Privacy Policy

Effective date: 2026-05-25 · Last updated: 2026-05-25

This is an English translation provided for convenience. In case of any discrepancy, the Korean version prevails.

Article 1 (General)

주식회사 힐조 (the “Company”) processes personal data lawfully and manages it securely in compliance with the Personal Information Protection Act (PIPA) and related laws of the Republic of Korea. This Policy applies to the FillStory service (the web dashboard manage.fillstory.com, the self check-in pages, and the mobile app (Android and iOS) com.fillstory.app; collectively, the “Service”).

Company name주식회사 힐조
Representative신준수
Business reg. no.549-87-02479
Address경기도 평택시 고덕면 방축4길 39, 1층
Phone010-3348-0892

The operator of this Service is 주식회사 힐조. The current Google Play Console publisher is registered as an individual account that distributes the app on the Company’s behalf. Once a corporate account is established, the publisher will be consolidated to the corporation via Play Console’s app Transfer feature.

Article 2 (Personal Data We Process)

The Company processes the following personal data.

a. Account registration and management (required)

  • Login ID, password (stored as a one-way hash — original cannot be recovered)
  • Name, date of birth, gender, mobile phone number, email

b. Property and reservation operations (required)

  • Property name, address, business information, room details, door-lock identifiers
  • Reservations: guest name, guest contact, check-in/out dates, payment information, memos
  • Name and contact entered by the guest during self check-in

The data subject of reservation/guest data is the guest. The Company processes such data as a processor entrusted by the operator (property).

c. Automatic notification collection in the mobile app (optional — only when the user grants permission)

  • Notification body text from a fixed allowlist of external OTA apps (Airbnb, Yanolja, Booking.com, KakaoTalk, etc.)
  • Notification received time and the package name of the app that posted the notification
  • Device unique ID (UUID, for device identification)

This is collected through the Android BIND_NOTIFICATION_LISTENER_SERVICE permission. Collection stops immediately if the user does not grant or revokes the permission. Notifications from apps not on the allowlist are not collected.

d. Automatically collected (required)

  • Access IP, access time, browser/OS information, cookies (session persistence)
  • Service usage records, error logs

Article 3 (Purposes of Processing)

  • Member identification/authentication, identity verification, password reset
  • Providing property operation features such as reservations, payments, rooms, door locks, statistics
  • Automatically analyzing OTA notifications in the mobile app to register reservations in the system
  • Sending check-in/check-out reminder push notifications
  • Preventing misuse, resolving disputes, fulfilling legal obligations
  • Statistical analysis for service improvement (in non-identifiable form only)

Article 4 (Retention and Use Period)

As a rule, the Company destroys personal data immediately upon the data subject’s withdrawal of membership, except in the following cases.

  • One year after withdrawal — minimal identifying data (login ID, name, partial contact) is retained for one year to resolve disputes and prevent fraudulent (re-)registration, then destroyed
  • Where retention is required by laws such as the Act on Consumer Protection in Electronic Commerce, data is retained for the prescribed period
    • Records on contracts or withdrawal of subscription: 5 years
    • Records on payment and supply of goods: 5 years
    • Records on consumer complaints or dispute resolution: 3 years
  • Notification data collected by the mobile app: retained for 30 days after automatic reservation registration is completed, then destroyed (for reprocessing/debugging)

Article 5 (Provision to Third Parties)

The Company processes personal data only within the scope specified in this Policy and does not provide it to third parties except with the separate consent of the data subject or where required by law.

Article 6 (Entrustment of Processing)

The Company entrusts the following tasks externally to provide a stable service.

ProcessorEntrusted taskData handled
Cloudflare, Inc.DNS, CDN, DDoS protection, TLS terminationTraffic metadata, IP, User-Agent (no content body stored)

The Company self-operates the service servers (API, DB) and does not entrust them to external clouds (AWS/GCP/Azure, etc.). Cloudflare only relays traffic in transit and does not store body data.

Article 7 (Rights of Data Subjects and How to Exercise Them)

The data subject may exercise the following rights against the Company at any time.

  • Request to access personal data
  • Request to correct or delete errors
  • Request to suspend processing
  • Withdrawal of membership

To exercise these rights, contact [email protected] and we will process it without delay (within 10 days). (An in-app/in-web self-withdrawal menu will be provided later; until then, requests are handled by email.)

For details on account and data deletion procedures, please see the Account & Data Deletion page.

Article 8 (Procedure and Method of Destruction)

Personal data is destroyed without delay once the retention period elapses or the purpose is achieved.

  • Electronic files: permanently deleted from the DB in an unrecoverable manner
  • Printouts (if any): shredded or incinerated

Article 9 (Security Measures)

  • Technical — one-way password hashing (BCrypt), enforced HTTPS (TLS 1.2+) in transit, DB access control, regular security patches
  • Administrative — minimizing personnel handling personal data, tiered access rights, regular inspections
  • Physical — restricted physical access to servers

Article 10 (Use of Cookies)

The Company uses cookies to maintain login sessions and store user preferences. Blocking cookies may limit some features (auto login, user preferences). You can refuse cookie storage in your browser settings.

Article 11 (Mobile App Permissions (Android))

The permissions requested by the FillStory Android app (com.fillstory.app) and their purposes are as follows.

PermissionRequiredPurpose
INTERNETRequiredServer communication
BIND_NOTIFICATION_LISTENER_SERVICEOptionalAutomatic collection of reservation notifications from user-designated OTA apps (allowlist-based)
POST_NOTIFICATIONSOptionalCheck-in/check-out reminder push
WAKE_LOCKRequiredPrevent device sleep during WorkManager periodic tasks (supports notification collection reliability)
RECEIVE_BOOT_COMPLETEDRequiredAutomatically restart notification collection after device reboot
REQUEST_IGNORE_BATTERY_OPTIMIZATIONSOptionalBattery optimization exemption (background reliability)
WRITE_EXTERNAL_STORAGEOptionalSave statistics CSV files on devices running Android 9 or below (Android 10+ saves without this permission)

Since v1.0.0, the READ_SMS, RECEIVE_SMS, and REQUEST_INSTALL_PACKAGES permissions are no longer used, and the in-app auto-update feature has been removed. Updates are provided only through Google Play. Since v1.0.2, FOREGROUND_SERVICE and FOREGROUND_SERVICE_DATA_SYNC have also been removed, and notification collection runs solely on the system-bound NotificationListenerService.

On iOS, the app uses push notifications (APNs/FCM) only and does not use the notification-collection, camera, location, or Bluetooth permissions listed above. It requests no special device permissions beyond push notifications.

Article 12 (Privacy Protection Officer)

Name신준수
Role대표이사
Email[email protected]

Article 13 (Remedies for Infringement of Rights)

If you need to report or consult about an infringement of personal data, you may contact the following organizations (Republic of Korea).

Article 14 (Changes to This Policy)

This Privacy Policy applies from its effective date. If there are additions, deletions, or corrections due to changes in laws, policies, or security technology, we will announce them on this page at least 7 days before the changes take effect. For significant changes, we will give notice at least 30 days in advance or notify separately.

Effective date: 2026-05-25