Privacy Policy

This Policy applies to the website hosted at https://sdk.bz, all subdomains, and any associated services we operate (collectively, the "Service"). It does not apply to third-party websites, services, or advertisers that we link to or that may appear in advertising networks served on the Service. We encourage you to review the privacy notices of those third parties before providing them with personal data. The Policy applies whether you visit the Service as a guest, a logged-in user, or as a representative of an organisation, and applies regardless of the device or network you use.

We have intentionally designed SDK.bz to collect as little personal data as possible. Specifically: - Account Data: SDK.bz does not require an account to use any of the financial and crypto calculators. There is no sign-up flow, no e-mail collection, no password. - Tool / Calculator Inputs: When you paste, type, or input data into a calculator (loan amounts, salary figures, crypto amounts, etc.), the data is processed entirely in your browser. We do not transmit, log, or store the contents of your inputs on our servers under any circumstances. - Preferences: Tool-specific settings (output unit, last-used calculator, theme) are stored only in your browser's localStorage and never reach our infrastructure. - Analytics Data (automatic): We collect aggregated, anonymised metrics such as page views, referring URL, approximate country (derived from a truncated IP address), browser family, operating system, screen size, and language preference. IP addresses are anonymised before storage by our analytics provider (the last octet is dropped). - Diagnostic Logs: Cloudflare, our edge provider, automatically logs HTTP request metadata (timestamp, method, path, response status, edge POP, ASN, anonymised IP) for a short retention window for security, abuse prevention, and capacity planning. - Communication Data: When you contact us by e-mail, we receive your e-mail address, the content of your message, and any files you choose to attach. We do not knowingly collect special categories of personal data (e.g., health, religion, biometrics) and we do not collect government identifiers, payment-card numbers, or precise geolocation.

We use the limited information we collect for the following purposes, each tied to a specific legal basis: - Providing the Service (legal basis: performance of a contract / legitimate interest in operating the Service): rendering pages, executing calculator logic in your own browser, and delivering static assets through our CDN. - Securing the Service (legitimate interest): detecting and mitigating abuse, denial-of-service attacks, scraping, and credential stuffing using Cloudflare's edge security. - Improving the Service (legitimate interest, with cookie consent where required): aggregated analytics that help us understand which calculators are useful, where users get stuck, and which pages are slow. - Showing Advertising (consent / legitimate interest depending on jurisdiction): serving advertisements through Google AdSense to fund the free Service. EU/UK/Korean visitors see a Google-managed consent prompt before any personalised advertising cookies are set. - Responding to You (consent / legitimate interest): replying to e-mails, bug reports, and partnership requests you send us. - Legal Compliance (legal obligation): meeting requirements under PIPA, GDPR, the Korean Telecommunications Business Act, the Network Act, and lawful requests from competent authorities.

We use a small number of cookies and browser-storage technologies. You can clear them at any time through your browser settings. - Strictly Necessary: a small session cookie set by our edge to balance traffic, mitigate bots, and maintain language preference. These cookies cannot be disabled if you wish to use the Service. - Functional / Preferences (localStorage): calculator settings and last-used options. This data never leaves your device. - Analytics (Google Analytics 4): anonymised usage measurement with IP-anonymisation enabled. Cookies set by Google in the `_ga` family expire after up to 24 months. - Advertising (Google AdSense): cookies and similar identifiers used to deliver ads, frequency-cap them, and measure performance. Where required by law (EU/UK/Korea), Google's Funding Choices banner asks for your consent before any personalised advertising identifiers are read or written. You may opt out of personalised advertising at https://adssettings.google.com or through the Funding Choices banner that appears on first visit. You may also enable browser-level tracking protection (Safari ITP, Firefox ETP, Brave Shields, etc.).

We share the minimum necessary information with the following processors. Each processor acts under a written agreement requiring confidentiality, security, and use limited to the agreed purpose. - Cloudflare, Inc. — content delivery, DDoS mitigation, edge logging. - Google LLC (Google Analytics 4) — aggregated traffic analytics. - Google LLC (Google AdSense + Funding Choices) — advertisement delivery and EU/UK/Korean consent management. We do not sell, rent, or lend your personal data. We do not use it for purposes incompatible with this Policy.

Some of our processors (Google, Cloudflare) operate globally and may process personal data in jurisdictions outside the Republic of Korea or the European Economic Area, including the United States. Where such transfers occur, we rely on safeguards including (i) Standard Contractual Clauses adopted by the European Commission, (ii) the EU-US Data Privacy Framework where applicable, and (iii) the cross-border-transfer disclosure obligations under PIPA Article 28-8.

We retain personal data only for as long as necessary for the purpose for which it was collected: - Calculator inputs and preferences (localStorage): retained until you clear your browser storage. SDK Co., Ltd. cannot delete this data on your behalf because it never reaches our servers. - Analytics data: retained for up to 14 months by Google Analytics 4, then aggregated and the underlying user-level records deleted. - Edge / security logs: retained by Cloudflare for up to 30 days for security and abuse-prevention purposes, then deleted. - E-mail correspondence: retained for up to 3 years from the date of the last reply for customer-support and dispute-resolution purposes, then deleted, unless a longer retention period is required by law. When personal data is no longer required, it is irreversibly deleted or anonymised.

Depending on where you reside, you have some or all of the following rights with respect to your personal data: - Right of access — confirm whether we hold your personal data and request a copy. - Right to rectification — correct inaccurate or incomplete personal data. - Right to erasure — request deletion of your personal data ("right to be forgotten" under GDPR Article 17 / PIPA Article 36). - Right to restrict processing — limit how we use your personal data. - Right to data portability — receive your data in a structured, commonly used, machine-readable format. - Right to object — object to processing carried out on the basis of legitimate interest, including direct marketing. - Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of past processing. - Right to lodge a complaint — with a supervisory authority such as the Personal Information Protection Commission (PIPC) of Korea or your local EU Data Protection Authority. To exercise any of these rights, e-mail contact@sdk.bz. We will respond within 30 days (extendable by 60 days for complex requests under GDPR, or within 10 days under PIPA).

SDK.bz is a general-audience resource and is not directed at children under the age of 14 (Republic of Korea) or under the age of 13/16 (United States / European Union, depending on the member state). We do not knowingly collect personal information from children below the applicable age. If you are a parent or guardian and believe a child has provided us with personal information, please contact contact@sdk.bz and we will delete it promptly.

We protect personal data using a layered set of safeguards: encryption in transit using TLS 1.3 by default, edge-network DDoS and bot mitigation through Cloudflare, principle-of-least-privilege access controls for the small number of staff who can view operational logs, and routine review of dependencies and supply chain. No method of transmission over the Internet or electronic storage is 100% secure; while we apply commercially reasonable safeguards, we cannot guarantee absolute security. In the unlikely event of a breach affecting personal data, we will notify the Personal Information Protection Commission and affected users without undue delay and within the 72-hour window required by GDPR Article 33 or the equivalent Korean notification timelines.

Under PIPA Article 31, we have designated a person responsible for the protection of personal information: - Operator: SDK Co., Ltd. - Business Registration Number: 871-81-03242 - E-Commerce Registration Number: 2024-고양일산서-1820 - Address: 4F, 127 Namseong-ro, Jeju-si, Jeju Special Self-Governing Province, Republic of Korea (제주특별자치도 제주시 남성로 127, 4층) - Personal Information Protection Officer: SDK Privacy Team - Contact: contact@sdk.bz For inquiries, complaints, or requests regarding the handling of your personal information, please contact the officer above. You may also contact the Personal Information Protection Commission (https://www.pipc.go.kr / 1833-6972), the Korea Internet & Security Agency Privacy Call Centre (privacy.kisa.or.kr / 118), the Supreme Prosecutors' Office Cyber Investigation Division (1301), or the Korean National Police Agency Cyber Bureau (cyberbureau.police.go.kr / 182).

We may update this Policy from time to time. When we make material changes, we will (i) post the revised Policy at this URL with a new "Last Updated" date, (ii) where required by law, give at least 7 days' advance notice (30 days for changes adverse to users), and (iii) where the change is material and based on consent, request fresh consent. Your continued use of the Service after the effective date of any update constitutes acceptance of the revised Policy.

For any question about this Policy, please reach out: - E-mail: contact@sdk.bz - Postal: SDK Co., Ltd., 4F, 127 Namseong-ro, Jeju-si, Jeju Special Self-Governing Province, Republic of Korea - Business Registration: 871-81-03242 We treat all privacy communications as a priority and aim to acknowledge them within two business days.