Insacheck (operated by BRIDDZZI) is a workforce attendance & HR platform for Korean
employers and workers. We respect your privacy and comply with the Personal Information
Protection Act (PIPA / PIPL) of the Republic of Korea and Google Play Data Safety
requirements. This English document mirrors the authoritative Korean version at
/privacy?lang=ko.
1. Information We Collect
Worker accounts
- Required: name, phone number, date of birth, email address, social-login subject ID, social provider (Kakao / Naver / Google), social email
- Optional: gender, profile picture
- Automatically collected: precise GPS coordinates & accuracy (only when you tap check-in / check-out), device info, IP address, User-Agent, OS
- Generated during use: affiliation requests (department, position, message), peer ratings & tags
Enterprise accounts
- Required: business type, company name, business registration number, manager name & email & phone, hashed password, company address
- Optional: business registration certificate file, corporate registration number, industry, postal code, signup survey answers
2. How We Use Information
- Authenticate you via Kakao / Naver / Google Sign-In and prevent proxy attendance.
- Record and manage attendance check-ins and check-outs.
- Match workers to enterprises and manage employment history.
- Compute work-temperature scores and let prior employers leave references with the worker's consent.
- Improve the service through aggregate statistics and detect abuse.
- Send push notifications about HR events (affiliation approvals, seal request decisions, etc.).
3. Retention
- Account data: until you delete the account (deleted immediately upon withdrawal).
- Attendance records: 3 years (as required by Korean Labour Standards Act), then deleted.
- Business registration certificates: 1 year after enterprise approval, then deleted.
- Access logs: 3 months (Telecommunications Privacy Act).
4. Sharing With Third Parties
We do not sell personal data. Limited sharing happens only when:
- You explicitly consented in advance.
- You request affiliation with an enterprise — your basic info (name, phone, department, position) is shared with that enterprise's HR admin.
- An enterprise requests a reference check on your previous workplace, and you approve — peer ratings & tags are shared with the requesting enterprise.
- An enterprise has set up Google Apps Script (GAS) integration — that enterprise's attendance records are forwarded to its own Google Sheet.
- Required by Korean law enforcement under valid legal process.
5. Sub-processors
- Cloudflare, Inc. — Service hosting and data storage (Workers, D1 Database, R2 Storage)
- Kakao Corp. — Social login (Kakao Login API)
- Naver Corporation — Social login (Naver Login API)
- Google LLC — Google Sign-In, Firebase Cloud Messaging push notifications, optional Google Sheets export
6. Security Measures
- All passwords hashed with PBKDF2-SHA256 (310,000 iterations, OWASP recommendation).
- Session cookies marked HttpOnly + SameSite=Lax + Secure.
- All traffic encrypted in transit via HTTPS / TLS.
- All database queries use prepared statements (no string interpolation).
- IP-based rate limiting on auth-sensitive endpoints.
7. Your Rights
- Access, correct, restrict processing of, or delete your personal data at any time.
- Account deletion is available in-app (Profile → Withdraw) or by emailing [email protected].
- Cookies can be blocked at the browser level — service may be limited if you do.
8. Privacy Officer
BRIDDZZI Privacy Team — [email protected]
If you live in Korea, you may also contact KISA's privacy infringement hotline at 118 or the
Personal Information Dispute Mediation Committee at kopico.go.kr.
9. Changes
We post material changes here at least 7 days before they take effect. Continued use after the effective date constitutes acceptance.