Privacy Policy

The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent will be taken in accordance with Article 18 of the Personal Information Protection Act.

• Service Provision: Provision of work automation services, development and operation of RPA solutions, provision of automation scripts, provision of consulting services, creation and fulfillment of contracts, fee settlement and billing
• Membership Management: Identification and authentication of members using membership services, maintenance and management of membership qualifications, prevention of fraudulent use of services, various notifications, grievance handling, record retention for dispute mediation
• Marketing and Advertising: Development of new services and provision of customized services, provision of events and advertising information and participation opportunities, provision of services and advertisement placement according to demographic characteristics, verification of service effectiveness, frequency of access analysis, statistics on members' service usage
• Customer Support: Customer inquiry and consultation response, complaint handling and other civil complaint processing, delivery of notices, handling of service-related inquiries

① The Company processes and retains personal information within the period of retention and use of personal information as agreed upon when collecting personal information from data subjects or as prescribed by laws and regulations. ② The personal information processing and retention period for each is as follows:

• Service usage contract or membership: Until contract termination or membership withdrawal. However, retention continues until the following reasons are resolved:
• a. If investigation or inquiry is in progress due to violation of relevant laws, until the completion of such investigation or inquiry
• b. If debts or credits remain from service usage, until settlement of such debts or credits
• Records related to display/advertising, contract content and fulfillment under the Act on Consumer Protection in Electronic Commerce:
• Records on contracts or withdrawal of subscription: 5 years
• Records on payment and supply of goods: 5 years
• Records on consumer complaints or dispute resolution: 3 years
• Communication fact confirmation data under the Protection of Communications Secrets Act:
• Computer communication, Internet log records, access tracking data: 3 months
• Transaction records under the Electronic Financial Transactions Act:
• Records on electronic financial transactions: 5 years
• Records for prevention of fraudulent use: 1 year

The Company processes the following personal information items:

• Required Items:
• Name, email address, phone number, company name, department, position
• Optional Items:
• Work automation target information, additional requests, preferred contact hours
• Information automatically generated and collected during service usage:
• IP address, cookies, MAC address, service usage records, visit records, inappropriate usage records, browser information, operating system information, visit date and time
• Information collected when using paid services:
• Credit card information, bank account information, payment records, business registration number for tax invoice issuance

① The Company processes personal information only within the scope specified in Article 1 (Purpose of Personal Information Processing), and provides personal information to third parties only when it falls under the circumstances specified in Articles 17 and 18 of the Personal Information Protection Act, such as consent of the data subject or special provisions of the law. ② In principle, the Company does not provide users' personal information to third parties. However, exceptions are made in the following cases:

• When users have publicly disclosed information in advance or consented to third-party provision
• When there is a request from an investigative agency in accordance with procedures and methods prescribed by law for investigative purposes
• When necessary for fee settlement related to service provision
• When providing personal information in a form that cannot identify specific individuals for the purpose of statistical compilation, academic research, or market research

① The Company consigns personal information processing tasks as follows for smooth personal information processing. ② When concluding a consignment contract, the Company specifies in writing matters concerning prohibition of personal information processing other than for the purpose of performing consigned tasks, technical and managerial protection measures, restrictions on re-consignment, supervision and management of trustees, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether trustees safely process personal information. ③ If the content of consigned tasks or the trustee changes, the Company will disclose it through this Privacy Policy without delay.

• Currently, the Company does not consign personal information processing tasks to external parties. If personal information processing consignment occurs in the future, the consigned company and consigned task content will be specified in this policy.

① Data subjects may exercise rights such as access, correction, deletion, and suspension of processing of personal information against the Company at any time. ② The exercise of rights under Paragraph 1 may be made to the Company in writing, by email, fax, etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay. ③ The exercise of rights under Paragraph 1 may be made through a legal representative of the data subject or a delegated agent. In this case, a power of attorney in accordance with Attached Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted. ④ Rights of data subjects to access and suspension of processing personal information may be restricted in accordance with Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act. ⑤ Requests for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws. ⑥ The Company verifies whether the person making the request for access, correction/deletion, or suspension of processing according to the rights of data subjects is the person in question or a legitimate representative.

• Request for access to personal information
• Request for correction or deletion of personal information
• Request for suspension of personal information processing
• Withdrawal of consent to personal information processing
• For children under 14 years of age, legal representatives may exercise rights such as viewing, modifying, deleting, suspending processing, and withdrawing consent regarding the child's personal information.

① The Company destroys personal information without delay when it becomes unnecessary, such as when the personal information retention period has elapsed or the purpose of processing has been achieved. ② If personal information must continue to be retained in accordance with other laws even after the personal information retention period agreed upon from the data subject has elapsed or the purpose of processing has been achieved, the personal information is moved to a separate database (DB) or stored in a different storage location. ③ The procedure and method for destroying personal information are as follows:

• Destruction Procedure: The Company selects personal information for which destruction reasons have occurred, and destroys personal information with the approval of the Company's privacy officer.
• Destruction Method:
• Information in electronic file format is deleted using technical methods that prevent record reproduction.
• Personal information printed on paper is shredded or incinerated.
• Auxiliary storage media containing personal information are physically destroyed or permanently deleted using dedicated erasing equipment to prevent data recovery.

The Company takes the following technical, managerial, and physical measures necessary to ensure safety in accordance with Article 29 of the Personal Information Protection Act:

• Minimization and education of personal information handling employees: Measures are implemented to manage personal information by designating employees who handle personal information and limiting them to those in charge.
• Regular internal audits: Regular internal audits are conducted to ensure stability related to personal information handling.
• Establishment and implementation of internal management plan: An internal management plan is established and implemented for safe processing of personal information.
• Encryption of personal information: Users' personal information passwords are encrypted and stored and managed, so only the user knows them, and important data uses separate security functions such as encrypting files and transmission data or using file lock functions.
• Technical measures against hacking, etc.: The Company installs security programs to prevent personal information leakage and damage due to hacking or computer viruses, periodically updates and checks them, and installs systems in areas controlled from external access and monitors and blocks them technically and physically.
• Restriction of access to personal information: Necessary measures are taken to control access to personal information by granting, changing, and deleting access rights to database systems that process personal information, and unauthorized access from outside is controlled using intrusion prevention systems.
• Retention and prevention of forgery/alteration of access records: Records of access to personal information processing systems are retained and managed for at least one year, and security functions are used to prevent forgery, alteration, theft, and loss of access records.
• Use of locking devices for document security: Documents and auxiliary storage media containing personal information are stored in safe places with locking devices.
• Access control for unauthorized persons: Separate physical storage locations for personal information are established, and access control procedures are established and operated.

① The Company uses 'cookies' that store and retrieve usage information from time to time to provide individualized customized services to users. ② Cookies are small pieces of information sent by the server (http) used to operate a website to the user's computer browser and may be stored on the hard disk of the user's PC computer. ③ Purpose of using cookies: Used to provide users with optimized information by identifying visit and usage patterns, popular search terms, secure connection status, etc. for each service and website visited by users. ④ Installation, operation, and rejection of cookies: Cookie storage can be rejected by setting options in the Tools > Internet Options > Privacy menu at the top of the web browser. ⑤ Rejecting cookie storage may cause difficulties in using customized services.

• For Internet Explorer: Tools menu at the top of web browser > Internet Options > Privacy > Settings
• For Chrome: Settings menu at the top right of web browser > Show advanced settings at the bottom of screen > Content Settings button in Privacy > Cookies
• For Safari: Safari menu at the top of web browser > Preferences > Privacy > Cookies and Website Data

① The Company has designated a privacy officer as follows to take overall responsibility for personal information processing and to handle complaints and damage relief related to personal information processing of data subjects. ② Data subjects may contact the privacy officer and department in charge for all personal information protection-related inquiries, complaint handling, damage relief, etc. that occur while using the Company's services. The Company will respond to and handle data subject inquiries without delay.

• Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
• Jurisdiction: Report of personal information infringement, consultation application
• Website: privacy.kisa.or.kr
• Phone: 118 (without area code)
• Personal Information Dispute Mediation Committee
• Jurisdiction: Personal information dispute mediation application, collective dispute mediation (civil resolution)
• Website: www.kopico.go.kr
• Phone: 1833-6972 (without area code)
• Supreme Prosecutors' Office Cybercrime Investigation Division
• Website: www.spo.go.kr
• Phone: 02-3480-3573
• National Police Agency Cyber Safety Bureau
• Website: cyberbureau.police.go.kr
• Phone: 182 (without area code)

Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive relief for personal information infringement. For other reports and consultations on personal information infringement, please contact the following organizations:

• Personal Information Infringement Report Center (Korea Internet & Security Agency): 118 (without area code), privacy.kisa.or.kr
• Personal Information Dispute Mediation Committee: 1833-6972 (without area code), www.kopico.go.kr
• Supreme Prosecutors' Office Cybercrime Investigation Division: 02-3480-3573, www.spo.go.kr
• National Police Agency Cyber Safety Bureau: 182 (without area code), cyberbureau.police.go.kr
• A person whose rights or interests have been infringed by a disposition or omission made by the head of a public institution regarding requests under Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing, etc. of Personal Information) of the Personal Information Protection Act may request administrative appeal in accordance with the Administrative Appeal Act.
• Central Administrative Appeals Commission: 110 (without area code), www.simpan.go.kr

① This Privacy Policy is effective from December 10, 2025. ② Previous Privacy Policies can be found below. ③ If there are additions, deletions, or modifications to the content according to changes in laws, policies, or security technologies, the Company will notify the reasons and content of changes through the Company website at least 7 days before the effective date of the changes. ④ However, for significant changes to user rights such as changes in personal information items collected or changes in purpose of use, the Company will notify at least 30 days in advance and may obtain user consent again if necessary.

• Announcement Date: December 10, 2025
• Effective Date: December 10, 2025