📈 KOSAK Privacy Policy

Effective: June 2, 2026 · Service: KOSAK — AI investment-prediction dashboard (the “Service”)

1. Items Collected and When

• When not logging in / not using an account: No personal information whatsoever is collected to the server. Watchlist groups, the trade journal, alerts, and settings are all kept only in on-device storage (browser local storage).
• When signing up / logging in (optional): User ID and password. Only the value derived from your password on your device via a one-way function (PBKDF2) is transmitted and stored; the original password is never stored on the server. We do not collect your name, email, phone number, address, or the like.
• When using sync (optional): Watchlist groups, trade journal, price-alert settings, and chart/app settings. This data is encrypted with your password (AES-256-GCM) on your device before being transmitted and stored, so neither the operator nor the server can decrypt it.
• When using push notifications (optional): A push-subscription identifier (device/browser token) and the securities for which you have set alerts. Used only for the purpose of sending notifications.

2. Purposes of Use

• Syncing your “My Settings” (watchlist groups, trade journal, alerts, etc.) across devices.
• Sending push notifications such as new listings and target-price reached for watched securities.
• (In the future) Account identification when paid features are offered.

3. Retention and Use Period

Account and sync data are retained for as long as the account exists, and are destroyed without delay when the user requests log-out, data deletion, or account withdrawal. Local (on-device) data can be deleted by the user directly.

4. Provision to Third Parties & Advertising (Google AdSense)

The operator does not sell or provide your account information (such as your user ID) or sync data to third parties. The Service queries external public APIs (Upbit, Binance, CoinGecko, Naver Finance, Yahoo Finance, Google News, alternative.me, etc.) for prices, news, exchange rates, and indicators, but does not transmit your personal information in the process.

Advertising: To keep the Service free, we display Google AdSense (web) and Google AdMob (app) ads. In the app, an Advertising ID (AD_ID) may be used for ad serving/measurement, and you can limit ad personalization in your device settings. Third-party vendors, including Google, use cookies and similar identifiers to serve ads based on your visits to this Service and other websites. This may involve processing advertising identifiers, device/browser information, and approximate location. You can opt out of personalized advertising via Google Ad Settings, or decline third-party cookies at aboutads.info and youronlinechoices.eu. Users in the EEA, UK, and Switzerland are shown personalized or non-personalized ads according to their consent. Google's use of data is governed by Google's Privacy & Terms.

5. Entrustment of Processing (Infrastructure)

We use the cloud infrastructure of Cloudflare, Inc. for data storage and hosting. Sync data is stored only in encrypted form.

6. Security Measures

• One-way password transformation (PBKDF2, multiple iterations) — the original is not retained.
• End-to-end encryption of sync data (AES-256-GCM) — not even the server can decrypt it.
• All communications encrypted via HTTPS.
• We use no first-party user-profiling or tracking tools of our own (advertising is served via Google AdSense; see Section 4 for ad cookies).

7. User Rights

The user may log out at any time, or use the Service in a local-only mode without using sync. Account and data deletion can be requested at the contact below after logging out within the app.

8. Children Under 14

This Service is intended for users aged 14 and over, and does not intentionally collect the personal information of children under the age of 14.

9. Privacy Officer / Contact

Email: contact.kosak@gmail.com

10. Duty of Notification

If this Policy changes, the effective date and the details of the change will be announced through this page.