GREENROOM Privacy Policy
Last updated: 2026-06-12
한국어 번역 준비 중. The official text is in English while we prepare a reviewed Korean translation.
This Privacy Policy describes how GREENROOM (“GREENROOM”, “we”, “our”, or “us”) collects, uses, discloses, and protects information in connection with your use of the GREENROOM website, applications, and related services (collectively, the “Platform”). It is intended to be read alongside our Terms of Service and our Community Guidelines, which together govern your relationship with us. By using the Platform, you confirm that you have read and understood this Policy.
1. Information We Collect
We collect information that you provide directly to us when you create an account or submit content. This includes account information such as your email address, the nickname you choose to appear under, and the role tags you select to describe your work. We also collect the contributions you publish on the Platform, including reviews, ratings, written comments, profile information, uploaded media such as logos or venue documents, and any compensation submissions you choose to share through future industry-data features. When you sign in using a third-party authentication provider, the provider may share basic profile information with us in accordance with the permissions you grant it.
We also collect technical information automatically when you interact with the Platform. This includes general device and browser characteristics, your network address (IP), timestamps of significant actions such as sign-in attempts and submissions, the cookies and tokens necessary to maintain your session and protect against abuse, and aggregated analytics about how the Platform is used. We do not collect precise location information, contact lists, financial account details, or health information.
2. How We Use Information
We use the information described above to operate, maintain, and improve the Platform; to authenticate users and protect accounts from unauthorized access; to deliver the features you request, including translation of user-generated content into the language you have selected; to moderate content and enforce our Terms of Service and Community Guidelines; to detect, investigate, and prevent abuse, fraud, manipulation, and security incidents; to analyze how the Platform is used in aggregate so that we can prioritize improvements; and to comply with our legal obligations. We process information on the legal bases of performance of our agreement with you, our legitimate interests in operating a secure and useful community platform, your consent where consent is required, and compliance with applicable law.
3. Public Contributions
Significant parts of the Platform are public by design. Your nickname, role tags, reviews, ratings, badges, and any logos or documents that have been moderated and approved are visible to other users and may be visible to search engines and other automated services that index public web pages. You should not include private or sensitive personal information in content you submit to public areas of the Platform. When you delete your account, public contributions may remain in anonymized form so the community context they belong to is preserved; the snapshot identity that was attached to those contributions at the time you submitted them (your nickname and role tags) is replaced or removed in line with the account-deletion process described below.
4. Cookies and Similar Technologies
We use cookies and similar technologies to support core functionality such as session management and authentication, to remember your language preference, to protect the Platform from automated abuse, and to understand how the Platform is being used. Most of the cookies we set are strictly necessary in the sense that the Platform cannot function without them. Where additional cookies are used for analytics or other non-essential purposes, we will request your consent or honor your browser-level preferences in accordance with applicable law. You can also configure your browser to refuse or delete cookies, but doing so may prevent you from using parts of the Platform.
5. Service Providers and Other Third Parties
We rely on a small number of carefully selected service providers to operate the Platform. Our database, authentication, and storage run on Supabase, hosted in the Seoul (South Korea) region, and our application is hosted on Vercel with serverless functions pinned to the Seoul (icn1) region, so the core of your data is processed within Korea. We also use Kakao (South Korea) for optional social authentication; Cloudflare (United States), which operates a global network, for DNS, content delivery, and anti-bot protection through the Turnstile service; DeepL (Germany) for machine translation of user-generated content; and Sentry (data stored in the European Union) for error monitoring; and Vercel (United States) for privacy-friendly, cookieless product analytics (Vercel Web Analytics) and performance monitoring (Vercel Speed Insights). Our analytics do not set cookies, do not track you across other websites, and collect only aggregate usage and performance signals; we load them only after you accept non-essential analytics in our cookie notice. Each provider processes information on our behalf in accordance with our instructions and their own terms and privacy notices. We may disclose information to third parties outside of this set only where doing so is necessary to comply with a legal obligation, to enforce our Terms of Service, to protect the rights, safety, or property of GREENROOM or others, or where you have specifically directed us to do so.
Requests from authorities. We do not voluntarily disclose the identity of contributors. We disclose user information only when required by valid Korean legal process, such as a court order or warrant, and we review every request and disclose only the minimum information it lawfully requires. Informal requests without legal force are declined. Where the law permits, we notify affected users before or promptly after a disclosure.
6. International Transfers
Most of your personal information is processed within South Korea (Supabase and Vercel, Seoul region). A limited set of information is processed by providers located outside South Korea, as set out below. These transfers are necessary to perform our agreement with you and to keep the Platform secure. Transfers to providers in the European Union/EEA rely on the equivalence recognition granted by Korea’s Personal Information Protection Commission.
| Recipient | Country | Items transferred | Purpose | Retention |
|---|---|---|---|---|
| Cloudflare, Inc. | United States; traffic is processed across its global network | IP address, browser/device signals, anti-bot challenge tokens | DNS, CDN delivery, and bot/abuse protection (Turnstile) | For the period necessary for security, per Cloudflare’s retention terms |
| DeepL SE | Germany; content may be processed in cloud data centers in the EU, the United States, and Japan | Text content submitted for translation | Machine translation of user-generated content | Retained only as needed to provide translation, per DeepL’s API terms |
| Functional Software, Inc. (Sentry) | Germany (EU data region) | Error diagnostics: IP address, browser/device information, and the technical context of errors | Error monitoring to keep the Platform reliable and secure | Error events are deleted automatically per Sentry’s retention schedule (90 days) |
| Vercel Inc. | United States | Cookieless page-view and performance events: page path, referrer, approximate region and device/browser type (no cookies; IP is not retained) | Aggregate product analytics and Core Web Vitals performance monitoring (loaded only with your consent) | Aggregated metrics retained per Vercel’s retention schedule |
The Cloudflare, DeepL, and Sentry transfers are necessary to operate core features (security verification, translation, and error monitoring), so declining them may prevent use of the affected parts of the Platform. The Vercel analytics transfer is optional: it occurs only if you accept non-essential analytics in our cookie notice, and declining it does not affect any functionality. For details of each recipient’s safeguards, you may contact our privacy administrator listed in Section 10.
7. Data Retention
We retain personal information for as long as it is necessary to provide the Platform, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. The specific retention period depends on the nature of the information; account data, for example, is retained for the lifetime of the account, while logs related to abuse prevention may be retained for a more limited period. When information is no longer needed for these purposes, we delete it, anonymize it so that it can no longer be associated with you, or restrict its processing until deletion is possible.
8. Account Deletion
You may request deletion of your account at any time through the controls provided in your dashboard. When we delete an account, the authentication record and the profile information associated with it are removed, and the public contributions you previously made are de-linked from your identity and retained in anonymized form so that the threads of community context they were part of are not silently broken. Where we are required to retain certain information for legal, security, or fraud-prevention reasons, we will do so in accordance with those requirements and only for as long as those requirements apply.
9. Security
We take reasonable organizational and technical measures designed to protect the information we hold from unauthorized access, disclosure, alteration, and destruction. No method of transmission over the Internet or method of electronic storage is, however, completely secure, and we cannot guarantee absolute security. You are responsible for keeping the credentials you use to access your account confidential and for notifying us promptly if you believe your account has been compromised.
10. Your Rights
Depending on the jurisdiction in which you reside, you may have certain rights in relation to the personal information we hold about you, including the right to access that information, the right to request that it be corrected if it is inaccurate, the right to request that it be deleted in certain circumstances, the right to object to or restrict certain processing, and the right to withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with the data protection authority in your jurisdiction. You may exercise these rights by contacting us through the feedback channels described in the Platform; we will respond within the time frames required by applicable law.
Privacy Officer (개인정보 보호책임자): Administrator — [email protected]. For privacy concerns in Korea, you may also lodge a complaint with the Personal Information Protection Commission (PIPC) or call the Korea Internet & Security Agency (KISA) privacy call center at 118.
11. Children
The Platform is intended for use by individuals who are at least eighteen (18) years of age. We do not knowingly collect personal information from anyone under the age of 18. If you believe that a child has provided us with personal information, please notify us so that we can take appropriate steps to remove that information and terminate any associated account.
12. Changes to This Policy
We may revise this Privacy Policy from time to time to reflect changes in our practices, the Platform, the legal environment in which we operate, or our service providers. When we make material changes, we will update the “Last updated” date at the top of this Policy and, where appropriate, provide additional notice through the Platform. Your continued use of the Platform after a revised Policy becomes effective constitutes acceptance of the revised Policy.