Privacy Policy

We collect the minimum information necessary to provide and improve the Service. We collect information in three ways:

Information you provide directly

• Account information. When you create an account, we collect your email address and display name. If you sign in via Google OAuth, we also receive your profile image URL from Google.
• Pattern grading data. Custom grading rules you create are stored as structured data (JSON). This data describes garment measurements, not personal characteristics, and is not treated as personal information.
• Communications. If you contact us for support, we collect the content of your message and your email address.

Information collected automatically

• Session data. When you sign in, our authentication system (BetterAuth) creates a session token stored in a cookie on your device. We may also process your IP address and User-Agent string for security purposes (fraud prevention, abuse detection).
• Usage analytics. We use Plausible Analytics, a cookieless analytics service operated by Plausible Insights OÜ (Estonia/EU), that do not collect personal data, do not use cookies, and do not track individual users. Only aggregate, anonymized metrics are collected (page views, referral sources, device type, country).

Information from third parties

• Google OAuth. If you choose to sign in with Google, we receive your name, email address, and profile image URL from Google. We do not access any other Google account data.
• Polar. Our payment processor, Polar (Polar Software Inc.), acts as the Merchant of Record for all transactions. Polar collects and processes your payment information directly. We receive only your subscription status, plan type, and subscription period from Polar. We never receive or store your credit card number or payment credentials.

We use your information only for the purposes described below.

We do not use your personal information for automated decision-making or profiling as defined under GDPR Article 22.

We do not sell your personal information. We do not share your personal information for advertising or marketing purposes. We share data only with the following service providers, each of which processes data solely on our behalf and under our instructions:

Polar acts as the Merchant of Record for all payment transactions. This means Polar is an independent data controller for payment-related personal data (such as your credit card information). Polar's handling of your payment data is governed by Polar's own privacy policy.

We may also disclose your information if required by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of Pattern Grader, our users, or the public.

Pattern Grader is operated from the Republic of Korea, and our servers and service providers are located in the United States. When you use the Service, your personal information is transferred to and processed in the United States.

The United States may not provide the same level of data protection as your home country. We take steps to ensure your data is protected during transfer:

• For EEA/UK users: We rely on the EU-U.S. Data Privacy Framework (DPF) adequacy decision for transfers to DPF-certified processors, and Standard Contractual Clauses (SCCs) approved by the European Commission (June 2021) for processors not DPF-certified. See Section 12 for details.
• For Korean users: Overseas transfers are made in accordance with PIPA Article 28-8, with full disclosure of transfer details in Section 13.
• For Japanese users: Cross-border transfers are made with informed consent after providing reference information about the destination country's data protection regime and recipient safeguards, as required by APPI Article 28. See Section 14 for details.

All data is encrypted in transit (TLS 1.2+) and at rest. You may request a copy of the transfer safeguards in place by contacting us at support@patterngrader.com.

We retain your personal information only as long as necessary for the purposes described in this policy.

When you delete your account, we delete or anonymize your personal information within 30 days, except where retention is required by law.

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256 for database storage)
• HttpOnly, Secure, and SameSite cookie attributes for session cookies
• Origin header validation and Fetch Metadata headers for CSRF protection
• Hashed storage of magic link tokens
• Access controls limiting data access to the service operator
• Regular review of third-party service providers' security practices

No system is perfectly secure. If we become aware of a security breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.

Pattern Grader uses a minimal number of strictly necessary cookies that are essential for the Service to function. We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

Analytics: We use Plausible Analytics (Plausible Insights OÜ, Estonia/EU) for website analytics. This service operates entirely without cookies, does not collect personal data, and does not track individual users.

Why no cookie consent banner: Under the ePrivacy Directive (Article 5(3)), cookies that are strictly necessary for providing a service explicitly requested by the user are exempt from the consent requirement. All cookies used by Pattern Grader fall within this exemption: they exist solely to authenticate you and secure your session — without them, the Service cannot function. This classification is consistent with CNIL guidelines (2025), ICO guidance, and Article 29 Working Party Opinion 04/2012 (WP 194).

No third-party tracking: No third parties collect personal information about your online activities through our Service.

Depending on your location, you may have some or all of the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate or incomplete information
• Deletion — request deletion of your personal information
• Data portability — request a copy of your data in a structured, machine-readable format
• Restriction — request that we restrict processing of your information
• Objection — object to our processing of your information
• Withdraw consent — where processing is based on consent, withdraw it at any time (withdrawal does not affect the lawfulness of processing before withdrawal)

How to exercise your rights: Contact us at [PRIVACY EMAIL]. You may also delete your account directly through your account settings. We will respond to all requests within 10 days (the strictest deadline among applicable laws). If we need additional time, we will inform you of the reason and extension.

Account deletion: You can delete your account at any time through Settings → Delete Account. This will permanently remove your personal information and grading rules, subject to any legally required retention.

We will not discriminate against you for exercising your rights.

The Service is not intended for anyone under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at support@patterngrader.com.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you by email (sent to the address associated with your account) or by a prominent notice within the Service at least 14 days before the changes take effect

Data Controller / 개인정보 보호책임자 (CPO):

LEE TAEHYEON
244, Surisan-ro, Gunpo-si, Gyeonggi-do, Republic of Korea 15821, Republic of Korea
Email: support@patterngrader.com
Phone: 070-8098-8632

This section applies to you if you are located in the European Economic Area (EEA) or the United Kingdom. It supplements the information above with additional disclosures required by the General Data Protection Regulation (GDPR).

Data controller

The data controller is Qstudio (LEE TAEHYEON), 244, Surisan-ro, Gunpo-si, Gyeonggi-do, Republic of Korea 15821, Republic of Korea. As we are not established in the EU, we have appointed an EU representative under GDPR Article 27:

EU Representative:
[EU REPRESENTATIVE NAME]
[EU REPRESENTATIVE ADDRESS]
Email: [EU REPRESENTATIVE EMAIL]

Data Protection Officer

We have assessed our processing activities and determined that we are not required to appoint a Data Protection Officer under GDPR Article 37, as our core activities do not involve regular and systematic monitoring of individuals on a large scale, nor large-scale processing of special category data. For all privacy inquiries, please contact our EU representative or us directly at [PRIVACY EMAIL].

Legal bases for processing

Our legal bases for each processing activity are set out in the table in Section 2 above. Where we rely on legitimate interest (Article 6(1)(f)), our specific interests are:

• Security and abuse prevention: Protecting the Service and users from unauthorized access, fraud, and malicious activity by processing IP addresses and session data.
• Service improvement: Understanding aggregate usage patterns through anonymized, cookieless analytics to improve the Service.

You have the right to object to processing based on legitimate interest. If you do, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

International transfers

Your data is transferred to the United States. For transfers to US-based processors:

• DPF-certified processors: Transfers are made under the EU-U.S. Data Privacy Framework adequacy decision adopted by the European Commission on July 10, 2023.
• Non-DPF-certified processors: Transfers are protected by Standard Contractual Clauses (SCCs) adopted by the European Commission on June 4, 2021 (Commission Implementing Decision (EU) 2021/914), Module 2 (Controller to Processor). We have conducted Transfer Impact Assessments confirming that the safeguards in place provide essentially equivalent protection.

You may request a copy of the SCCs or other safeguards by contacting us at support@patterngrader.com.

Your additional EEA/UK rights

In addition to the rights in Section 8, you have the right to:

• Lodge a complaint with your local data protection authority. A list of EEA supervisory authorities is available at the EDPB website. For the UK, contact the Information Commissioner's Office (ICO).
• Obtain information about whether providing your personal data is a statutory or contractual requirement. Providing your email address and name is necessary to create an account and use the Service. If you do not provide this information, you will not be able to use the Service.

This section applies to you if you are located in the Republic of Korea. It supplements the information above with additional disclosures required by the Personal Information Protection Act (개인정보 보호법, "PIPA").

개인정보 보호책임자 (Chief Privacy Officer)

국외이전에 관한 사항 (Overseas transfer of personal information)

Pursuant to PIPA Article 28-8, we transfer personal information overseas to the following recipients. You have the right to refuse consent to these transfers; however, refusal may limit your ability to use the Service, as the Service's infrastructure depends on these providers.

정보주체의 권리 및 행사 방법 (Data subject rights and exercise methods)

Under PIPA, you have the following rights:

• 열람권 (Right to access) — Request access to your personal information (Art. 35)
• 정정·삭제권 (Right to correction and deletion) — Request correction of inaccurate information or deletion of your personal information (Art. 36)
• 처리정지권 (Right to suspend processing) — Request suspension of processing of your personal information (Art. 37)
• 동의 철회권 (Right to withdraw consent) — Withdraw previously given consent at any time
• 개인정보 전송요구권 (Right to data portability) — Request transmission of your data to yourself or a third party (Art. 35-2)
• 자동화된 결정에 대한 거부권 (Right to object to automated decisions) — Refuse decisions made solely by automated processing that significantly affect you (Art. 37-2)

Exercise methods: You may exercise these rights by emailing support@patterngrader.com or by using the account management features in the Service (Settings → Delete Account for deletion). The method for withdrawing consent is no more burdensome than the method used to obtain consent. We will respond within 10 days of receiving your request.

개인정보의 파기 (Destruction of personal information)

When personal information is no longer needed, we destroy it without delay using the following methods:

• Electronic files: Permanent deletion using methods that prevent recovery (secure deletion, overwriting)
• Paper documents: Shredding or incineration (not applicable — we do not collect paper records)

If retention is required by other laws, the relevant data is stored separately and securely for the legally required period, then destroyed.

안전성 확보 조치 (Security measures)

In accordance with PIPA Article 29 and the Standards for Safety Measures for Personal Information, we implement the following:

• Encryption of personal information during transmission (TLS 1.2+) and storage (AES-256)
• Access control and authentication for all systems handling personal information
• Logging of access to personal information processing systems
• Regular review and update of security measures

개인정보 자동수집장치의 설치·운영 및 거부에 관한 사항 (Automatic collection devices)

We use strictly necessary cookies for authentication as described in Section 7 above. You may refuse cookies through your browser settings, but this will prevent you from signing in to the Service. We do not use cookies for tracking or analytics.

This section applies to you if you are located in Japan. It supplements the information above with additional disclosures required by the Act on the Protection of Personal Information (個人情報の保護に関する法律, "APPI").

Business operator identification

Purpose of use (利用目的)

We use your personal information for the following specific purposes:

1. To create, maintain, and manage your user account
2. To authenticate your identity when you sign in via Google OAuth or Magic Link
3. To store and retrieve your pattern grading rules
4. To send transactional emails including authentication links, subscription notifications, and service announcements
5. To process payments and manage subscriptions through Polar (Merchant of Record)
6. To maintain the security of the Service and prevent unauthorized access

We will not use your personal information beyond the scope of these purposes without obtaining your consent, unless permitted by APPI.

Cross-border transfer to a foreign country (外国にある第三者への提供)

Your personal information is transferred to service providers in the United States (アメリカ合衆国) as listed in Section 3 above. In accordance with APPI Article 28, we provide the following reference information:

Personal information protection system in the United States:

The United States does not have a single comprehensive federal data protection law comparable to APPI. Data protection is addressed through a sectoral approach including the Federal Trade Commission Act (Section 5, prohibiting unfair or deceptive practices), sector-specific laws (HIPAA, GLBA, COPPA, FERPA), and state laws (California CCPA/CPRA, Virginia CDPA, and others). The FTC serves as the primary federal enforcement body for consumer privacy.

Measures taken by each recipient to protect personal information

Complaints and inquiries (苦情・お問い合わせ)

For complaints or inquiries regarding our handling of your personal information:

• Direct contact: support@patterngrader.com
• Personal Information Protection Commission (個人情報保護委員会):
  Kasumigaseki Common Gate West Tower 32F, 3-2-1 Kasumigaseki, Chiyoda-ku, Tokyo 100-0013
  Phone: 03-6457-9680

Exercise of rights

You may request disclosure, correction, deletion, or cessation of use of your retained personal data by contacting us at [PRIVACY EMAIL]. We do not charge a fee for these requests.

This section applies to you if you are located in the United States. It supplements the information above with additional disclosures required by applicable US federal and state privacy laws.

California Online Privacy Protection Act (CalOPPA) compliance

In accordance with CalOPPA (Cal. Bus. & Prof. Code §§ 22575–22579):

• Categories of personal information collected: Email address, name, profile image URL, IP address, device information (User-Agent), subscription status. See Section 1 for full details.
• Third-party sharing: We share personal information with the service providers listed in Section 3. No third parties collect personal information about your online activities through our Service for their own purposes.
• Do Not Track: Our Service does not currently respond to Do Not Track (DNT) browser signals, as there is no uniform industry standard for compliance.
• Global Privacy Control (GPC): We recognize and honor Global Privacy Control opt-out preference signals. As we do not sell or share your personal information for cross-context behavioral advertising, no additional action is required in response to GPC signals.

California Consumer Privacy Act (CCPA/CPRA)

As of the effective date of this policy, Pattern Grader does not meet the CCPA applicability thresholds (Cal. Civ. Code § 1798.140(d)). We will update this section if and when those thresholds are met.

Regardless of CCPA applicability, we commit to the following practices:

• We do not sell your personal information. We have not sold personal information in the preceding 12 months.
• We do not share your personal information for cross-context behavioral advertising.
• Categories of personal information collected: Identifiers (name, email); Internet or electronic network activity (IP address, User-Agent); commercial information (subscription status).
• Categories of sources: Directly from you; from Google (via OAuth); automatically from your device.
• Business purposes: Account management, authentication, email communication, payment processing, security.

Automatic renewal disclosures

Pattern Grader offers subscription plans that renew automatically:

• Monthly plan: $12/month, renews monthly until cancelled
• Annual plan: $99/year, renews annually until cancelled
• Free trial: Your account begins with a 7-day Pro trial at no charge. After 7 days, your account automatically downgrades to the Free plan. No charge occurs unless you actively subscribe to a paid plan.

You may cancel your subscription at any time through your account settings (the same medium used to subscribe). Upon cancellation, you will retain access to your paid plan until the end of your current billing period. Polar, our Merchant of Record, processes all billing.

This section applies to you if you access the Service from the People's Republic of China (mainland China).

Pattern Grader does not specifically target or direct its services to users in mainland China. We do not collect or process personal information within mainland China, nor do we maintain servers, offices, or designated representatives in mainland China.

Important notice: Pattern Grader does not provide separate data processing consent mechanisms specific to the Personal Information Protection Law of the People's Republic of China (PIPL). If you require PIPL-specific consent, data localization, or a separate security assessment for your use of the Service, please refrain from using the Service.

We process all personal information in accordance with the GDPR-baseline standards described in this Privacy Policy, which provide a high level of data protection. If you have questions about how your data is handled, please contact us at support@patterngrader.com.