The Company processes personal information for the following purposes. The personal information being processed will not be used for any purposes other than those specified below. If the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent in accordance with this Privacy Policy.

• (1) Service Provision and Personalization: Confirming membership intent, identifying and authenticating users for membership-based services, maintaining and managing user status, preventing fraudulent use of services, providing various notices and announcements, handling inquiries, processing transactions, login authentication, operating, maintaining, and improving services, providing personalized features and content recommendations, supporting productivity and team collaboration, etc.
• (2) New Service Development and Research: Developing new services and offering personalized services, delivering services and advertisements based on statistical characteristics, verifying service effectiveness, analyzing access frequency or usage statistics, analyzing usage trends and patterns, and developing new products/features/technologies, etc.
• (3) Customer Support: Responding to and handling user inquiries, resolving user complaints, providing technical support, troubleshooting, etc.
• (4) Marketing and Communication: Delivering information about the Company’s services, features, and events, providing personalized advertisements (only with the data subject’s consent)
• (5) Integration with Meta Platforms: When users connect their accounts or authorize access through Facebook Login or the Instagram Graph API, we may collect limited profile information (e.g., name, email, and public Instagram account data) to provide login authentication, content management, and related service functionality. Such data will only be used to deliver the authorized features of the Service and will not be used for any other purpose.

The Company collects personal information when the data subject uses the services, directly provides information to the Company, or when the Company receives information from other sources.

Items of Personal Information Collected

• Information directly provided by the data subject
• - Required items (for membership registration and service provision): Email address, password
• - Account and profile information: Name, contact details, company name, job title, profile photo, and other optional information added by the data subject
• - Payment information (for paid service use): Billing contact name, contact details, payment card information, etc. (Note: The Company does not store payment information directly but may process it through a payment gateway)
• - Service content: Content posted, sent, received, or shared by the data subject within the Company’s services (e.g., schedule data, task information, attached files and links, etc.)
• - Website content: Feedback, survey responses, event participation details submitted on the website (including social media)
• - Customer support channel information: Contact details, issue summary, related documents/screenshots provided when requesting support
• Information automatically collected during service use
• - Service usage information: Features used, links clicked, files uploaded, search terms, frequency of collaboration and communication, etc.
• - Device and connection information: IP address, cookies, OS/browser/device details, access logs, page URLs, error data, etc.
• Information collected from other sources
• - Other users: Information provided when inviting to schedules, mentioning, or designating as billing/technical contacts
• - Integrated third-party services: Information such as name, email, and profile data received from external apps(e.g., logging in via Google Account or Facebook Login). If you connect your Instagram Business Account, we may access certain public data (e.g., username, profile picture, and media insights) strictly within the scope authorized by the Meta Platform.
• - Affiliates: (Currently not applicable)
• - Partners: Billing/technical contact information and service interest details received from marketing/reseller partners
• - Public sources: Information from publicly available databases, social media, etc.

Methods of Personal Information Collection

• When the user agrees to the collection of personal information and directly enters it during membership registration or while using the service
• Through web pages, emails, faxes, telephone calls, etc., during consultations via customer support
• Automatically generated and collected information such as IP address, cookies, usage history, and device information during service use
• When linked with third-party services, information received from those services

The Company processes and retains personal information within the period permitted by relevant laws or the period agreed upon by the data subject at the time of collection.

The respective retention periods for personal information are as follows:

• (1) Membership registration and management (account information): Until the user withdraws membership or for a reasonable period during which the account remains active and may be reactivated.
• - If an investigation or inquiry due to a legal violation is in progress: Until the end of the investigation or inquiry
• - If there are outstanding claims or debts related to service use: Until settlement of such claims or debts
• - When necessary for compliance with legal obligations, dispute resolution, enforcement of agreements, business operations, service development, or improvement
• (2) Service-related information (information shared within services): Until the service is fully provided and payment/settlement is completed.
• - However, some information or content provided by the data subject may remain accessible to other users even after account deactivation. Upon request, identifying information will be deleted.
• (3) Marketing information: Retained until the data subject withdraws consent to receive marketing communications or for a reasonable period after the last indication of interest in the service.

If the Company is legally required to retain personal information even after the retention period has expired, it will securely store such information for the period specified below:

• In the case of the Republic of Korea, the legal grounds and retention periods are as follows:
• - Act on the Consumer Protection in Electronic Commerce, etc. (Article 6)
• · Records regarding advertisements: 6 months
• · Records regarding contracts or withdrawal of subscription: 5 years
• · Records regarding payment and supply of goods: 5 years
• · Records regarding consumer complaints or dispute resolution: 3 years
• - Protection of Communications Secrets Act (Article 15-2)
• · Computer communication, internet log records, and tracking data: 3 months
• - For other jurisdictions such as the EU, the U.S., and Japan, retention will comply with applicable local laws and regulations.

When the retention period expires or the purpose of processing is fulfilled, the Company will promptly destroy the personal information in accordance with Article 7 (Procedures and Methods for Destruction of Personal Information) and applicable laws, including the Personal Information Protection Act and relevant jurisdictional laws.

However, if immediate destruction is technically infeasible (e.g., due to backup systems), the information will be securely stored, isolated from further use or external access, and destroyed as soon as it becomes technically possible.

The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information), and in principle, does not provide or disclose personal information to external parties without the prior consent of the data subject.

However, exceptions are made in the following cases:

• (1) When the data subject has given prior consent
• - The Company will clearly inform the data subject of the recipient, purpose of provision, items of personal information provided, and the retention and usage period, and obtain consent through appropriate procedures.
• (2) When disclosed to other service users
• · For collaboration purposes: When the data subject chooses to create and share content within the service, such content and related profile information (e.g., name, profile photo) may be displayed to others.
• · Admin account: An administrator of the organization to which the data subject belongs may disclose the data subject’s contact information to other members to support service-related requests.
• · Community forums: If the data subject posts information on public boards or forums operated by the Company, such information and profile details may be publicly accessible.
• (3) When required by law or upon request from investigative agencies following legal procedures and methods as prescribed by law
• (4) When necessary for service provision
• · Service providers: The Company may cooperate with third-party providers for purposes such as website and app development, hosting, maintenance, backup, storage, infrastructure, payment processing, analytics, and marketing.
• - In such cases, providers may access only the minimum amount of information necessary to perform their duties, and the Company imposes appropriate confidentiality and security obligations.
• · Third-party app integrations: When a data subject or administrator installs a third-party app within the service, such apps may access account information, email addresses, and connected content.
• - Users must review the privacy policies of the respective third-party apps.
• · Partners: The Company may share information with consulting, sales, or technical support partners for relevant purposes, with the consent of the data subject.
• (5) Business transfers
• - In the event of a merger, asset sale, funding, or business acquisition, collected personal information may be transferred. In such cases, the data subject will be informed and given options.
• (6) Disclosure to affiliates
• - Currently not applicable. However, if information is disclosed to affiliates in the future, the protections outlined in this policy will apply.

Currently, the Company does not provide personal information to third parties for any purposes other than those described in subparagraphs 2 to 6 above.

If such provision becomes necessary in the future, the Company will inform the data subject of the recipient, purpose, items, and retention and use period, and will obtain consent or handle it in accordance with applicable laws.

The Company does not provide personal information to third parties.

To ensure smooth personal information processing, the Company provides and entrusts the processing of personal information overseas as follows:

• Recipient: Google Inc. (Firebase)
• Country of Transfer: United States
• Purpose of Use: Managing user registration, email, and password information using Firebase Authentication
• Personal Information Transferred: Email, password, and other information collected during service use
• Method and Timing of Transfer: At the time of user registration and login via Firebase Authentication SDK
• Retention and Use Period: Until the user withdraws membership
• Legal Basis for Overseas Transfer: Article 28-8(1)(3)(a) of the Personal Information Protection Act and the data subject’s consent

When transferring personal information overseas, the Company takes the following legal protective measures:

• In accordance with the Personal Information Protection Act and the EU General Data Protection Regulation (GDPR), one or more of the following measures are applied:
• · Execution of Standard Contractual Clauses (SCCs) with data processors
• · Obtaining the data subject’s explicit consent
• · Transfers to countries with an adequacy decision by the European Commission
• · Application of other exceptions permitted under relevant laws
• The Company contractually requires data processors to implement necessary legal and technical measures for personal information protection and continuously monitors for compliance to protect the rights and prevent infringement of data subjects.

Data subjects may refuse the overseas transfer of personal information by contacting the Personal Information Protection Officer or the department in charge of privacy. However, if the overseas transfer is essential for the provision of a service, refusal may result in limited access to such service.

Requests to refuse the transfer can be made via help@digitalog.ai.

The Company may offer integration with Google APIs (e.g., Google OAuth, Google Calendar), and any data collected through such services is used in accordance with Google’s API Services User Data Policy, including the Limited Use Requirements.

The Company strictly adheres to this policy and will not use any personal information received via Google APIs for purposes other than the explicitly stated functions such as authentication or calendar access.

The Company promptly destroys personal information when it becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose.

If the personal information retention period agreed upon by the data subject has expired or the processing purpose has been achieved, but the personal information must be retained according to other laws, the information is transferred to a separate database or stored in a different location.

Such personal information is not used for purposes other than retention unless required by law.

Destruction procedure: Information entered by the user is destroyed either immediately or after a certain period of storage according to internal policies and relevant laws once the retention period has passed or the processing purpose is achieved.

Destruction is carried out with the approval of the Personal Information Protection Officer.

Destruction methods: When destroying personal information processed by the Company, the following methods are used:

• For electronic files: permanent deletion using methods that prevent restoration
• For physical records such as printed materials, paper documents, and other media: shredding or incineration

Data subjects may exercise the following personal information protection rights against the Company at any time:

• Request to access personal information
• Request correction in case of errors, etc.
• Request deletion
• Request suspension of processing
• Withdrawal of consent
• Rejection or explanation request regarding automated decisions
• Request for information on the processing of personal information
• Withdrawal of consent for international transfer of personal information

Rights may be exercised in writing, via email, fax, etc., pursuant to Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take prompt action accordingly.

• Access, correction, deletion: Service page home > profile icon > account settings > edit member information
• Membership withdrawal (consent withdrawal): Service page home > profile icon > account settings > withdraw membership
• Requests for suspension of processing, rejection/explanation of automated decisions, and other rights: Contact the personal information access and processing department (Article 12)
• Data Deletion for Meta Platform Users: Users who have connected their accounts via Facebook or Instagram may request deletion of their data obtained through Meta Platforms by contacting help@digitalog.ai
• Upon receiving such requests, the Company will promptly delete all related data stored on our servers in accordance with Meta’s Platform Terms and applicable privacy laws.

Rights may also be exercised through a legal representative or authorized agent of the data subject.

In this case, a power of attorney must be submitted.

(Acceptable power of attorney: [Personal Information Processing Method Notification (No. 2023-12) Attachment No. 11] Power of Attorney)

Requests for access and suspension of processing may be restricted pursuant to Articles 35 (4) and 37 (2) of the Personal Information Protection Act.

Requests for correction and deletion cannot be made if the personal information is explicitly required to be collected under other laws.

When receiving requests for access, correction/deletion, or suspension of processing, the Company verifies whether the requester is the data subject or a legitimate representative.

Additional information may be requested for identity verification, and requests may be denied if verification is not possible.

The data subject’s requests and choices may be restricted in certain situations (e.g., disclosure of others' information upon fulfilling requests, legal retention obligations, etc.).

Data subjects may submit requests for access, etc., to the following department.

The Company strives to process data subject’s access requests promptly.

• Personal information access request handling department: Development Team
• Contact: help@digitalog.ai, 070-4106-4243

When consent is required to process personal information of children under the age of 16, the Company obtains consent from the child’s legal representative.

When obtaining consent from the legal representative for processing personal information of children under 16, the Company may require minimal information such as the legal representative’s name and contact details, and requires the legal representative to indicate consent on the website where the consent details are posted. The Company verifies this consent by notifying the legal representative via SMS on their mobile phone.

The Company does not intentionally collect personal information of children under 16, and if it becomes aware that such information has been collected, it will promptly destroy it.

The Company takes the following measures, including industry-standard technical and organizational measures, to ensure the security of personal information.

• Administrative measures: Establishment and implementation of internal management plans, operation of dedicated organizations, regular staff training
• Technical measures: Access control for personal information processing systems, installation of access control systems, encryption of unique identifiers, installation and periodic update/check of security programs
• Physical measures: Access control to computer rooms and document storage rooms

The Company strives to manage users’ personal information safely and makes additional efforts to protect personal information beyond the safety measures required by the Personal Information Protection Act.

The Company conducts regular security checks such as penetration testing and code-level security issue inspections.

Additionally, the Company provides consulting and education on personal information management.

No security system can be perfect, and the Company cannot guarantee complete safety of information during transmission over the internet or while stored in systems against external intrusions.

In the event of a security incident, the Company will respond promptly according to relevant laws and regulations.

The Company uses 'cookies' which store and periodically retrieve usage information to provide personalized services and convenience to users.

What is a cookie? A cookie is a very small text file sent by the server operating the Company’s website to the user’s browser, stored on the user’s computer hard disk.

Purpose of using cookies: to implement auto-login functionality, analyze visit frequency and duration of members and non-members, understand users’ preferences and interests, improve services, and block abnormal access. The Company also uses analytics tools such as Google, Datadog, and Hotjar to collect and analyze users’ key activities.

• Installation, operation, and rejection of cookies: Data subjects can set their web browser options to allow or block cookies. However, rejecting cookie storage may cause difficulties in using personalized services.
• Example settings (mobile browsers):
• (1) Chrome: Mobile browser settings > Privacy and security > Clear browsing data
• (2) Safari: Mobile device settings > Safari > Advanced > Block all cookies
• (3) Samsung Internet: Mobile browser settings > Browsing data > Clear browsing data

Do Not Track (DNT) signals: Some web browsers provide the ability to send DNT signals to websites to request tracking prohibition. The Company currently does not take any specific action in response to such DNT signals.

For detailed information on cookies and other tracking technologies and how to reject them, please refer to the Company's separately provided Cookie Policy.

The Company appoints a Personal Information Protection Officer who is responsible for overseeing the handling of personal information and for processing complaints and remedies related to the protection of personal information as follows.

Personal Information Protection Officer Name: Dongkyu Son

Phone Number: 070-4106-4243

Email: help@digitalog.ai

Department for handling personal information grievances: Development Department

Person in charge: Personal Information Protection Officer

Phone Number: 070-4106-4243

Email: help@digitalog.ai

Data subjects may contact the Personal Information Protection Officer or the responsible department regarding any inquiries, complaints, or remedies related to the protection of personal information arising from the use of the Company’s services. The Company will respond promptly to such inquiries.

Users are advised not to provide sensitive personal information (e.g., resident registration number, health information, political opinions, etc.) when making inquiries.

• Except where required by law or with the explicit consent of the data subject, the Company does not collect or process the following sensitive information:
• (1) Unique identifiers such as social security numbers and passport numbers
• (2) Health information and medical records
• (3) Political opinions, religious or philosophical beliefs
• (4) Race and ethnicity
• (5) Biometric or genetic information
• (6) Sexual orientation or sexual life information
• (7) Criminal records or investigation history
• (8) Membership in labor unions, etc.

If a data subject voluntarily provides such sensitive information, the information will be processed strictly within the limited scope in accordance with this Privacy Policy and related laws, and unnecessary information will be promptly destroyed.

The Company also recommends caution to avoid including such information during customer support or service use and advises not to provide sensitive personal information when making inquiries.

Accessibility of Privacy Policy: This Privacy Policy is publicly available and can be accessed at any time without login restrictions.

Users can review the latest version at https://www.digitalog.ai/en/terms-and-privacy?type=privacy.

If a data subject has any concerns or violations related to personal information protection, they may contact the Company or request dispute resolution, consultation, or report to the relevant personal information supervisory authority in their jurisdiction using the following methods.

The Company respects the data subject’s right to self-determination of personal information and makes every effort to protect rights and provide remedies.

Also, data subjects may contact the Personal Information Protection Officer or responsible department listed in Article 12 at any time to file complaints, make inquiries, or exercise their rights.

• Data subjects in the Republic of Korea
• - Personal Information Dispute Mediation Committee: 1833-6972 (no area code) (http://www.privacy.go.kr)
• - Personal Information Infringement Reporting Center: 118 (no area code) (https://privacy.kisa.or.kr/main.do)
• - Supreme Prosecutors’ Office: 1301 (no area code) (https://www.spo.go.kr/site/spo/main.do)
• - National Police Agency: 182 (no area code) (https://ecrm.police.go.kr/minwon/main)

• Residents of the European Union (EU)
• - May report to the Data Protection Authority (DPA) in each member state. A list of DPAs can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
• - Under the GDPR, data subjects may file complaints or seek legal remedies with the competent authority.

• Residents of California, USA
• - May file complaints with the California Privacy Protection Agency (CPPA).
• - https://cppa.ca.gov

• Residents of Japan
• - May contact or file reports with the Personal Information Protection Commission (PPC).
• - https://www.ppc.go.jp

• Other regions
• - Data subjects may file complaints with the relevant Data Protection Authority in their jurisdiction and seek administrative or legal remedies under applicable laws.

The Company guarantees the data subject’s right to self-determination regarding personal information and strives to provide consultation and remedies for personal information infringements. For reports or consultations, please contact the responsible department as described in Article 12.

The Company's website may contain links to other websites or services. In such cases, the Company is not responsible for the privacy practices of the linked external websites or services.

When navigating to external sites, please review their privacy policies carefully.

This Privacy Policy applies only to services operated by the Company.

Some of the Company's services may be designed for use by organizations (e.g., the data subject’s employer). When services are provided through an organization, that organization acts as the service administrator and may be responsible for managing accounts and service usage. In such cases, please direct any privacy-related inquiries to the organization's administrator.

The data subject’s use of the service may be subject to the organization’s policies, and the Company is not responsible for any privacy or security practices implemented by the administering organization.

Administrators may have the following authorities:

• Requesting password resets for the data subject’s account
• Restricting, suspending, or terminating service access
• Accessing information within the account
• Installing or removing third-party apps or integrations

If the data subject uses the service with an email address provided by the organization, the domain owner (e.g., employer) may claim administrative rights over the account and service usage in the future, and the data subject will be notified separately in such cases.

If the data subject does not wish the administrator to have control over their account or service usage, they should register or access the service using a personal email address.

This Privacy Policy is effective from the specified effective date.

The Company may amend the Privacy Policy to reflect changes in laws or services.

When changes occur, the Company will post the revised Privacy Policy on this page, and the updated policy will take effect 7 days after posting.

However, if the changes significantly affect the rights of data subjects, the Company will provide at least 30 days’ prior notice through separate means, including:

• Changes in the types of personal information collected
• Additions or changes to the purposes of use of personal information
• Changes related to third-party provision or overseas transfer
• Changes to retention periods, rights exercise procedures, or consent methods affecting data subject rights

Such significant changes will be notified by one or more of the following methods:

• In-service notifications
• Posting announcements
• Individual notices via registered email

Minor changes (e.g., clarifications, corrections to legal citations) may be made by posting on this page alone.

The Company also retains previous versions of the Privacy Policy for the data subject’s reference.

If a data subject does not agree with the changes to this Privacy Policy, they may discontinue use of the service and deactivate their account (unsubscribe).

Continued use of the service shall be deemed as acceptance of the revised Privacy Policy.

The Company complies with the California Consumer Privacy Act (CCPA) and the amended California Privacy Rights Act (CPRA). The Company does not sell personal information, and data subjects have the following rights:

• Right to access and request a copy of collected personal information
• Right to request deletion of personal information
• Right to opt-out of the sale or sharing of personal information (Do Not Sell or Share My Personal Information)

Requests under the CCPA can be submitted via the following channels:

Email: help@digitalog.ai

Verification of identity may be requested via email or government-issued identification during requests, and authorized agents may exercise rights on behalf of data subjects.

This Service may use Meta Platforms, including Facebook Login and the Instagram Graph API, to provide certain login and data synchronization functionalities.

We comply with Meta’s Platform Terms (https://developers.facebook.com/terms) and process any data received from Meta Platforms only for the purpose explicitly authorized by users.

Users can request the deletion of data obtained from Meta Platforms by contacting help@digitalog.ai. Requests will be processed in accordance with Meta’s Data Deletion requirements.