Privacy Policy Last updated: June 12, 2026 sucorsese ("we", "us") operates sucorsese.com. This policy explains what personal data we collect, why, and how we handle it. We process personal data in accordance with the Personal Information Protection Act of the Republic of Korea and, where applicable, the EU/UK General Data Protection Regulation (GDPR). 1. WHAT WE COLLECT Order and delivery: name, email address, phone number, shipping address, order history. Payment: payments are processed by Stripe. We never receive or store your full card number. We retain payment references (transaction ID, amount, status) needed to fulfill and refund orders. Account (optional): email address and authentication data if you create an account. Technical: IP address, browser type, and basic usage logs collected for security (fraud prevention, rate limiting) and to operate the Site. 2. WHY WE PROCESS IT (LEGAL BASES) To fulfill your order and deliver it — performance of a contract. To send order confirmation and shipping notification emails — performance of a contract. To prevent fraud and secure the Site — legitimate interest. To comply with tax, customs, and commercial record-keeping obligations — legal obligation. We do not sell your personal data, and we do not send marketing emails without your consent. 3. SHARING We share data only with service providers needed to run the store: Stripe (payment processing), shipping carriers (EMS/Korea Post, DHL, FedEx — name, address, phone for delivery and customs), Supabase (hosting and database), Resend (transactional email), and Sentry (error monitoring, technical data only). Each provider processes data under its own safeguards and only for the purpose of providing its service. Carriers and customs authorities in the destination country receive the data required for delivery and customs clearance. 4. INTERNATIONAL TRANSFERS We are located in the Republic of Korea, and our service providers may process data in other countries (including the United States). Where required, transfers rely on recognized safeguards such as standard contractual clauses or adequacy decisions (the EU and UK have adequacy decisions for the Republic of Korea). 5. RETENTION Order records are kept for the period required by Korean e-commerce and tax law (typically 5 years for contract and payment records), then deleted or anonymized. Account data is deleted when you delete your account, except where retention is legally required. Security logs are kept for up to 12 months. 6. YOUR RIGHTS You may request access to, correction of, or deletion of your personal data, object to or restrict processing, and request data portability. EU/UK residents may also lodge a complaint with their local supervisory authority. To exercise any right, contact us via the Contact page; we respond within the time required by applicable law. 7. COOKIES We use only the cookies necessary to operate the Site: session/authentication cookies and a cart cookie. We do not use advertising or cross-site tracking cookies. You can block cookies in your browser settings, but checkout and sign-in may not work without them. 8. CONTACT Data protection contact: Taemu Kim Reach us through the Contact page on the Site for any privacy inquiry or request. 9. CHANGES We will post any changes to this policy on this page at least 7 days before they take effect, or 30 days for material changes.