Privacy Policy

Last updated: 18 May 2026

HanSups ("we", "us") operates the website hansups.com and a pre-launch waitlist. This policy explains what personal data we collect, why, how long we keep it, who processes it, and the rights you have under the Republic of Korea's Personal Information Protection Act (PIPA) and, where applicable, the EU/UK GDPR. The mobile app will carry its own in-app policy at launch.

1. What we collect

  • Waitlist: the email address you submit, a coarse language preference (e.g. en, vi), the sign-up source, and a timestamp.
  • Free practice test: to unlock it we send a one-time code to your email and record that the email was verified (for waitlist/launch contact). The quiz itself runs in your browser; your answers and score are not sent to us.
  • Contact: if you email us, we receive whatever you include in that message.
  • We do not collect names, payment data, precise location, or device identifiers on this site, and we run no advertising or analytics trackers.

2. Why we use it (purpose & legal basis)

To contact you about the HanSups launch and related updates, to gauge demand by region/language, and to operate the practice-test email verification. Legal basis: your consent (given when you submit the form), which you may withdraw at any time. We do not sell or rent your data and do not use it for automated decision-making.

3. Processors we use

  • Supabase — database storage of the waitlist (row-level security: the public site can add an entry but cannot read the list).
  • Resend — sends the practice-test verification email.
  • Netlify — website hosting and the serverless function that issues codes.
  • Cloudflare — DNS and email routing for our @hansups.com addresses.

These providers process data on our behalf under their own security and data- processing terms.

4. International transfer

The providers above may process data on servers outside the Republic of Korea (e.g. the United States/EU). Where required by PIPA/GDPR we rely on your consent and the providers' standard contractual protections for such transfers.

5. Retention

We keep waitlist data until launch + a reasonable follow-up window, or until you ask us to delete it — whichever is sooner. Verification codes are short-lived (they expire within minutes and are not stored in readable form).

6. Cookies & local storage

No tracking cookies. The practice page stores a single flag in your browser's localStorage (hansups_wl_verified) so you don't have to re-verify on that device; it contains no personal data and never leaves your browser.

7. Your rights

Under PIPA and the GDPR you may request access to, correction of, deletion of, or a copy of your personal data, and you may withdraw consent or object to processing. To exercise any right, email [email protected]; we respond without undue delay. You may also lodge a complaint with the Korea Personal Information Protection Commission (PIPC) or your local supervisory authority.

8. Children

The site is not directed to children under 14. We do not knowingly collect their data; contact us if you believe we have.

9. Contact & changes

Privacy contact: [email protected]. We will update this page as the product develops; the "last updated" date will change.

This policy is provided in good faith for a pre-launch site and is not legal advice. It will be reviewed by qualified counsel and expanded (e.g. payments, in-app data) before paid launch.