Last updated: February 16, 2026
This English version is a translation of the Korean original. In case of any discrepancy, the Korean version shall prevail.
Privacy Policy
Branch and Bound Inc. has established this Privacy Policy to protect users’ personal information and rights in providing the Baro service (hereinafter “Service”), in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Protection of Communications Secrets Act, and the Telecommunications Business Act. Any amendments to this policy will be announced on the Service homepage.
1. Information Collected, Purpose, and Collection Methods
Branch and Bound Inc. collects personal information as described below for membership registration and service provision. Personal information is used only within the scope stated herein and is not disclosed to external parties without prior consent of the data subject, except where required by law.
Information Collected
- Required: Email address, password (for email registration) or GitHub account information (for GitHub OAuth registration: GitHub username, email address)
Purpose of Use
- Membership and management: Identity verification, membership maintenance, prevention of unauthorized use, handling inquiries and complaints, delivery of notices
- Service provision: Product publishing, cloning, forking, reviews, and other Service features
- Service improvement: Statistical analysis of access frequency and usage patterns for Service improvement
Collection Methods
- User input and consent during registration: Consent is obtained for collection and use of personal information during registration via email/password or GitHub OAuth.
Users have the right to refuse consent to the collection and use of personal information. However, refusal to consent to required items may result in limitations on Service use.
Additionally, IP addresses, cookies, sessions, access logs, and service usage records may be automatically generated and collected during Service use.
2. Retention and Processing Period
Personal information is retained only for the period consented to by the user and is destroyed without delay upon membership withdrawal. However, personal information is retained for 90 days after withdrawal request to guard against identity theft.
Where required by law, personal information is retained for the following periods:
- Records of contracts or subscription withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce)
- Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce)
- Website visit records and login records: 3 months (Protection of Communications Secrets Act)
3. Outsourcing of Personal Information Processing
Branch and Bound Inc. outsources personal information processing to the following service providers for smooth Service operation:
| Service Provider | Purpose | Information Processed | Location |
|---|---|---|---|
| Supabase Inc. (AWS Korea Region) | User authentication and database operation | Email, password (encrypted), account information | USA (Server: Korea) |
| Cloudflare Inc. (R2) | Product file storage and distribution | Product files (no personal information) | USA |
| Vercel Inc. | Website hosting | Access logs, IP addresses | USA |
Outsourced personal information is limited to the minimum scope necessary for service provision. The outsourcing period lasts until the user withdraws from the Service or the outsourcing contract terminates. Contracts include provisions on prohibition of processing beyond the outsourced purpose, technical and administrative protection measures, and other matters required by Article 26 of the Personal Information Protection Act.
4. Destruction Procedures and Methods
Branch and Bound Inc. destroys personal information without delay when the purpose of processing has been achieved. Where retention is required by law, such information is stored and managed separately from other personal information.
- Destruction procedure: Personal information for which the purpose of collection and use has been achieved is destroyed without delay. Where required by law, it is transferred to a separate database and safely stored for the required period before destruction.
- Destruction method: Electronic files are destroyed using technical methods that prevent record recovery.
5. Rights of Data Subjects and Legal Representatives
Users may exercise the following rights as data subjects:
- Data subjects may request access to, correction, deletion, or suspension of processing of personal information from Branch and Bound Inc. at any time. Those who do not consent to the processing of personal information may refuse consent or request membership withdrawal.
- Rights under the preceding paragraph may be exercised in writing, by email, or through the Website, and Branch and Bound Inc. will take prompt action.
- Rights may also be exercised through a legal representative or authorized agent.
6. Cookies and Automatic Collection
Branch and Bound Inc. uses cookies to maintain authentication sessions necessary for Service use.
- Purpose of cookies: Maintaining user authentication state (login session)
- Cookie settings: Users may refuse cookie storage through browser settings. Refusing cookies may cause difficulties in using services that require login.
The Service currently does not use separate analytics tools (such as Google Analytics). If introduced in the future, this policy will be updated and announced.
7. Security Measures
Branch and Bound Inc. takes the following technical and administrative measures to ensure the security of personal information pursuant to Article 29 of the Personal Information Protection Act:
- Passwords are stored in encrypted form and are known only to the user.
- Access to personal information processing systems is restricted to the minimum necessary.
- Personal information is transmitted using SSL/TLS encrypted communication.
- Security measures are in place to prevent leakage and damage from hacking or computer viruses.
8. Privacy Officer
Branch and Bound Inc. has designated the following Privacy Officer to oversee personal information processing and handle complaints and remedies related to personal information:
- Name: Seung-Yong Lee
- Title: CEO
- Email: hi@bandb.ai
9. Duty to Notify
This Privacy Policy is effective from the date of implementation. Any additions, deletions, or corrections due to changes in laws or policies will be announced on the homepage at least 7 days before implementation of the changes.
This policy is effective as of February 16, 2026.