Article 1 (Purpose of Collection and Use of Personal Information)

The Company processes personal information for the following purposes. Personal information being processed will not be used for any purpose other than those listed below, and if the purpose of use changes, we will take necessary measures such as obtaining separate consent.

1. Member Registration and Management

   Confirming intent to sign up as a Member, identifying and authenticating identity for membership-based services, maintaining and managing Member status, preventing fraudulent use of services, etc.

2. Service Provision

   Showcase and Recipe registration and sharing, community board usage, Profile management, Follow/Follower features, Notifications service, and more

3. Service Improvements

   New service development and personalized service provision, service usage statistics and analysis

Article 2 (Categories of Personal Information Collected)

1. Information Collected During Member Registration

2. Information Collected During Service Use (Optional)

3. Information Automatically Collected During Service Use

• Access IP address, browser type, access date and time
• Service usage history, access logs
• Cookie and Local Storage Information

Article 3 (Retention and Use Period of Personal Information)

1. The Company processes and retains personal information within the retention and use period required by law or the retention and use period consented to by the data subject at the time of personal information collection.
2. When a Member withdraws, their personal information is immediately deleted. However, if it needs to be retained according to relevant laws and regulations, it will be kept for the period specified by those laws.
   • Records related to contracts or withdrawal of subscription: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
   • Records of payment and supply of goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
   • Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
   • Website visit records: 3 months (Telecommunications Privacy Act)

Article 4 (Provision of Personal Information to Third Parties)

1. As a rule, the Company processes users' personal information within the scope of purposes specified in Article 1, and does not process it beyond the original scope or provide it to third parties without the prior consent of the data subject.
2. However, we may provide personal information to third parties in the following cases.
   • When we have obtained separate consent from the data subject
   • When there are special provisions in applicable laws and regulations
   • When the data subject or their legal representative is unable to express their intent or prior consent cannot be obtained due to unknown address or similar reasons, and it is clearly recognized as necessary for the urgent benefit of the life, body, or property of the data subject or a third party

Article 5 (Entrustment of Personal Information Processing)

To ensure smooth processing of personal information, we entrust the following personal information processing tasks as follows.

Article 6 (Rights and Obligations of Data Subjects and How to Exercise Them)

1. Data subjects may exercise the following personal information protection rights with the Company at any time.
   • Request to Access Personal Information
   • Request corrections if there are errors
   • Request Deletion
   • Request to Stop Processing
2. You can exercise the above rights through the settings menu within the service, or via written request, phone, or email, and we will take action without delay.
3. If a data subject requests correction or deletion of errors in their personal information, the company will not use or provide that personal information until the correction or deletion is complete.
4. You may exercise your rights through a legal representative or an authorized agent, such as someone you've delegated. In this case, you must submit a power of attorney following the format specified in Annex No. 11 of the "Notice on Personal Information Processing Methods."

Article 7 (Destruction of Personal Information)

1. When personal information is no longer needed—such as when the retention period has expired or the purpose of processing has been achieved—the Company will promptly delete that personal information.
2. The procedures, timeframes, and methods for destruction are as follows.
   • Deletion Process: Information entered by users is transferred to a separate database after the purpose is achieved and stored for a certain period according to internal policies and other relevant laws, or destroyed immediately.
   • Method of Destruction: Information in electronic file format is handled using technical methods that make records irreproducible.

Article 8 (Operation and Rejection of Cookies)

1. The Company uses "Cookies" to store and retrieve usage information in order to provide personalized services to users.
2. Cookies are small pieces of information that a website's server sends to your computer's browser and may be stored on your PC's storage device.
   • Purpose of Cookie Use: Providing optimized services by maintaining user login status, tracking visit history, and understanding usage patterns
   • Cookie Installation, Operation, and Rejection: You can block cookies by going to Tools > Internet Options > Privacy in your web browser's menu and adjusting the settings.
   • If you refuse to store cookies, you may experience difficulties using personalized services.

Article 9 (Security Measures for Personal Information)

We take the following measures to ensure the security of your personal information.

1. Administrative Measures: Establishing and implementing internal management plans, minimizing staff handling personal information, and providing training
2. Technical Measures: Access control management for personal information processing systems, encryption of Unique Identification Information, and installation of security programs
3. Physical Measures: Access control for server rooms, data storage facilities, etc.

Article 10 (Privacy Officer)

The Company has designated a Privacy Officer as shown below to oversee all matters related to personal information processing and to handle complaints and provide remedies for data subjects regarding personal information processing.

Article 11 (Remedies for Rights Infringement)

If your personal information has been violated, you can file for dispute resolution or request consultation with organizations like the Personal Information Dispute Mediation Committee or the KISA Personal Information Infringement Report Center.

• Personal Information Dispute Mediation Committee: 1833-6972 (toll-free) (www.kopico.go.kr)
• Personal Information Infringement Report Center: 118 (toll-free) (privacy.kisa.or.kr)
• Supreme Prosecutors' Office: 1301 (without area code) (www.spo.go.kr)
• National Police Agency: 182 (toll-free) (ecrm.cyber.go.kr)

Article 12 (Changes to the Privacy Policy)

This Privacy Policy is effective from December 10, 2025. If there are any changes to the Privacy Policy, we will post the changes, and the updated Privacy Policy will take effect 7 days after posting. However, in cases of significant changes affecting user rights, such as changes to the categories of personal information collected or purposes of use, we will notify you at least 30 days in advance.

Supplementary Provisions

This Privacy Policy is effective as of December 10, 2025.