Routinery Privacy Policy (Revised March 2026)

Last updated: March 2026

Summary of Key Updates

We have updated this Privacy Policy to improve transparency and reflect changes in our data practices:

• Added information about cookies and tracking technologies

• Introduced Meta Pixel for advertising performance measurement

• Included Monetai for user experience optimization

• Expanded details on cross-border data transfers

• Clarified regional consent practices and opt-out options

• Confirmed that we do not sell personal information

• Updated how we notify users of policy changes, allowing flexible notice methods depending on the nature of the update and legal requirements

• Added information regarding web-based subscription payments processed via a third-party Merchant of Record (Paddle)

By using our services, you acknowledge that you have reviewed this Privacy Policy.

We process personal data in accordance with applicable laws including the Korean Personal Information Protection Act (PIPA), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

We do not sell personal information.

We will only process marketing, personalized advertising, or non-essential tracking with your prior consent where required by applicable law.

You may withdraw your consent at any time through in-app or website settings.

Article 1 (Purpose of Processing Personal Information)

We process personal information only for the following purposes:

1. Membership Registration and Management (Contract performance)

   Managing user accounts, preventing misuse, and providing notices.

2. Customer Support and Inquiry Handling (Legitimate interest)

   Responding to inquiries and resolving issues.

3. Service Provision (Contract performance)

   Delivering features, including personalized routines based on user-provided information.

4. Service Improvement and Analysis (Legitimate interest)

   Analyzing usage patterns to improve features and performance.

5. Operational Messaging (Legitimate interest)

   Sending essential service-related notifications.

6. Marketing and Advertising (Consent)

   Sending promotional content only where the user has opted in.

7. Payment Processing and Subscription Management (Contract performance)

   Processing web-based subscription payments, managing billing status, verifying transactions, and providing access to paid features.

   Payment transactions are processed by a third-party payment provider acting as Merchant of Record.

8. Location-Based Reminder Feature (Consent)

   Location data is collected and used only to provide the location-based routine reminder feature that the user has explicitly enabled.

   This feature operates only when the user grants the necessary location permission through their device settings. Location data is not collected or used unless this feature is activated by the user.

Article 2 (Retention Period)

We retain personal data only as long as necessary for the purposes stated above or as required by law.

Upon account deletion or withdrawal of consent, personal data will be deleted or anonymized.

Where retention is required by law, data will be securely stored for the legally mandated period and then deleted.

Article 3 (Items Collected)

1. Required Information

   Anonymous ID, login email, country, nickname, gender, age group

2. Usage Data

   Login records, IP address, device information, service usage history

   Behavioral data such as interaction patterns, feature usage, event logs, session duration, and page or screen interactions may also be collected as part of service usage.

3. Optional Information (with consent)

   Profile image, routine content, preferences

4. Payment-related Information

   When you make a purchase via our web-based payment page, we may receive limited transaction-related information from our payment provider, including:

   • Email address
   • Transaction status
   • Order ID
   • Billing country
   • User identifier
   • Payment method type (e.g., card, Apple Pay, Google Pay)

   We do not collect or store full payment card numbers or other sensitive financial information.

5. Location Data (Optional, with consent)

   Location data may be collected when the user enables the location-based reminder feature. This data is used solely to provide location-triggered routine notifications and is not collected otherwise.

Article 4 (Outsourcing and Cross-border Transfers)

1. Outsourcing of Processing

We entrust certain personal data processing tasks to trusted service providers:

Paddle acts as the Merchant of Record, meaning it is the legal seller responsible for processing payments, handling taxes (including VAT), and issuing receipts.

We ensure that all processors handle data only as instructed and implement appropriate safeguards.

2. Cross-border Transfers

Personal data may be transferred to countries such as the United States and the United Kingdom.

Where required under applicable data protection laws, such transfers are conducted based on appropriate legal mechanisms, including Standard Contractual Clauses (SCCs).

Transfers are conducted via encrypted communication and protected by:

• Standard Contractual Clauses (SCCs)

• Data Processing Agreements (DPAs)

• Technical and organizational safeguards

In particular, certain service providers located outside your country may process personal data on our behalf, including:

• Analytics and infrastructure providers (e.g., Google, AWS, Amplitude, Sentry)

• Attribution and advertising partners (e.g., AppsFlyer, Airbridge)

• Payment provider (Paddle), acting as Merchant of Record, which processes transaction data such as email address, billing country, and order information

Payment-related data may be processed globally by our payment provider in accordance with applicable data protection laws.

Location data, if collected, may also be processed by infrastructure providers located outside your country in accordance with the safeguards described above.

Article 5 (Destruction of Personal Information)

Personal data is deleted when no longer needed.

• Electronic data: securely deleted

• Physical data: shredded or destroyed

Article 6 (User Rights)

Users may:

• Access, correct, or delete data

• Withdraw consent

• Object to processing

• Request data portability

Requests can be made via in-app settings or email.

Article 7 (Security Measures)

We implement:

• Access control

• Encryption

• Monitoring and logging

• Internal policies and training

Article 8 (Cookies and Tracking Technologies)

We use cookies and similar technologies to:

• Improve website functionality and user experience

• Analyze usage patterns

• Optimize marketing and advertising performance

Cookies and tracking technologies may be used when you access certain web-based content or pages provided as part of our services.

In particular, such technologies may be applied on specific web pages or content experiences to measure performance and improve user experience.

1. Types of Cookies

• Essential

• Analytics

• Advertising

2. Third-party Tracking

We may use third-party tracking tools such as:

• Meta Pixel (for advertising performance and retargeting)

• Analytics tools

These tools may collect device information, browsing activity, and interaction data.

Where required by law, Meta Pixel and similar advertising technologies are activated only after obtaining user consent.

3. Legal Basis and Regional Practices

Depending on applicable law, cookies and tracking technologies may be used based on either prior consent or legitimate interest with opt-out options.

• EEA/UK: Prior consent required

• Other regions: Applied where permitted by law, with opt-out available

4. Control

Users can manage or withdraw their preferences at any time through browser settings, cookie controls, or in-app privacy settings.

5. Tracking on Payment Pages

Tracking technologies (such as Meta Pixel, Airbridge, or similar analytics tools) may also be used on web-based payment pages to:

• Measure conversion events

• Analyze payment funnel performance

• Optimize advertising campaigns

Such tracking is implemented in compliance with applicable laws and, where required, only after obtaining user consent.

Article 9 (Behavioral Data Collection)

We collect behavioral data (as described in Article 3) to:

• Improve services

• Personalize experiences

• Measure advertising performance (with consent where required)

Tools include:

• Firebase, Amplitude

• AppsFlyer

• Meta Pixel

• Monetai

Users may opt out via settings.

Article 10 (Additional Use Without Consent)

We may process data without additional consent where permitted by law and compatible with the original purpose.

Article 11 (Use of Non-identifiable Content)

Non-identifiable user content may be used for marketing.

Identifiable data is never used without consent.

Article 12 (Data Protection Officer)

Name: Inseok Seo

Email: hello@routinery.app

Article 13 (Contact)

Email: hello@routinery.app

Article 14 (User Remedies)

Users may contact relevant authorities for data protection issues.

Article 15 (Changes to this Policy)

We may update this Privacy Policy to reflect changes in applicable laws, regulations, or our services.

If we make material changes that affect your rights or how your personal data is processed, we will provide prior notice through appropriate channels such as in-app notifications, email, or website notices, where required by applicable law.

For minor changes or updates that do not significantly affect your rights, we may update this Privacy Policy without prior notice, and the updated version will be effective upon posting.

The “Last updated” date at the top of this Policy indicates when the latest changes were made.