Salam Jeju ("we", "us") operates salamjeju.com and related services including Instagram-based customer messaging for our Halal-friendly Jeju retreat and shop. This policy describes the limited personal information we process when you interact with us.
1. Information we collect
- Application data: name, email, phone, travel dates, dietary and prayer needs you provide on our retreat application form.
- Instagram interactions: when you comment on our posts or send a Direct Message to our Instagram accounts (@salamjeju, @nasir_seong), Meta delivers that content to our servers via the Instagram Graph API. We store the message text, your Instagram-scoped user ID, and timestamps so we can reply, prevent duplicate replies, and audit our automation.
- Payment metadata: when you pay a deposit, our payment processor (Wise, PayPal, or bank transfer) handles card data. We retain only the reference number, amount, and status.
- Standard server logs: IP address, user agent, and request paths for security and abuse prevention.
2. How we use it
- Reply to your inquiries on Instagram and email.
- Process retreat bookings and shop orders.
- Send service emails (booking confirmation, payment reminders, itinerary).
- Improve our content and detect abuse.
We do not sell your personal information. We do not run third-party advertising on our site.
3. Third parties we share with
- Meta Platforms— Instagram messaging is delivered via Meta's Graph API. Meta's own privacy policy applies to the Instagram side of the interaction.
- Supabase (database/hosting), Google Cloud Run (application hosting), Resend (transactional email), Wise / PayPal (payments).
4. Retention
We keep application and booking records for 5 years for tax and accounting purposes. Instagram webhook events are retained for 12 months for support and audit. You may request earlier deletion at any time — see the Data Deletion page.
5. Your rights
You may request access, correction, or deletion of your data, or object to a specific use. Contact us at jin@regenntwrks.com. We respond within 30 days.
6. Security
Data is transmitted over HTTPS and stored in Supabase with row-level access controls. Access tokens for Instagram are stored encrypted in our database with restricted service-role access.
8. Changes
We may update this policy. The "Effective" date at the top reflects the latest revision. Material changes will be highlighted on our site.