Privacy Policy
Malgeum | Last updated: July 16, 2026 | Effective: July 16, 2026
1. Overview
Supervillain Labs Inc. (“we”, “the Company”) operates the Malgeum mobile application (“the App”). Malgeum provides weather-based action guidance, alerts, widgets, invitations and connections, optional AI features, advertising, and subscriptions. This policy explains how information is collected, used, transmitted, retained, and deleted. If the Korean and English versions conflict, the Korean version prevails.
2. Information We Process
2.1 Information you enter or create
| Data | Purpose | Required |
|---|---|---|
| Nickname, commute times, health, allergy, exercise, and clothing preferences | Personalized weather and action guidance | Optional |
| Weather diary, recommendation feedback, personality-quiz answers | Records, statistics, and requested AI results | Optional |
| AI questions and recent conversation, letter-interview text | AI answers, interpretations, and letter drafts | When you use an AI feature |
| Invitee nickname, sender display name, personal message, notification schedule | Invitations, connections, and weather messages | When you use invitations |
No email, phone-number, or real-name login is required. Firebase automatically creates an anonymous account and UID for server-backed features.
2.2 Location
- Your current latitude, longitude, and place name are used for weather and air-quality requests to OpenWeatherMap and Open-Meteo. For Korean AirKorea enrichment, the proxy receives a place or station name rather than latitude and longitude.
- When an anonymous UID is active and location permission lets the App obtain your current location, the App may update the Malgeum backend with that latitude, longitude, and place name at launch regardless of whether individual notification toggles are on or off. This supports server messages, account recovery where a credential remains on the device, and the foundation for server weather alerts.
- Location permission is optional and manual city search remains available. Revoking permission stops future current-location updates, but a location already stored on the backend may remain until account deletion.
- Your saved-place list is stored locally on your device.
2.3 Information sent to the Malgeum backend
| Data | Purpose |
|---|---|
| Anonymous Firebase UID and platform | Anonymous-account operation |
| Hashed hardware identifier | Install-attribution and fraud-prevention hint; never used as account ownership or recovery proof |
| Verification data for a server-issued random recovery token | Authorized account recovery with Firebase authentication where the operating system retains the token |
| Expo push token | Push and server messages you permit |
| Current latitude, longitude, and place name | Server weather lookups and message or alert support |
| Invite code, sender and recipient UIDs, nicknames and display names, personal message, schedules, connection status | Invitations, connections, and scheduled messages |
| Install source, campaign information, partner click ID | Attribution, partner settlement, and fraud prevention |
| Server-message delivery status | App notices and duplicate-delivery prevention |
2.4 Information stored on your device
App settings, saved places, weather cache, diary, recent chat history, personality, game and engagement records, notification settings, and recommendation feedback are stored locally through the App's storage. A server-issued random single-use recovery token is kept in Android Keystore-encrypted storage or iOS Keychain and is treated as an account credential. Android removes this token when the App is uninstalled, so recovery after reinstall is not guaranteed; on iOS, recovery is possible only where the operating system and device state retain the token. Recommendation feedback is limited by count to the most recent 90 entries, not automatically purged exactly 90 days after creation. Some selected context leaves the device when you request an AI or invitation feature as described here, so these categories are not always exclusively local.
2.5 Information processed by the AI proxy
Only when you request an AI answer, diary interpretation, personality result, or letter draft, the Company's AI proxy and its connected model provider process:
- an App-generated device ID and RevenueCat anonymous customer ID;
- your current question and recent conversation, current weather, place name, nickname, health preferences, and settings context;
- when requested by an AI tool, commute and alert settings, connection nicknames and schedules, and pending invite codes;
- letter sender and recipient names, relationship, reason, unsaid words, shared memory, and tone; and
- personality-quiz signals and the weather description supplied with the request.
Malgeum does not store the recipient email address that you type directly into your device's mail composer. AI output can be inaccurate and should be reviewed before use.
2.6 Third-party services
| Service | Purpose and data |
|---|---|
| OpenWeatherMap, Open-Meteo | Latitude- and longitude-based weather and air-quality requests |
NomaDamas k-skill AirKorea enrichment proxy (k-skill-proxy.nomadamas.org) | Korean place or station name for air-quality enrichment. A place or station name, rather than latitude and longitude, is sent. |
| Firebase Authentication and Analytics | Anonymous authentication; app-instance, device and version information; feature-use events |
| RevenueCat, Apple, Google | Anonymous customer ID and purchase or subscription status |
| Sentry | Error logs, stack traces, device and app version, and feature-event breadcrumbs before an error |
| Company AI proxy and AI model provider | Optional AI questions, letters, quizzes and diary processing; anonymous usage limits |
| KOPIS | Regional code and query conditions for performance information in supported Korean regions |
| AppLovin MAX, Google AdMob, and disclosed mediation partners | Advertising identifier, IP address, device information, consent signals, and ad interactions |
OpenWeatherMap · Open-Meteo · Firebase · RevenueCat · Sentry · Anthropic · AppLovin · Google Ads
3. Advertising and Consent
Free-tier users may see AppLovin MAX banner ads. Google AdMob and other disclosed partners may provide demand through mediation. Providers may process advertising identifiers, IP address, device, language and country information, consent signals, impressions, and clicks for ad delivery, measurement, and fraud prevention.
- In the EEA, UK, Switzerland, and other applicable regions, Google UMP presents privacy choices. The App initializes advertising only within the request scope allowed by a confirmed status, passes a negative personalized-ad signal when personalization consent is absent, and requests no ads if consent status cannot be established.
- On iOS, the App resolves applicable UMP choices first and requests App Tracking Transparency permission before IDFA use only when personalized advertising is allowed.
- When a U.S. state privacy choice is required, the App conservatively sends AppLovin MAX a do-not-sell-or-share signal.
- Where required, open Settings → Advertising privacy choices to review or withdraw your selection.
- Premium subscribers see no in-app ads.
4. Purposes and Legal Bases
We use the information above for weather and air-quality requests, action guidance, widgets and alerts, anonymous-account operation and account recovery where a credential remains available, invitations and connections, optional AI generation, subscriptions and advertising, campaign settlement, product analytics, error diagnosis, security, and fraud prevention. Where applicable, processing relies on providing features you request, your consent for optional permissions or personalized advertising, our legitimate interests in security and service reliability, and compliance with legal obligations.
5. Retention and Deletion
- Local data remains until you remove it or uninstall the App. Weather cache becomes invalid after ten minutes and may later be replaced. Recommendation feedback is limited to 90 entries.
- Anonymous account, location, push, invitation, connection, and server-message data remains on the Malgeum backend while the account is active. Uninstalling alone does not delete server data.
- Choosing Settings → Delete account and data deletes the Firebase anonymous account, associated Malgeum backend user, recovery-verification data, invitations, connections, server messages and device-linked records, and local App data including the recovery token.
- After deletion, a content-free local deletion marker stores only remote-deletion/device-cleanup status, a random operation generation, and a random deletion receipt used to confirm server completion. It prevents automatic anonymous-account recreation and resumes interrupted cleanup; it contains no profile or activity content. After cleanup completes on a later launch, new non-account settings and weather cache selected by the user may be stored again.
- For idempotent deletion confirmation and to prevent a deleted anonymous account from being reactivated, the backend retains an irreversible, server-keyed HMAC deletion fingerprint and deletion timestamp for as long as that protection is needed. This record contains no raw UID, profile, or activity content. Only if Firebase account deletion temporarily fails may the raw Firebase UID remain in a retry list for up to 30 days; the raw UID and identity links are cleared immediately after success or at expiry. The HMAC record is not used for personalization.
- Store subscriptions must be canceled separately through Apple or Google. Information already processed by payment, advertising, analytics, AI, or error-service providers is retained and deleted under their policies and our applicable agreements.
- We ordinarily delete associated records, but may retain the minimum information strictly required for law, accounting, disputes, security, or fraud prevention for the applicable statutory or necessary period. Such information is not used for personalization.
6. Sharing and International Processing
We do not sell personal information. We transmit information to processors only as needed to provide the services described above. These providers may process information outside your country and apply their own policies and applicable transfer safeguards.
7. Children's Privacy
Malgeum is not directed to children under 14 and does not knowingly seek their personal information. Contact us if you believe a child has provided information so that we can investigate and delete it where appropriate.
8. Your Rights and Choices
- Use Settings to delete the account and data or revisit advertising privacy choices.
- Use system settings to revoke location, notifications, microphone, speech-recognition, or tracking permission.
- Contact us to request access, correction, erasure, restriction, portability, or objection where applicable. EEA and UK users may also complain to their local supervisory authority.
9. Security
Company-operated APIs and weather requests use HTTPS. Advertising SDK web or media creative may be processed under those providers' security policies and narrowly scoped iOS transport exceptions. Server account changes, deletion, and recovery require Firebase authentication and an authorized ownership check such as a server-issued single-use random recovery token. A hashed hardware identifier alone is not accepted as recovery authentication. No transmission or storage method is completely secure.
10. Changes
We will announce material changes through an app update, in-app notice, or store listing. Changes apply from the stated effective date unless law requires a longer notice period.
11. Contact
App: Malgeum
Developer: Supervillain Labs Inc.
Email: contact@supervlabs.io
Package: gg.pryzm.weather