Effective Date: 2026-05-29 Last Modified: 2026-06-14
Article 1 (Purpose)
TSBT Company Co.,Ltd. (hereinafter the "Company") uses cookies, local storage, session storage, and similar browser storage technologies (collectively, "Cookies, etc.") to operate the website www.lemoninspect.com and related applications (hereinafter the "Site").
This Cookie Policy (hereinafter this "Policy") provides information on the types, purposes, storage methods, user choices, and methods for changing settings regarding the Cookies, etc. used by the Company. This Policy applies together with the Privacy Policy, Terms of Service, Disclaimer, and Refund and Cancellation Policy.
Article 2 (What Are Cookies, etc.?)
Cookies are small data files stored in a browser or device when a user visits a website. Local storage and session storage are storage spaces provided by the browser and, similarly to cookies, are used to store settings, temporary progress status, consent history, and the like.
The Company currently uses or may use the following technologies for Site functions and analytics purposes:
- Cookies — storage of authentication sessions, security status, analytics identifiers, and the like
- Local storage — in-browser storage of cookie consent settings, language settings, attribution paths, and the like
- Session storage — temporary storage during a tab session of payment/report progress status and whether login synchronization has occurred, and the like
- SDK-based analytics identifiers — visit and session identifiers generated by the PostHog SDK if the user has consented to analytics cookies
The Company does not currently use email open pixels, email click tracking link rewriting, or behavior-based advertising cookies in the website or transactional email sending code.
Article 3 (Types of Cookies, etc. Used)
3.1. Essential Cookies and Essential Storage Technologies
| Item | Purpose | Storage Method/Period | Provider |
|---|---|---|---|
| Authentication and security sessions | Maintaining login status, account security, request verification | Session or period determined by the authentication provider | LemonInspect, Clerk |
| Payment and report progress status | Temporary storage of selected VIN, plan, etc. before moving to the payment page; maintaining the report viewing flow | Mainly session storage; deleted during the browser tab session or upon completion of the flow | LemonInspect |
| Cookie consent settings (`lemoninspect_cookie_consent`) | Storing selection status by essential/functional/analytics/marketing category, consent version, and update time | Local storage. Retained until the user deletes it or the Company updates the consent version | LemonInspect |
| Cookie consent login synchronization flag (`lemoninspect_cookie_consent_synced`) | Managing so that server synchronization is not repeatedly executed in the same tab session | Session storage, retained during the tab session | LemonInspect |
Essential cookies and essential storage technologies are necessary for Site provision, security, payment, report viewing, and remembering consent status. If these are blocked in the browser, login, payment, report viewing, or saving cookie settings may not function properly.
3.2. Functional Cookies and Functional Storage Technologies
| Item | Purpose | Storage Method/Period | Provider |
|---|---|---|---|
| Language setting (`tsbt_lang`) | Remembering the selected interface language | Local storage. Retained until the user changes or deletes it | LemonInspect |
| Payment/report input assistance status | Restoring the user’s in-progress flow, such as VIN and plan selection | Session storage, until completion of the relevant flow or termination of the tab session | LemonInspect |
| Other UI and convenience settings | Maintaining convenience in using the Site | Local storage or session storage may be used depending on the function | LemonInspect |
Functional cookies are optional items intended to improve convenience of use. The basic functions of the Site may be used even without consent.
3.3. Analytics/Performance Cookies and Analytics Storage Technologies
| Item | Purpose | Storage Method/Period | Provider |
|---|---|---|---|
| PostHog analytics identifiers (`ph_*`, `posthog*`, and other SDK stored values) | Product analytics such as page views, session duration, attribution paths, key button clicks, payment/report funnels, and error flows | Subject to PostHog SDK settings and browser policies. The Company stops collection and initializes the browser SDK status when analytics consent is withdrawn | PostHog, Inc. |
| Attribution path stored value (`lemoninspect_attribution_v1`) | Use of UTM parameters, initial visit path, and referrer domain as analytics event properties | Local storage. Used at the time analytics events are transmitted and may be deleted by the user | LemonInspect |
Analytics/performance cookies are activated only if the user has consented to analytics cookies in the cookie banner or cookie settings. In the PostHog settings, the Company turns off automatic capture (`autocapture: false`), disables session recording (`disable_session_recording: true`), and applies allowlists, blocklists, and URL masking so that directly identifying information such as email addresses, phone numbers, names, and VINs is not included in analytics properties. If a URL may contain a VIN or sensitive vehicle identifier, that value is masked before transmission.
If a logged-in user has consented to analytics cookies, the Company may use the Clerk user ID as a PostHog identifier to connect analytics events with the same user’s service usage flow. If the user does not consent to analytics cookies or withdraws consent, client-side and server-side PostHog event transmission will not be performed.
3.4. Marketing Cookies
The Company does not currently use marketing, advertising, retargeting, or behavior-based targeting cookies. Marketing cookies are also disabled on the current cookie settings screen and cannot be enabled by users.
If such cookies are introduced in the future, the Company will update this Policy and, if necessary, request prior consent through the cookie banner or a separate notice.
3.5. Cookie Consent Records Stored on the Server
For logged-in users, the Company stores the user’s latest cookie consent status in the `cookie_consents` table of the Supabase database and records the history of the user’s saving of consent from the banner or settings screen in the `cookie_consent_events` table. The recorded items are user ID, selection values for essential/functional/analytics/marketing categories, consent version, saving path (banner/settings/login synchronization), User-Agent, and creation/update time.
These server records are for the purpose of matching the latest consent status when a user logs in on multiple devices and confirming consent status if a dispute or audit need regarding consent arises. If automatic login synchronization repeatedly saves the same consent values, duplicate history creation is prevented. Server records are retained while the account is maintained, and if withdrawal or a deletion request is processed, they may be subject to deletion, de-identification, or retention to the necessary extent in accordance with the Privacy Policy and relevant laws and regulations.
Article 4 (Third-Party Providers and Overseas Processing)
4.1. PostHog
If the user has consented to analytics cookies, analytics events and PostHog identifiers may be transmitted to PostHog, Inc. The default PostHog collection endpoint in the current code is the U.S. region (`https://us.i.posthog.com`), and another PostHog host may be used depending on the Company’s settings. PostHog processes the relevant data in accordance with its own privacy policy and the contractual terms with the Company.
4.2. Clerk
For login and sign-up functions, Clerk may use authentication-related cookies or similar storage technologies. These cookies are necessary for user authentication, session maintenance, and security verification.
4.3. LemonInspect and Cloud Infrastructure
Cookie consent values and functional stored values directly stored by LemonInspect are stored in the user’s browser. Consent status and change history of logged-in users may be stored in cloud infrastructure used by the Company, such as Supabase. Please refer to the Privacy Policy for details on related overseas transfers and entrusted processing.
Article 5 (Managing Cookie Settings)
5.1. Cookie Consent Banner and Settings Screen
Upon the first visit, a cookie consent banner is displayed on the Site. The user may select one of the following:
- Allow all — allow functional cookies and analytics/performance cookies together
- Allow essential only — allow only essential cookies and essential storage technologies in the banner or settings screen
- Detailed settings — individually select functional cookies and analytics/performance cookies
The basic services may be used even without consenting to optional cookies. The user may change selections or withdraw consent at any time through "Cookie Settings" at the bottom of the Site. If analytics cookie consent is withdrawn, the Company stops PostHog collection and initializes the browser SDK status to the extent possible.
5.2. Browser Settings
The user may delete or block cookies and site data through browser settings.
| Browser | How to Set |
|---|---|
| Chrome | Settings → Privacy and security → Third-party cookies or site data |
| Firefox | Settings → Privacy & Security → Cookies and Site Data |
| Safari | Settings → Privacy → Manage Website Data |
| Edge | Settings → Cookies and site permissions |
| Mobile (iOS) | Settings → Safari → Advanced or privacy-related settings |
| Mobile (Android) | Chrome → Settings → Site settings → Cookies or site data |
If all cookies and storage technologies are blocked in the browser, some functions such as login, payment, report viewing, and saving cookie selections may not function properly.
5.3. Do Not Track Signals
Some browsers transmit a "Do Not Track" (DNT) signal. Currently, there is no unified industry standard for DNT signals, and the Company’s Site does not interpret DNT signals as a separate automatic setting value. Whether cookies and analytics collection are used may be directly managed in the cookie settings screen under Article 5.1 of this Policy.
Article 6 (Retention Period)
| Type | Retention Period |
|---|---|
| Session cookies and session storage | Deleted when the browser or tab session ends, or deleted when the relevant function flow ends |
| Cookie consent settings in local storage | Retained until the user deletes the browser storage or the Company changes the consent version and requests consent again |
| Functional stored values | Retained until the user deletes them or they are no longer needed for the relevant function |
| PostHog analytics identifiers | Subject to PostHog SDK settings and browser policies. If the user withdraws analytics consent, subsequent collection is stopped |
| Latest cookie consent status and change history on the server | Retained during the account maintenance period. When processing withdrawal or a deletion request, deletion, de-identification, or retention to the necessary extent is processed in accordance with the Privacy Policy and relevant laws and regulations |
Article 7 (Information by Jurisdiction)
7.1. Republic of Korea
Considering the purpose of notices related to the privacy policy and automatic collection devices required under relevant laws and regulations such as the Personal Information Protection Act, the Company provides information on the purposes of using Cookies, etc. and methods for refusal and withdrawal through this Policy and the cookie settings screen. Optional cookies are activated according to the user’s choice, and the basic services may be used even without consent.
7.2. European Economic Area (EEA) and Other Regions Where Prior Consent May Be Required
Functional cookies and analytics/performance cookies other than essential cookies are activated according to the user’s choice. The user may withdraw consent in the cookie settings screen even after giving consent. When using analytics cookies, the Company applies measures for data minimization, blocking directly identifying information, URL masking, and disabling session recording to the extent possible.
7.3. UAE, Saudi Arabia, and Other Regions
Considering the transparency principles of applicable laws and regulations related to personal information and e-commerce, the Company provides information in this Policy on the purposes of using Cookies, etc., third-party providers, and methods for changing settings. Users may make inquiries or requests related to personal information according to the rights exercise procedures specified in the Privacy Policy.
Article 8 (Changes to This Policy)
The Company may revise this Policy according to changes in the service, cookie settings, or relevant laws and regulations. In the event of changes, the Company will post the revised policy and the last modified date on the Site. If the scope of optional cookies is expanded or there is a change that materially affects users, the Company will redisplay the cookie banner or provide a separate notice to the necessary extent and, if required by relevant laws and regulations, request consent again.
Article 9 (Language Priority)
This Policy is originally written in Korean, and versions translated into English and other languages are provided for the convenience of members. If there is any difference in interpretation between the original and a translation, the Korean original shall prevail.
Article 10 (Contact)
Inquiries regarding the use of Cookies, etc. or the processing of personal information may be made to the contact information below.
Email: [email protected]
