. Is all of the user data collected by your app encrypted in transit? **Yes** — 모든 앱↔서버 통신은 TLS 1.3 ### 3. Do you provide a way for users to request that their data be deleted? **Yes** — 앱 내 설정에서 "계정 삭제" + `bruce@wespion.com` 이메일 요청 둘 다 지원 ### Data types collected | Category | Data type | Collected? | Shared? | Optional? | Purpose(s) | |---|---|---|---|---|---| | **Personal info** | Name | No | — | — | — | | **Personal info** | Email address | ✅ Yes | No | No (Required) | Account management | | **Personal info** | User IDs | ✅ Yes | No | No (Required) | Account management | | **Personal info** | Phone number | ✅ Yes | No | ✅ Yes (Optional) | Account management | | **Personal info** | Address | No | — | — | — | | **Personal info** | Race, religion, sexual orientation, gender identity, political beliefs | No | — | — | — | | **Financial info** | Payment info, purchase history, credit score | No | — | — | — | | **Health and fitness** | Health info (workout records) | ✅ Yes | No | No (Required) | App functionality, Analytics | | **Messages** | Emails, SMS, MMS, other in-app messages | No | — | — | — | | **Photos and videos** | Photos | ✅ Yes (profile photo only, optional) | No | ✅ Yes (Optional) | App functionality | | **Photos and videos** | Videos | No | — | — | — | | **Audio files** | Voice, music, other audio | No | — | — | — | | **Files and docs** | Files and docs | No | — | — | — | | **Calendar** | Calendar events | No | — | — | — | | **Contacts** | Contacts | No | — | — | — | | **App activity** | App interactions | ✅ Yes | No | No (Required) | Analytics, App functionality | | **App activity** | In-app search history | No | — | — | — | | **App activity** | Installed apps | No | — | — | — | | **App activity** | Other user-generated content | No | — | — | — | | **Web browsing** | Web browsing history | No | — | — | — | | **App info & performance** | Crash logs | ✅ Yes | No | No (Required) | Analytics | | **App info & performance** | Diagnostics | ✅ Yes | No | No (Required) | Analytics | | **App info & performance** | Other performance data | ✅ Yes | No | No (Required) | Analytics | | **Device or other IDs** | Device or other IDs | ✅ Yes | No | No (Required) | Analytics, Security (abuse prevention) | | **Location** | Approximate / Precise location | No | — | — | — | ### Purposes (legend) - **App functionality** — 회원가입/인증, 트레이너-회원 매칭, 운동 세션 진행, 운동 기록 저장·조회 - **Analytics** — 익명 사용 통계로 앱 개선, 크래시 원인 분석 - **Account management** — 로그인, 비밀번호 재설정, 탈퇴 처리 - **Security and fraud prevention** — 비정상 로그인 감지 ### Security practices - [x] Data is encrypted in transit (TLS 1.3) - [x] Users can request that their data be deleted - [x] The app follows Google Play's Families Policy (if applicable — 14세 미만 수집 없음) - [x] Independent security review? — **No** (내부 Supabase RLS 정책만 적용) --- ## App Store Connect — App Privacy Apple은 "Data Used to Track You" / "Data Linked to You" / "Data Not Linked to You" 세 범주로 구분. ### Data Used to Track You **없음 (None)** — 광고 네트워크·데이터 브로커에 제공하지 않음. IDFA 사용 안 함. ### Data Linked to You | Category | Types | Used for | |---|---|---| | **Contact Info** | Email Address, Phone Number (optional) | App Functionality, Analytics | | **Health & Fitness** | Fitness (workout records — sets/reps/weight, velocity, power) | App Functionality, Analytics | | **Identifiers** | User ID | App Functionality, Analytics | | **Usage Data** | Product Interaction | Analytics | | **Diagnostics** | Crash Data, Performance Data, Other Diagnostic Data | App Functionality, Analytics | | **User Content** | Photos or Videos (profile photo only, optional) | App Functionality | ### Data Not Linked to You 없음 — 모든 수집 데이터는 계정과 연결됨. ### Privacy policy URL `https://www.wespion.com/legal/privacy-studio` --- ## 주요 질문 답변 모음 ### "Is your app primarily directed at children under 13?" **No** — 성인(트레이너·짐 운영자) 대상. ### "Does your app use third-party SDKs?" **Yes**: - Supabase (auth, database, storage) — 데이터 처리 위탁 - Google Firebase / Play Services — 푸시 알림, 분석 - Apple Push Notification service — 푸시 알림 ### "Does your app use an identifier for advertising (IDFA / ADID)?" **No** — 광고 식별자 사용 안 함. ### "Does your app contain ads?" **No** ### "Does your app facilitate purchases or subscriptions?" **No** (향후 유료 전환 시 변경) ### "Is this app a news app?" **No** ### "Does your app use loan or financial features?" **No** ### "Does your app contain user-generated content?" **Yes** (운동 기록, 선택적 프로필 사진) — moderation은 앱 내 RLS로 회원 본인과 트레이너만 조회하도록 제한 ### Content rating / Age rating - **Apple**: 4+ (No objectionable content) - **Google Play (IARC)**: "모든 연령" - **ESRB**: Everyone ### Export compliance - `ITSAppUsesNonExemptEncryption = false` in `Info.plist` — 표준 Apple 암호화(HTTPS, BLE API)만 사용, 수출 예외 대상 ### Government / COVID / Emergency apps 모두 **No** --- ## 제출 전 최종 확인 - [ ] Privacy policy URL이 실제 접근 가능한가? (`https://www.wespion.com/legal/privacy-studio` 호스팅 필요) - [ ] Support URL 접근 가능한가? (`https://www.wespion.com/support`) - [ ] 앱 내 계정 삭제 기능이 구현되어있는가? (Play 필수 — "Data deletion request" link) - [ ] Supabase에서 실제로 삭제 요청 처리되는가? 수동 프로세스라도 문서화 - [ ] 데이터 보관 기간이 privacy policy와 일치하는가? - [ ] 14세 미만 접근 차단 (sign-up 시 생년월일 체크 또는 서비스 약관으로 제한)