Privacy Policy

0. Controller & Contact

The data controller is Youngjae Kim (sole trader, trading as “Hoju&I”).

Contact: hojuandi.service@gmail.com

1. Scope

This Policy applies to hojuandi.com and related services we operate.

2. Purpose & Collection

We use Clerk for authentication and user management. We collect and store only what is necessary for account operation: Clerk ID, username, and profile image URL.Clerk’s Privacy Policy.

We rely on consent for processing sensitive information, certain direct marketing, or new purposes not reasonably necessary for our functions, as required by the Privacy Act 1988 (Cth) and the APPs. Consent is informed, specific, current, and voluntary.

2-1 Notice at Collection (APP 5)

Before collecting any personal information, we clearly explain what we collect, why, and how it’s used, including our contact details and a link to this Privacy Policy.

2-2 Impacts of Non-Provision

Failure to provide required information will prevent account creation or use of authenticated features. You may still browse publicly available content without logging in.

3. Categories Collected

We collect only what is reasonably necessary to provide the service:

• Account Information:
  • Clerk ID, username, and profile image URL (via Clerk authentication)
• Service Data: Posts, comments, notifications, and other user-generated content or service-related records linked to your account.
• Security Logs: For security, our servers automatically log access details (IP address, request path, timestamp, User-Agent) for audit and protection purposes.
• User-Submitted Content (Public). Posts may include text, images, and contact details you choose to publish (e.g., phone number, email, name, location). Content placed in a post is publicly visible by default and may be indexed by search engines or copied by third parties. Even if you later delete the post, we cannot guarantee removal of external copies (e.g., search engine caches). Do not include sensitive information or another person’s personal information (including their phone/email/address) without their lawful consent. We process user-submitted content only to operate, display, back up, and secure the Service.

We allow anonymous or pseudonymous use where reasonable. Under APP 3 & APP 6, we collect, use and disclose only what is reasonably necessary for our functions, and will not use it for unrelated purposes without a legal basis or your express consent. If we receive unsolicited personal information, we assess it within a reasonable period and destroy or de-identify it if not required (APP 4).

3-1. Cookies & Tracking

We use essential cookies for login/session. Traffic statistics are aggregated from server logs. If we later introduce non-essential technologies, we will update this Policy and obtain consent where required by the APPs.

3-2. No Government Identifiers (APP 9)

We do not collect, store, or use government-issued identifiers (e.g., passport, driver licence, Medicare, TFN) for service operation.

4. Purposes of Processing

• User identification and authentication
• Storage/display of user content
• Service stability and security
• Prevention of violations/unlawful acts and dispute handling

We do not conduct direct marketing under APP 7. If we introduce direct marketing in the future, we will give clear notice and an opt-out option before sending any communication.

4-1. Map & Business Listings

4-2. Event Information (Events)

Hoju&I may collect the following information from event organisers for the purpose of listing events on the Service:

• Event name, description, schedule, venue, contact details, and website
• Any other information provided for the purpose of listing the event

This information is used solely for the purpose of displaying and operating events within the Service, and is stored in Hoju&I's database for as long as is necessary for service operations.

Event information is publicly displayed within the Service and may be viewed by other users and third parties. Published information may also be indexed and surfaced by search engines.

By submitting a request to list an event on Hoju&I, the event organiser is deemed to have consented to the public display of the information provided.

At the time of event registration, Hoju&I will confirm via email whether the organiser consents to the retention and display of event information after the event has concluded.

Event organisers may request correction or deletion of their information at any time by contacting hojuandi.service@gmail.com. Requests will be processed within a reasonable time. However, some information may be retained temporarily due to legal obligations or technical reasons.

5. Overseas Transfer & Third Parties (APP 8)

We may disclose and process personal information overseas through third-party providers we use to operate and secure the Service. We take reasonable steps to ensure substantially similar protections apply to personal information handled outside Australia.

Exact data locations depend on provider routing and failover. Based on public provider documentation, processing commonly occurs in the US and/or EU, and may involve global edge/CDN networks.

Providers and processing regions may change from time to time due to technical routing or service maintenance. We remain accountable under APP 8 and take reasonable steps to protect personal information handled by overseas providers. Material changes will be updated here and consent obtained where required by law.

For detailed information about each provider's data handling practices, retention policies, and security measures, please refer to their respective privacy policies linked above.

5-1 Processing Regions, Failover & Force Majeure

Processing regions & failover. Our providers may process data in different regions (incl. temporary failover for BCDR / force majeure). We take reasonable steps under APP 8. Where required, we rely on a valid legal basis under APP 8 (e.g., reasonable steps to ensure substantially similar protections, or an applicable exception). If consent is needed, we will obtain it.

5-2. Security Measures

We take reasonable steps to protect personal information from unauthorised access, misuse, or loss in accordance with APP 11. Security logs are used only for protection and maintenance purposes.

5-3. Retention & Deletion (APP 11)

We retain personal information only for as long as is reasonably necessary for the purposes described in this Policy or as required by law. We apply documented schedules and delete or de-identify data once the purpose ends, subject to lawful holds (e.g., disputes or legal requests).

Third-party providers apply their own documented retention and backup schedules (see each provider’s privacy policy).

We take reasonable steps to destroy or de-identify personal information that is no longer required for our functions or activities, consistent with APP 11. Lawful holds may extend retention only as required by law.

5-4. Notifiable Data Breaches (NDB)

We operate a four-step response process: Contain, Assess, Notify, and Review.

• Contain: Immediately secure systems, rotate secrets, and limit further exposure.
• Assess (within 30 days): Evaluate whether the incident is likely to cause serious harm.
• Notify (as soon as practicable): If eligible, notify affected individuals and the OAIC, including a description of the breach, the kinds of information involved, the steps taken, and recommended actions for affected individuals.
• Review: Address the root causes and update security controls, policies, and staff training.

Contact: hojuandi.service@gmail.com (Subject: Data Breach)

6. User Rights

Users are responsible for keeping their personal information accurate and up to date. You may access, update, or request deletion of your personal information at any time by contacting hojuandi.service@gmail.com. We will take reasonable steps to verify your identity and respond in accordance with the Australian Privacy Principles (APP 12 & 13).

We aim to keep personal information accurate and up to date as required by law.

7. Lawful Requests

We respond to lawful requests from authorities after verifying their jurisdiction and validity, in accordance with the Privacy Act 1988 (Cth).

8. Governing Law & Jurisdiction

This Policy is governed by NSW law. Disputes are subject to courts in NSW.

9. Complaints & OAIC

Send complaints to hojuandi.service@gmail.com. We aim to respond within a reasonable time.

If you are not satisfied with our response, you may lodge a complaint with the OAIC (Office of the Australian Information Commissioner).

10. Changes to this Policy

We may update this Policy to reflect legal or service changes. Material updates will be announced in service. The latest version is always available on hojuandi.com.