Currently in effect: 2026-05-18 (direct link to this version)
Previous versions / Archive: none (initial release)
Privacy Policy — 루프 (Loop)
Effective date: 18 May 2026
This Privacy Policy describes how personal data is processed in the mobile application “루프 - 적립식 투자 일지 작성” (Loop — a dollar-cost-averaging investment journal) (the “App”), developed by Jitae Kim (“we”, “us”). It is written to satisfy the requirements of the EU General Data Protection Regulation (GDPR) as a global baseline, with a dedicated section for California residents (CCPA/CPRA).
1. Data Controller
Jitae Kim Email: wlxo0401@gmail.com
(No Data Protection Officer is appointed; the controller may be contacted directly at the email above.)
2. Categories of Personal Data
The App does not require an account.
2-1. Data you enter into the App (stored on-device only)
- Stock entries: stock name, brokerage (securities company) name, listed-market type, target quantity
- Trade records: buy/sell type, quantity, trade date
- Notification settings: per-stock reminder weekday and time
This data is stored only in on-device SwiftData. It is never transmitted to any server we operate. The App provides no cloud-synchronization feature, so your investment data does not leave your device.
2-2. Data collected automatically
| Category | Examples |
|---|---|
| Device identifiers | IDFV; IDFA (only when you consent via App Tracking Transparency) |
| Device & environment | OS version, device model, app version, locale |
| Approximate location | Country/region derived from IP address |
| Usage data | In-app events, screens viewed, feature interactions |
| Advertising data | Ad impressions, clicks, SKAdNetwork attribution |
| Diagnostic / crash data | Crash logs, error records, performance metrics, collected automatically via Firebase Crashlytics in production builds |
Analytics (Firebase Analytics) and crash diagnostics (Firebase Crashlytics) are not collected in development (debug) builds; they are collected only in the production build distributed via the App Store.
3. Purposes and Legal Bases (Art. 6 GDPR)
| Purpose | Legal basis |
|---|---|
| Providing core features (stock/trade journal, target tracking) | Art. 6(1)(b) — performance of a contract |
| Local reminder notifications you schedule | Art. 6(1)(b) — performance of a contract |
| Analytics & service improvement (Firebase Analytics) | Art. 6(1)(f) — legitimate interest |
| Crash/diagnostic reporting (Firebase Crashlytics) | Art. 6(1)(f) — legitimate interest |
| Personalized advertising (AdMob, IDFA) | Art. 6(1)(a) — consent (via ATT) |
| Non-personalized advertising | Art. 6(1)(f) — legitimate interest |
| Legal compliance | Art. 6(1)(c) — legal obligation |
4. Recipients / Processors
We do not share the data you enter into the App with any third party. Only the automatically collected data above is processed by the following providers:
| Processor | Purpose | Country |
|---|---|---|
| Google LLC (Firebase Analytics) | Analytics | United States |
| Google LLC (Firebase Crashlytics) | Crash / diagnostic reporting | United States |
| Google LLC (AdMob) | Advertising | United States |
| Apple Inc. | App distribution, SKAdNetwork attribution | United States |
Provider privacy practices:
- Google: https://policies.google.com/privacy
- Google Ads: https://policies.google.com/technologies/ads
- Apple: https://www.apple.com/legal/privacy/
5. International Transfers
Personal data may be transferred to the United States via our processors. Such transfers rely on the EU-US Data Privacy Framework where applicable, and/or Standard Contractual Clauses (SCCs).
6. Retention
| Item | Retention |
|---|---|
| Data you entered into the App | On-device only — retained until you delete it in the App or uninstall the App |
| Analytics data | up to 14 months |
| Crash / diagnostic data | per Google Firebase Crashlytics policies (typically up to 90 days) |
| Advertising identifiers / data | per Google AdMob and Apple SKAdNetwork policies |
7. Your Rights under GDPR (Arts. 15–22)
You have the right to:
- Access (Art. 15)
- Rectification (Art. 16) — you can directly edit or delete entries within the App
- Erasure (Art. 17) — deleting the App removes all on-device data
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing based on legitimate interests (Art. 21)
- Withdraw consent at any time (without affecting prior lawful processing)
- Lodge a complaint with your local supervisory authority
To exercise any right, contact wlxo0401@gmail.com.
8. California Residents (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information is collected and how it is used
- Delete personal information collected from you
- Correct inaccurate personal information
- Opt out of “sharing” of personal information for cross-context behavioral advertising (under CPRA, advertising identifiers passed to AdMob may qualify as “sharing”)
- Limit the use of sensitive personal information (we do not collect sensitive PI as defined by CPRA)
- Non-discrimination for exercising your rights
We do not “sell” personal information for monetary consideration. To opt out of tracking-based advertising, decline the ATT prompt or disable tracking in iOS Settings.
To submit a CCPA/CPRA request, email wlxo0401@gmail.com.
9. Withdrawing Tracking / Notification Consent
- iOS Settings → Privacy & Security → Tracking → Loop (toggle off)
- iOS Settings → Privacy & Security → Apple Advertising → reset advertising identifier
- iOS Settings → Notifications → Loop → turn notifications off
10. Notifications (Push)
The App sends local notifications generated on your device according to the per-stock schedule (weekday and time) you set. These notifications do not pass through any server we operate or any remote push server; the schedule is stored only on your device. You can change notification delivery at any time in iOS Settings → Notifications → Loop.
11. In-App Feedback Email
The App includes a feedback feature that opens the Apple Mail app for you to compose a message. The email is sent directly through the Apple Mail app and does not pass through any server we operate. The content of the email and any personal information it contains are determined entirely by you; once sent, it is handled by Apple’s mail infrastructure and your email provider.
The App may also query Apple’s public App Store listing to inform you of the latest version; no personally identifying information is collected or transmitted in this process.
12. Automated Decision-Making
The App does not perform automated decision-making or profiling that produces legal or similarly significant effects under Art. 22 GDPR. The App does not provide investment advice; all entries are user-recorded journal data.
13. Children
The App is not directed to children under 16, and we do not knowingly collect personal data from children under 16 (under 13 in jurisdictions where COPPA applies). If you believe a child has provided us with personal data, contact us and we will delete it.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced in-app or at the published URL. All prior versions are retained in the same repository, organized by effective date.
15. Contact
Jitae Kim — wlxo0401@gmail.com