This Privacy Policy describes how Impact Labs Inc. (주식회사 임팩트연구소), a corporation organized under the laws of the Republic of Korea ("we," "us," or the "Company"), collects, uses, shares, and protects personal information when you use the ZIZIZIK mobile application ("the App") in the United States.

The App is a directory and route-planning tool for publicly available EV charging stations in the United States. It does not process payments, does not operate charging hardware, and does not offer vehicle- integration features.

This Privacy Policy applies to all users of the App in the United States. For location-specific disclosures required by California law, see our Notice at Collection. For details on how we handle location data, see our Location-Based Service Terms.

We collect the following categories of personal information (with CCPA category references for California residents):

1. Identifiers (Cal. Civ. Code § 1798.140(v)(1)(A))
   Name, email address (or Apple private relay address), unique account identifier, IP address, device identifier.
2. Customer Records (Cal. Civ. Code § 1798.140(v)(1)(B))
   Name and email address as stored in your account record. No additional customer records beyond identifiers are collected.
3. Internet or Other Electronic Network Activity (Cal. Civ. Code § 1798.140(v)(1)(F))
   App usage data (station searches, pages viewed, filter selections), interaction logs, device type, operating system version, app version, crash reports, and performance data.
4. Geolocation Data (Cal. Civ. Code § 1798.140(v)(1)(G))
   Precise GPS coordinates, collected only in the foreground and only with your explicit permission. Classified as Sensitive Personal Information under the CCPA/CPRA. See our Location-Based Service Terms for full details.
5. Inferences (Cal. Civ. Code § 1798.140(v)(1)(K))
   None currently. We do not create consumer profiles or draw inferences for advertising purposes.
6. Profile Information.
   Display name and profile image, if you choose to provide them.
7. Account Deletion Records.
   We retain a record that an account was deleted, as required by applicable law, without retaining the associated personal information.

We use the information we collect for the following business purposes:

1. Provide and operate the Service -- display charging stations, compute routes, save your favorites and search history, and deliver the core App experience.
2. Authenticate and secure your account -- verify your identity via Apple Sign-In or Google Sign-In and protect against unauthorized access.
3. Communicate with you -- respond to support inquiries and send service-related notices (such as changes to these terms). For optional marketing communications, see our Marketing Communications page.
4. Comply with legal obligations -- respond to valid legal process and comply with applicable laws and regulations.
5. Detect and prevent fraud, abuse, and security incidents -- protect the security and integrity of the App and our users.
6. Improve the Service -- analyze aggregated, de-identified usage data to improve features, performance, and reliability.

We share personal information only in the following circumstances:

5.1 Service Providers (Sub-Processors)
We share information with third-party service providers who process data on our behalf to operate the App. Each provider is contractually obligated to use your information only as necessary to provide their services to us.

1. Supabase -- authentication backend and account data storage. Supabase Privacy Policy.
2. Google -- Google Sign-In (authentication) and Google Maps Platform (map display, route computation, geocoding). Google Privacy Policy.
3. Apple -- Sign in with Apple (authentication). Apple Privacy Policy.
4. Firebase Cloud Messaging -- push notification delivery. Firebase Privacy Information.
5. Firebase Crashlytics -- crash reporting and diagnostics. Firebase Privacy Information.
6. Sentry -- error monitoring and performance tracking. Sentry Privacy Policy.
7. Mixpanel -- product analytics (aggregated usage data). Mixpanel Privacy Policy.
8. AppsFlyer -- mobile attribution and install analytics. AppsFlyer Privacy Policy.
9. Amazon Web Services (AWS) -- cloud infrastructure hosting for backend services. AWS Privacy Notice.

5.2 Legal Disclosures
We may disclose personal information if required by law, regulation, subpoena, court order, or other valid legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to detect and prevent fraud.

5.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. Any successor entity will be bound by this Privacy Policy with respect to your previously collected information. We will notify you of any such change.

We do not sell Personal Information. We do not share Personal Information for cross-context behavioral advertising.

The App is a mobile application and does not use browser cookies. The following technologies are used for analytics and diagnostics:

1. Firebase Crashlytics SDK -- collects crash reports and device state at the time of a crash to help us identify and resolve technical issues.
2. Sentry SDK -- collects error reports and performance data to help us diagnose and fix issues.
3. Mixpanel SDK -- collects usage events (such as screen views and feature interactions) to help us understand how the App is used and where to improve it.
4. AppsFlyer SDK -- collects install attribution data to help us understand how users discover the App.

These tools may use device identifiers. You can limit device-level tracking through your operating system's privacy settings (such as App Tracking Transparency on iOS or Ads Personalization settings on Android). We do not use third-party advertising trackers.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, destruction, or alteration. These measures include encryption of data in transit (TLS), access controls, and regular security assessments.

No system is fully impenetrable. While we maintain robust security practices, we cannot guarantee absolute security. You are responsible for safeguarding your device and the credentials used to access your account.

Impact Labs Inc. is headquartered in the Republic of Korea. Your personal information is processed and stored on servers located in the Republic of Korea. By using the App, you consent to the transfer of your personal information to the Republic of Korea. This transfer is necessary for the performance of the contract between you and us (i.e., providing the App). We apply appropriate safeguards to protect your information during transfer and storage, including encryption in transit and access controls consistent with industry standards.

The App is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete that information promptly.

If you are a parent or guardian and believe your child under 13 has provided personal information to us, contact us at contact@empactlabs.com.

If you are between 13 and the age of majority in your jurisdiction, you may use the App only with parental or guardian consent.

11.1 California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

1. Right to Know. You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we have shared it.
2. Right to Delete. You may request that we delete personal information we have collected from you, subject to applicable exceptions (such as legal obligations or security purposes).
3. Right to Correct. You may request that we correct inaccurate personal information we maintain about you.
4. Right to Limit Use of Sensitive Personal Information. We use Sensitive Personal Information (precise geolocation) only to provide services you request. Because this use is already limited to what is necessary, no additional limitation applies.
5. Right to Opt Out of Sale/Sharing. We do not sell or share Personal Information for cross-context behavioral advertising. This right is not applicable.
6. Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights.

Designated Request Methods:

1. Email contact@empactlabs.com with the subject line "Privacy Rights Request."
2. Use the in-app account deletion feature (for deletion requests).

Authorized Agents: You may designate an authorized agent to submit a request on your behalf. We require the agent to provide signed written authorization or a valid power of attorney, and we may verify your identity directly.

Identity Verification: To protect your privacy, we verify your identity before processing a rights request. We may ask you to confirm information associated with your account, such as the email address linked to your sign-in provider.

Response Time: We respond to verifiable requests within 45 calendar days of receipt. If additional time is needed (up to an additional 45 days), we will notify you of the extension and the reason for it.

11.2 Other US State Residents
If you reside in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Delaware, Iowa, Tennessee, Montana, New Hampshire, Maryland, Minnesota, New Jersey, Indiana, Kentucky, Nebraska, or Rhode Island, you may have similar rights under your state's consumer privacy law, including the right to access, delete, and correct personal information, and to opt out of certain data processing activities. We honor privacy rights requests from all US residents, regardless of state.

Where applicable state law provides an appeal process, you may appeal our decision on your request by emailing contact@empactlabs.com with the subject line "Privacy Rights Appeal."

11.3 How to Exercise Your Rights
To exercise any privacy right described above:

1. Email: contact@empactlabs.com with the subject line "Privacy Rights Request."
2. In-app: Use the account deletion feature within the App (Settings > Account > Delete Account) for deletion requests.

When you delete your account through the App, we delete or de-identify your personal information consistent with the retention periods described in Section 7.

We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days' advance notice by posting the revised policy in the App, sending an email to the address associated with your account, or displaying a notice when you next open the App. The "Effective" date at the top indicates when the most recent revision took effect.

Your continued use of the App after the effective date of the revised Privacy Policy constitutes your acceptance. If you do not agree, stop using the App and delete your account.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Impact Labs Inc. (주식회사 임팩트연구소)
6F, 410 Teheran-ro, Gangnam-gu, Seoul 06192, Republic of Korea
Email: contact@empactlabs.com

For privacy-specific inquiries, use the subject line "Privacy Inquiry" to help us route your request promptly.