1. Data we collect
When you sign in, we receive the Google account identifier (sub), verified email, display name, and optional profile image required for authentication. We do not request Gmail, Drive, Calendar, contacts, or other Google product data.
We store language, locale, time zone, approximate country, book searches, generation jobs, safety decisions, reading progress, My Books history, plan and subscription status, and technical security logs. Paddle holds card data and returns customer, subscription, transaction, and status identifiers; b-minute does not receive or store the full card number or CVC.
2. Why and how we use data
We use account and reading data to authenticate you, keep sessions active, enforce daily limits, create requested language editions, sync My Books, process subscriptions, publish language-specific recommendation articles, prevent abuse, respond to support, and meet legal duties. We use only the Google identity fields needed for these visible features and do not sell them or use them for targeted advertising.
Depending on location, processing relies on performing the service contract, legitimate interests in security and improvement, legal obligations, or consent where required. Automated safety screening may prevent a generation, but it does not make decisions producing legal or similarly significant effects.
3. Service providers and international processing
Cloudflare hosts the application and database; Google authenticates accounts; OpenAI processes book requests and the material needed to generate summaries and blog drafts; Paddle is the merchant of record for subscriptions and card payments; Open Library may provide public catalog metadata and cover thumbnails. Each provider processes data under its own terms and our configuration.
These providers may process information outside your country. Where required, b-minute will use an appropriate transfer mechanism and provide further information on request. We do not send payment card details to OpenAI.
4. Retention, security, and cookies
The essential b-minute session cookie is HttpOnly, SameSite=Lax, and normally expires after 90 days unless you sign out earlier. Account and My Books data remain while the account is active. Failed generation diagnostics and safety records are retained only as long as reasonably needed for security, disputes, and compliance. Billing records may be retained for legally required accounting periods.
We use encryption in transit, restricted credentials, server-side authorization, signed sessions, audit records, and data minimization. No online system can guarantee absolute security; confirmed incidents will be handled under applicable notification duties.
5. Your choices and rights
You can sign out, remove books from My Books, cancel a subscription, and request access, correction, export, deletion, restriction, or objection where applicable. EU/EEA users may also complain to their supervisory authority; California residents may exercise applicable access, deletion, correction, and opt-out rights. b-minute does not sell or share personal information for cross-context behavioral advertising.
Account deletion must also revoke active sessions and stop future billing; required financial and security records may be retained in limited form. Send a request from your signed-in email to privacy@b-minute.com. Identity verification may be required.
6. Updates and operator details
The data controller and b-minute service supplier is 주식회사 퓨처홀릭스 (futureholics Inc.), business registration 824-87-03137, represented by Seungho Oh (오승호), at 12F, Suite 102, 373 Gangnam-daero, Seocho-gu, Seoul 06268, Republic of Korea. Privacy contact: privacy@b-minute.com. General support: support@b-minute.com.
Material policy changes will be explained before they apply, with renewed consent where required. Provider regions and retention periods are reviewed as services and legal requirements change.
This policy describes our current practices. Mandatory privacy and consumer rights available in your place of residence remain unaffected.