Whyus (hereinafter referred to as the "Company") is committed to protecting the valuable personal information of its users (hereinafter referred to as "Users") and adheres to the relevant legal provisions on the protection of personal information that information and communication service providers must comply with.

Through this privacy policy, the Company informs Users about the purposes for which it collects personal information and the efforts and measures taken by the Company to protect such information.

Please note that the Company's privacy policy may be updated from time to time due to changes in relevant laws and guidelines or the Company's internal policies. If any changes are made to the privacy policy, we will notify Users through our website. Users are advised to check the updated information regularly.

1. Types of Personal Information Collected

a. Upon initial registration for our services, the Company collects the following personal information to provide various services: Unique identification numbers provided by platform operators, user names or nicknames, device unique identifiers (device IDs or IMEI), cookies, etc.

b. During the use of our services, the following information may be generated and collected: User status information, visit timestamps, service usage records, records of improper use, cookies, etc.

c. When using paid/free services, certain essential payment-related information such as credit card details, carrier information, purchase history, gift voucher numbers, and other payment-related details may be collected. For efficient customer support related to content restoration or refunds, additional personal information such as email addresses, purchase history details, and proof of identity and family relationships may also be collected.

Methods of Personal Information Collection

The Company collects personal information through:

• Automatic collection via partnerships with platform operators.

• Voluntary provision by Users during service registration or use.

2. Purposes of Collecting and Using Personal Information

 Provision of Basic Game Features: The Company provides services such as displaying a User's ranking based on their unique identification number provided by platform operators. Device unique identifiers (Device ID or UDID, IMEI) collected during registration are used to verify the legitimacy of user accounts.

a. Service Provision and Contractual Obligations: This includes the provision of free or paid content, delivery of purchased goods, invoicing, identity verification, purchase and payment processes, and debt collection.

b. User Management: This involves verifying users for member services, identifying individuals, preventing unauthorized or improper use, confirming intentions for membership, preserving records for identity verification and dispute resolution, handling complaints and notifications, etc.

c. New Service Development and Marketing/Advertising: The Company may use personal information for developing new services, providing tailored services, statistical analysis for service provision and advertising placement, verifying service effectiveness, offering event and advertising information, understanding user access frequencies, and generating service usage statistics.

3. Sharing and Provision of Personal Information

The Company uses Users' personal information within the scope notified in the "Purpose of Collection and Use of Personal Information" and does not disclose the personal information to external parties beyond this scope without the prior consent of the user. However, in the following cases, the Company may use and provide personal information:

a. When Users have given prior consent to the disclosure: Before collecting or providing information or transferring handling responsibilities to third-party service providers, the Company informs Users about who the affiliated business partners are, how the information will be protected/managed, and obtains consent. If Users do not agree, the Company will not collect additional information or share it with affiliated partners. When obtaining Users' consent to provide personal information, the recipients and purposes of the information are as follows:

4. Handling of Personal Information by Third Parties

The Company may entrust personal information to improve its services. As related matters progress, the Company will announce any changes accordingly.

5. Retention and Use Period of Personal Information

The Company generally destroys Users' personal information without delay once the purposes of collecting and using the information are achieved. However, the following information is retained for the reasons stated below:

a. Reasons for Information Retention Under Company Policy

• Records of improper use (Retention Reason: Prevention of improper use, Retention Period: 1 year)

b. Reasons for Information Retention Under Relevant Laws

In cases where it is necessary to retain user information in accordance with the provisions of related laws such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, etc., the Company stores the member information for a certain period as specified in the relevant laws. The information retained is used only for the purpose of retention, and the retention periods are as follows:

• Records related to contracts or subscription withdrawals: 5 years

• Records related to payment of fees and supply of goods, etc.: 5 years

• Records related to consumer complaints or dispute resolutions: 3 years

6. Personal Information Destruction Procedure and Method

The Company will promptly destroy users' personal information once the purpose of its collection and use has been achieved. The Company's procedures and methods for the destruction of personal information are as follows:

a. Destruction Procedure

• Information provided by users for service registration is transferred to a separate database after its purpose is fulfilled. The information is then stored for a certain period based on internal policies and other relevant laws (refer to retention and use period) before being destroyed.

• Personal information is not used for purposes other than retention unless required by law.

b. Destruction Method

• Personal information stored in electronic file format is deleted using methods that make record reproduction impossible. Personal information printed on paper is shredded or incinerated.

Rights of Users and Legal Guardians and How to Exercise Them

• Users and their legal guardians can check or modify the personal information of themselves or minors under 14 years of age through the platform operator. If they do not agree with the Company's handling of personal information, they can refuse consent or request service termination. However, this may result in restricted access to all or part of the service.

• To check/modify personal information or withdraw consent, users or legal guardians can go through the "Information Modification" section within the service or contact customer service for "Withdrawal" after verifying their identity.

7. Installation/Operation of Automatic Personal Information Collection Devices and Refusal

• The Company uses 'cookies' to provide personalized services to users. A cookie is a small piece of data sent from the Company's servers to a user's browser, which may be stored on their hard drive.

• Cookies help analyze users' visits, connection types, and times to various services on the Company's site for enhanced service provision.

• Users have the option to accept or reject cookies. By adjusting browser settings (e.g., "Tools > Internet Options > Privacy > Privacy Level" for Internet Explorer), users can either accept all cookies, be prompted for each cookie, or reject all cookies. However, if cookies are rejected, certain services requiring login may be inaccessible.

• The Company may automatically collect device identification numbers (Device ID, UDID, IMEI) when users run applications for game services to create account information. Additionally, unique identification numbers related to friend registration or recommendations may also be collected from platform users. If these identification numbers are not collected automatically, certain features like friend invites or gifts in the game service cannot be provided, hindering normal service usage.

8. Technical/Managerial Measures for the Protection of Personal Information

The Company implements the following technical/managerial measures to ensure the security of users' personal information, preventing loss, theft, leakage, alteration, or damage:

a. Preventive Measures Against Hacking and Others

• The Company strives to prevent the leakage or damage of member's personal information due to hacking, computer viruses, etc. Regular backups are performed to prepare for potential data damage. Various measures, such as encryption during communication, are taken to securely transmit personal information over the network. Intrusion prevention systems are used to control unauthorized access from external sources, and every effort is made to implement all technically possible security measures.

b. Minimization of Handling Staff and Training

• Personnel handling personal information at the Company are limited to designated individuals. They are assigned separate passwords, regularly updated, and undergo frequent education to emphasize compliance with Whyus privacy policy.

c. Operation of Personal Information Protection Team

• The Company operates an internal personal information protection team to confirm compliance with Whyus privacy policy and the adherence of personnel to it. If any issues are detected, the Company strives to promptly correct and rectify them. However, the Company is not responsible for any problems arising from the user's negligence, intentional actions, or significant faults unrelated to the company.

9. Contact Information for Personal Information Management Officer and Responsible Person

Users can report privacy-related complaints while using the Company's services to the personal information management officer or the relevant department. The Company will promptly provide sufficient answers to users' reported issues.

• Responsible Person's Name: Jae Hoon Lee

• Affiliation and Position: CEO

• Contact Information: whyus.dev@gmail.com / TEL: 010-6818-9234

For reporting or consultation regarding other privacy infringements, please contact the following organizations:

• Personal Information Infringement Report Center (http://privacy.kisa.or.kr / 118 without area code)

• Cyber Investigation Department of the Supreme Prosecutors' Office (http://www.spo.go.kr / 1301 without area code)

• Cybercrime Reporting System of the National Police Agency (https://ecrm.cyber.go.kr / 182 without area code)

• Personal Information Dispute Mediation Committee (http://www.kopico.go.kr / 1833-6972 without area code)

10. Notification Obligation

The Company will announce any additions, deletions, or modifications to the contents of this privacy policy at least 7 days prior to the effective date (important changes such as the collection and use of personal information, third-party provision, etc., will be notified 30 days in advance) through the Whyus website (https://sites.google.com/view/whyus-privacy) or each game's community. Despite such notices, if customers do not raise objections, it will be considered that they have agreed to such changes.