English

한국어

Privacy Policy

Effective Date: January 06, 2026

1. Introduction

This Privacy Policy applies to users of the Gachi service (“the Service”). It explains the purposes for which users’ personal information is collected and how it is used, as well as the measures taken to protect that information, in accordance with applicable laws and regulations.

2. Who We Are

Luff Studio is a sole proprietorship business registered in the Republic of Korea. Luff Studio operates Gachi, a mobile application designed to help couples connect, communicate, and share memories through features like polls, diaries, and stickers.

For data protection purposes, Luff Studio is the “data controller.” You may contact us at support@gachiapp.com.

3. Information We Collect

We collect the following personal information:

Essential: Basic account information (such as login method via Apple or Google, and the email address associated with that login, which may be a private relay email if you use Apple’s “Hide My Email”), your nickname, and information necessary to connect your account with a partner in the app.

Automatically collected: Device information, app version, usage logs, Firebase push token, user ID.

Optional (user-provided): Diary entries (text and photo uploads), anniversary / D-Day information, poll information and answers, and selected sticker information. These are collected only when you actively create or share them within the app, and are shared only with your connected partner. Certain shared content is protected using end-to-end encryption, meaning Luff Studio cannot access or read this content.

Paid users: Purchase receipts via RevenueCat and the app store (Apple or Google).

4. How We Use Your Information

We use your information to:

  • Operate and maintain the app

  • Enable app features such as polls, stickers, and diaries

  • Manage subscriptions and payments

  • Authenticate your identity

  • Provide customer support

  • Improve the service through analytics (Firebase, Google Analytics)

  • Prevent misuse and unauthorized access

  • Send product or feature updates strictly related to Gachi

We do not use your data for third-party advertising.

4A. Legal Basis for Processing (GDPR)

For users located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process personal data in accordance with the General Data Protection Regulation (GDPR) based on the following legal grounds:

Performance of a contract – to provide and operate the Gachi service, including account creation, partner connection, end-to-end encrypted messaging features, and core app functionality.

Consent – where you voluntarily provide content, enable optional features, or choose to share information with your connected partner.

Legitimate interests – to maintain app security, prevent fraud and misuse, ensure service reliability, and protect the integrity of our systems.

Legal obligations – where processing is required to comply with applicable laws.

Anonymous, aggregated analytics data collected in the EEA, the United Kingdom, and Switzerland is not associated with an identifiable individual and is therefore not treated as personal data under GDPR.

5. Provision of Personal Information to Third Parties

We do not sell or share your personal information to third parties for advertising or any other commercial purposes. However, user data is collected and processed through the following third-party services to operate and improve our Services:

  • Firebase (Google) – authentication, database, storage, remote configuration (not used for personalization, only for app-wide updates such as version enforcement or service mode), crash reporting, and performance monitoring

  • Google Analytics – to understand usage trends and improve services

  • RevenueCat – subscription and purchase tracking

  • Tally – optional user surveys (based in the EU)

Additionally, we may disclose personal information if required by legal authorities in accordance with applicable law.

6. End-to-End Encrypted Content

Certain content shared between connected users in Gachi is protected using end-to-end encryption. This means:

  • Encryption keys are generated and stored on users’ devices

  • Only verified devices connected to the same couple can decrypt shared content

  • Luff Studio does not have access to encryption keys and cannot view or process encrypted content

Because we cannot access encrypted content:

  • We cannot assist with content recovery if access is lost

  • We cannot review encrypted content for moderation, research, or analytics

  • We cannot provide decrypted content to third parties, including law enforcement, beyond what is technically possible (such as account-level metadata)

7. User-Generated Content

Polls, diary entries (including photos), and anniversary (D-Day) information are created and shared only between linked users. We do not moderate or monitor this content. However, we reserve the right to remove content or ban users for violations.

8. Data Retention and Deletion

Polls, diaries, photos, and stickers are deleted 30 days after a couple disconnects.
User account data is deleted immediately upon account deletion.
For security and disaster recovery purposes, we maintain limited backup copies for up to 60 days, after which they are automatically deleted.

Inactive Accounts
If your account remains inactive for an extended period (currently defined as 24 months), we may permanently delete your account and all associated data (including diaries, photos, and polls). We will attempt to notify you in advance, using the contact information linked to your account, before any permanent deletion occurs.

9. Children’s Privacy

Our app is not intended for users under the age of 16. We do not knowingly collect personal data from children. In some jurisdictions, the minimum age for using online services may be lower (for example, 13 in the United States or 14 in South Korea), and in those cases we follow the local law. Users under this age must have parental consent.

We do not collect age, legal name, or other information that would allow us to verify a user’s age or confirm whether someone contacting us is a parent or guardian. The only way to permanently delete personal data is by logging in to the account, disconnecting from a partner (which automatically deletes couple data after 30 days), and then deleting the account. Once an account is deleted, all associated personal data will be permanently erased.

If you believe a child under the applicable age has used the app, please contact us. While we cannot verify parental identity or delete data on someone else’s behalf, we can provide guidance on how to delete the account and associated data directly through the app.

10. Your Rights

You may request to access, correct, or delete your personal data, or withdraw consent where applicable. Most data can be managed directly within the App, including account deletion, which permanently removes your account data.

Because we do not collect identifying information such as legal name, requests can only be fulfilled when you are logged into your account.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following additional rights under applicable data protection laws (including GDPR):

• The right to access your personal data
• The right to correct inaccurate or incomplete data
• The right to request deletion of your data
• The right to restrict or object to certain processing
• The right to data portability, where applicable
• The right to withdraw consent at any time (without affecting prior processing)

You also have the right to lodge a complaint with your local data protection supervisory authority.

To exercise your rights or ask questions about your data, please contact us at support@gachiapp.com.

11. Security of Your Information

We use industry-standard security practices to protect user information, including encryption in transit, secure authentication through Apple or Google login, and access controls designed to prevent unauthorized access.

Certain user-generated content shared between connected users is protected using end-to-end encryption. This content is encrypted on users’ devices and can only be accessed by authorized, verified devices. Luff Studio does not have access to the encryption keys and cannot view or decrypt this content.

However, no system is 100% secure. Security also depends on users protecting their devices, login credentials, and backup or recovery keys. We encourage users to be mindful when uploading sensitive content and to take appropriate steps to safeguard their accounts and devices.

11A. Internatonal Data Transfers

Your personal data is primarily processed and stored on servers located within the European Union, including on infrastructure provided by our service providers.

Some limited processing or access to personal data may occur outside the European Union as part of authentication, infrastructure maintenance, or operational support provided by our service providers. Where such processing occurs, appropriate safeguards, such as Standard Contractual Clauses or equivalent legal mechanisms, are used to ensure that personal data remains protected in accordance with applicable data protection laws, including GDPR.

12. Cookies & Analytics

We use Firebase Analytics, Google Analytics, Crashlytics, and performance monitoring tools to understand how the App is used, improve stability, and fix bugs.

For users located in the European Economic Area (EEA), the United Kingdom, and Switzerland, these tools are operated in an anonymous, privacy-respecting mode. In these regions:

  • We do not associate analytics data with an identifiable user or account

  • We do not collect advertising identifiers

  • We do not perform user profiling or cross-app tracking

  • We only collect aggregated usage statistics (such as app opens, feature usage, and country-level information) and technical diagnostics (such as crash and performance data)

This data is used solely to operate, secure, and improve the App.

For users outside these regions, analytics tools may collect additional usage information, including account-level or device-level data, to help us better understand how the App is used and improve our services.

We do not use analytics or crash reporting tools for targeted advertising.

13. Amendments

We may update this Privacy Policy as we add new features or as required by law. Users are encouraged to check this page regularly for updates.

14. Contact Us

For questions or concerns about your privacy, contact:
support@gachiapp.com.