Digitalog Technologies, Inc. ("Company," "we," "us," or "our") operates the Conma platform ("Service"), an intermediary software tool that facilitates Users' own management and automation of their social media accounts through officially available third-party APIs.

This Privacy Policy explains how we collect, use, store, and protect your personal information. By using the Service, you consent to the practices described herein.

The Company acts solely as an intermediary technology provider. We provide tools that allow Users to interact with Third-Party Platforms (such as Meta, Instagram, and Facebook) more efficiently. We do not own, operate, or control any Third-Party Platform, and we are not responsible for any data processing conducted by such platforms. Any data shared through Third-Party Platform integrations is additionally subject to the respective platform's privacy policy.

We process personal information for the following purposes:

• Service provision, customization, and improvement;
• User authentication and account management;
• Payment processing and billing;
• New service development and research;
• Customer support and inquiry resolution;
• Marketing and promotional communications (with consent);
• Integration with Meta platforms (Facebook Login, Instagram Graph API) as authorized by you;
• Compliance with legal obligations.

3.1 Information You Provide Directly

• Required: Email address, password (hashed)
• Optional: Name, phone number, company name, job title, profile photo
• Payment: Billing contact name, billing email, payment card information (processed and stored solely by third-party payment processors; the Company does not store payment card details)

3.2 Information Collected Automatically

• Service usage data: features accessed, actions performed, links clicked, search queries
• Device and connection data: IP address, browser type and version, operating system, device identifiers, access timestamps, referring URLs, error logs
• Cookies and similar technologies (see Section 11)

3.3 Information from Third Parties

• Social login providers (Google, Facebook): Basic profile information as authorized during login
• Instagram Business API: Account metrics, post data, comment data, follower demographics, and other data as authorized by your connected Instagram Business or Creator account

Important: Data received from Third-Party Platforms is collected solely at your direction and authorization. You control which accounts are connected and may disconnect them at any time. The Company processes this data only to provide the Service features you have requested.

Personal information is retained for the following periods:

• Account information: Until account deletion or withdrawal request, plus a reasonable wind-down period (up to 30 days)
• Service usage data: Until service completion and fee settlement
• Marketing consent data: Until consent withdrawal
• Payment records: As required by applicable law

Legal retention requirements under the laws of the Republic of Korea:

• Advertising and display records: 6 months
• Contracts, withdrawals, and payment records: 5 years
• Consumer complaints and dispute resolution records: 3 years
• Communication logs (access records): 3 months

The Company does not sell, rent, or trade your personal information. We may disclose personal information only in the following circumstances:

• With your prior consent;
• To service providers who assist in operating the Service (hosting, payment processing, analytics, customer support), under contractual obligations to protect your data;
• As required by law, regulation, legal process, or enforceable governmental request;
• To protect the rights, property, or safety of the Company, our users, or the public;
• In connection with a merger, acquisition, reorganization, or sale of assets, with notice to affected users.

The following international data transfers may occur:

• Google LLC (Firebase) — United States — User authentication (email, auth tokens) — Until account deletion
• Payment Processor — Varies — Payment processing (billing details) — Per legal requirements
• Analytics Providers — United States — Service improvement (anonymized usage data) — 26 months max

Legal safeguards for international transfers include:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Adequacy decisions where applicable;
• Your explicit consent;
• Compliance with Google API Services User Data Policy.

Personal information is destroyed without delay when the retention period expires or the processing purpose is achieved. Electronic files are permanently deleted using methods that prevent recovery. Physical records are shredded or incinerated.

Where personal information must be retained beyond its original purpose due to legal requirements, it is stored separately from active databases with restricted access.

You have the following rights regarding your personal information, subject to applicable law:

• Right to access your personal information;
• Right to correct inaccurate or incomplete information;
• Right to request deletion of your information;
• Right to suspend or restrict processing;
• Right to withdraw consent at any time;
• Right to object to automated decision-making;
• Right to data portability (where technically feasible);
• Right to withdraw consent for international data transfers.

To exercise these rights, contact us at help@digitalog.ai or 070-4106-4243. We will respond within the timeframes required by applicable law (typically 30 days, or 45 days for California residents).

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will delete it immediately. If you believe a child has provided us with personal information, please contact us at help@digitalog.ai.

We implement the following security measures:

• Administrative: Internal management policies, dedicated security personnel, regular employee training on data protection, access restricted to authorized personnel only
• Technical: Encryption of data at rest and in transit (TLS 1.2+), access control systems, intrusion detection, security monitoring, regular vulnerability assessments
• Physical: Secured data center facilities with access control, environmental protections, and surveillance

Limitation: While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. The Company's liability for data breaches is limited to the maximum extent permitted by applicable law, as set forth in our Terms of Service. We are not responsible for unauthorized access resulting from factors beyond our reasonable control, including but not limited to user negligence, compromised third-party services, or force majeure events.

We use cookies and similar technologies for:

• Authentication and session management (essential);
• Analytics and usage measurement (Google Analytics, Datadog, Hotjar);
• User preference storage;
• Security and fraud prevention.

You may control cookie settings through your browser options. Disabling essential cookies may limit your ability to use certain features of the Service. For analytics cookies, you may opt out through the respective provider's mechanisms.

Data Protection Officer:

• Name: Dongkyu Son
• Department: Development Department
• Phone: 070-4106-4243
• Email: help@digitalog.ai

Republic of Korea:

• Personal Information Dispute Mediation Committee: 1833-6972 (kopico.go.kr)
• KISA Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office Cyber Investigation Division: 1301 (spo.go.kr)
• National Police Agency Cyber Bureau: 182 (ecrm.police.go.kr)

European Union: Contact your local Data Protection Authority (DPA). A list is available at edpb.europa.eu.

United Kingdom: Information Commissioner's Office (ICO) at ico.org.uk.

California, USA: California Privacy Protection Agency (CPPA) at cppa.ca.gov.

Japan: Personal Information Protection Commission (PPC) at ppc.go.jp.

The Service may contain links to third-party websites or services. The Company is not responsible for the privacy practices, content, or security of any third-party websites. We encourage you to review the privacy policies of any third-party services you access.

If you access the Service through an organization (e.g., your employer), the organization's administrator may have the ability to access, control, and manage your use of the Service, including viewing usage data and managing account settings. Please consult your organization's privacy policies regarding the use of such data.

If you are a California resident, you have additional rights:

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected;
• Right to Delete: You may request deletion of personal information, subject to legal exceptions;
• Right to Opt-Out: The Company does not sell or share personal information for cross-context behavioral advertising;
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a verifiable consumer request, contact help@digitalog.ai. We will verify your identity before processing the request.

The Service uses Facebook Login and Instagram Graph API to access your social media data as authorized by you. All data received from Meta is processed in strict compliance with Meta Platform Terms and Policies.

• We only access data that you have explicitly authorized;
• We use Meta data solely for the Service features you have requested;
• We do not sell Meta-sourced data to third parties;
• You may revoke Meta data access at any time through your Meta account settings or by disconnecting your account in the Service.

To request deletion of all Meta-sourced data, contact help@digitalog.ai.

We may update this Privacy Policy from time to time. Standard changes will be posted on this page and take effect 7 days after posting. Changes that significantly affect your data subject rights will be notified at least 30 days in advance through the Service, email, or other appropriate means.

Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

Digitalog Technologies, Inc.

• CEO: Dongkyu Son
• Address: 210, Jena-dong, 245, Dongbaekjungang-ro, Giheung-gu, Yongin-si, Gyeonggi-do, South Korea
• Email: help@digitalog.ai
• Phone: 070-4106-4243
• Business Registration: 759-86-02818
• E-commerce Registration: 2025-Yongin Giheung-0063