biaX Start free trial

Privacy Policy

Document version: 2026-06-09 · Effective: 2026-06-09

1. Purposes of processing

Barun Partners ("Company") processes personal information for the following purposes in connection with the BiaX mobile app and related services.

  • Member identification, authentication, account creation and maintenance, social login
  • Service delivery (user-entered trades and journal, post-hoc reference analytics, AI-assisted summaries, onboarding and settings) — no automatic brokerage or order execution
  • Profile and onboarding (age band, occupation, trading experience): contextual UI and reference analytics — used only within service delivery purposes
  • Profile data is not sold or rented to third parties for marketing that identifies individual users, nor used for credit, lending, or insurance underwriting unrelated to the Service (except as required by law, with consent, or as described under processors)
  • Customer support, complaints, notices and notifications (per settings)
  • Fraud prevention, security logging, service quality improvement, and aggregated statistics
  • Legal compliance and dispute response
  • Paid subscription billing, settlement, and refunds (when offered)
  • Recording consent timestamps and policy versions for audit purposes

2. Items collected

Items collected vary by login method and features used.

  • Account and authentication: identifiers from social login providers, email (if provided), display name
  • Profile and onboarding: age band, occupation, trading experience, persona, locale, currency preferences
  • Service use: user-entered trades, journals, tags, settings, in-app activity logs (up to 24 months for service improvement)
  • Push notifications: FCM device token and notification preferences
  • Analytics (opt-in marketing consent only): predefined event identifiers without direct PII
  • Device and logs: OS, app version, IP, crash logs, error logs
  • Payment (when offered): store transaction identifiers — the Company does not store full card numbers

3. Retention and deletion

Personal information is deleted without delay when the purpose is achieved, except where law requires retention.

On account withdrawal, data is deleted within 5 business days unless statutory retention applies.

  • Contract and withdrawal records: 5 years (e-commerce consumer protection, where applicable)
  • Payment and supply records: 5 years
  • Consumer complaint records: 3 years
  • Advertising records: 6 months
  • Access logs: 3 months (where applicable)

4. Third-party provision

The Company does not provide personal information beyond this policy except with User consent or as required by law.

4-1. Optional B2B data sharing

With opt-in consent, anonymized trading-behavior statistics may be shared with research or fintech partners. Direct identifiers (name, email, account numbers, ticker symbols) are excluded.

Consent may be withdrawn in Settings or via support@barunpartners.co.kr without affecting core Service use.

  • Purpose: financial behavior research and service improvement statistics
  • Recipients: research institutions and fintech partners (disclosed before sharing)
  • Retention: until contract end or consent withdrawal

5. Processors (sub-processors)

The Company uses the following categories of processors under contractual safeguards:

  • Supabase Inc.: cloud infrastructure, database, authentication (US-Central)
  • Google, Apple, Kakao: social login (as selected by User)
  • Apple App Store, Google Play: subscription billing (when offered)
  • Google Cloud (Vertex AI / Gemini API): AI text generation from trade context (no direct identifiers sent)
  • Google LLC (Firebase Crashlytics, FCM, Analytics): crash monitoring, push, opt-in analytics

6. Cross-border transfer

Personal data is stored and processed on servers in the United States (US-Central) via Supabase Inc. for service delivery.

The Company enters into data processing agreements with overseas providers. Under Australia's APP 8, Singapore's PDPA Section 26, and Korea's PIPA Article 28-8, comparable protection is ensured through contract and policy disclosure.

Details below; updated when processors change.

  • Recipient: Supabase Inc. | Country: United States (US-Central) | Items: account, auth, user-entered trades/journals, profile, service logs | Purpose: cloud hosting and authentication | Method: encrypted transmission (HTTPS) from sign-up/use | Retention: until withdrawal or purpose achieved
  • Recipient: Google LLC (Google Cloud / Vertex AI) | Country: United States | Items: trade tags, memos, behavioral context (no direct identifiers) | Purpose: statistical summaries | Method: API on analysis request | Retention: per Google enterprise API terms; not used for model training
  • Recipient: Google LLC (Firebase Crashlytics) | Country: United States | Items: crash logs, device model, stack traces | Purpose: stability monitoring | Method: automatic on crash | Retention: typically 90 days
  • Recipient: Google LLC (Firebase Cloud Messaging) | Country: United States | Items: push token | Purpose: notifications | Method: on send | Retention: until token refresh or app removal
  • Recipient: Google LLC (Firebase Analytics) | Country: United States | Items: 12 predefined events (opt-in marketing consent only) | Purpose: usage statistics | Method: on event trigger | Retention: default 14 months; stops on consent withdrawal

7. User rights

Users may request access, correction, deletion, processing restriction, and consent withdrawal via support@barunpartners.co.kr.

Re-registration with the same social account may be restricted for 24 hours after withdrawal to prevent abuse; prior data is not restored.

7-2. Automated decision-making

Statistical models and AI generate pattern scores, behavioral classifications, and trade summaries from User-entered data.

These outputs are reference information only and do not produce legal or similarly significant effects.

Users may request an explanation of the basic logic and main inputs via support@barunpartners.co.kr.

8. Security measures

The Company implements access minimization, encryption in transit, database row-level security, monitoring, and staff training.

8-1. AI output guardrail detection logs

Server-side guardrails detect investment-advice or guarantee language in AI outputs. Detection logs support quality and regulatory compliance.

  • Collected items: detection tag (e.g., stock recommendation / profit guarantee), detection time, context identifier, detected text snippet (up to ~120 chars). User IDs, account identifiers, and personal identifiers are not stored directly.
  • Source: response text generated by the AI model (journal originals are not stored verbatim; summarized journal content may appear indirectly in model responses).
  • Retention: automatically purged after up to 30 days under the default application log policy; cases requiring audit evidence may be sealed separately for up to 1 year before deletion.
  • Access control: limited to security and compliance personnel; never used for sales or marketing purposes.
  • User rights: you may request access, correction, or deletion of your original trade/journal data; guardrail detection logs are de-identified operational logs and follow the same 30-day retention policy upon account withdrawal.

9. Cookies and similar technologies

The static website does not include third-party tracking scripts by default. If cookies are introduced in app or web extensions, purpose and opt-out will be updated here.

10. Contact

Privacy inquiries: support@barunpartners.co.kr

Privacy officer: Jinhyun Kim, Barun Partners · 145 Pangyoyeok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea

Australia: unresolved complaints may be referred to OAIC (oaic.gov.au).

11. Policy updates

Material changes will be announced in the app and on barunpartners.co.kr/privacy before or at the effective date.