Privacy Policy

A. Registered users

• Required: email, name
• Role-specific: medical license number (doctors), business registration number (brands/distributors), phone number
• OAuth sign-in: provider account ID (Google)
• License verification: doctor license image (GCS private bucket)
• Automatic: IP address, access logs

B. Public self-claim form submitters (no account)

• Clinic self-claim (/global/clinics/claim): clinic name (KR/EN), contact email, region, address, website, specialties, offered device categories
• Distributor self-claim (/global/distributors/claim): company name (KR/EN), country, contact email, KFDA / FDA registration numbers (optional), website, address
• Submission timestamp (claimedAt) + reply-channel email (claimContactEmail)

C. Anonymous patient visitors (/global)

• During Phase D-1, the service only displays information. We do not collect personally identifiable patient data.
• Analytics-only anonymous access logs (IP, User-Agent, pageviews).

• Member identification and authentication (email/OAuth)
• Doctor and supplier credential verification
• Quote matching and notification delivery
• Public self-claim verification — reply to operators with the result, then list
• Operational audit — admin verify / reject / revoke actions are permanently recorded in ClaimAuditLog for dispute resolution
• Abuse prevention (rate limiting, fraud detection)

• Member data: until account deletion (immediate de-identification + full deletion within 90 days)
• Transaction records: 5 years (Korean e-commerce law)
• Access logs: 3 months (Korean telecommunications law)
• Self-claim submissions: 1 year after verify / reject (for operator dispute / resubmit). Deleted on request.
• Audit log (ClaimAuditLog): 3 years (operational dispute / compliance). Admin user IDs retained for accountability.

We do not share data with third parties except when a quote transaction completes: minimum information (name, email) is shared with the counter-party.

• Google Cloud Platform — hosting and storage (Cloud Run / Cloud SQL / GCS)
• SMTP email vendor — verify / reject / magic-link notifications
• OAuth provider — Google

Cross-border data: primary region is GCP Seoul (asia-northeast3). Multi-region replication for failover / backup will be disclosed before activation.

• Review / edit your data — sign in and use your profile page
• Account deletion — available any time
• Processing objection — email contact@medianalytics.kr
• Self-claim operators — to delete submitted data, email contact@medianalytics.kr from the claimContactEmail address (self-verification)
• International residents (GDPR / CCPA / similar) — data export / deletion / portability requests via the same email. Formal procedures will be added as the business scales.

• Passwords bcrypt-hashed, tokens SHA-256
• TLS 1.2+ in transit
• License images in GCS private bucket + short-lived signed URLs (5 minutes for admin review)
• Credentials in GCP Secret Manager, never hard-coded

Material changes to this policy will be posted on this page with the new effective date.

Data Protection Officer: contact@medianalytics.kr