Last Modified: November 1, 2025

Effective Date: November 1, 2025

CROBO Corp. (hereinafter referred to as the "Company") complies with personal information protection regulations under relevant laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection and the Personal Information Protection Act, and establishes a Privacy Policy to do its best to protect user rights. Through this Privacy Policy, the Company informs you how the personal information you provide is being used and what measures are being taken to protect personal information.

Article 1 (Items of Personal Information Collected and Purpose of Use)

1. The Company collects the following minimum personal information to provide services.
   • Required Items (When Signing Up):
     • Email address: Member identification, login, notice delivery, customer inquiry response
     • (When using external authentication services such as Google) User identification information, profile name, and profile photo URL provided by that service
   • Required Items (When Registering Saju Profile):
     • Nickname: Profile identification within the service
     • Date and time of birth: Saju analysis and related service provision
     • Gender: Improving saju analysis accuracy and related service provision
     • (When analyzing compatibility) Partner's nickname, date and time of birth, gender, relationship: Compatibility analysis and related service provision
   • Automatically Collected Items:
     • Service usage records (login records, AI conversation records, number of questions, last question date, etc.): Service improvement, statistical analysis, abuse prevention
     • Access logs, cookies, access IP information: Ensuring service stability, preventing fraudulent use
   • When Using Paid Services:
     • Payment information (credit card information, account information, etc.): Processed through payment agencies, the Company does not store directly.
     • Order information, subscription information: Providing and managing paid services
   • When Using Referral Program:
     • Referral code: Verifying referral relationships and providing rewards
     • Referral/referee history: Operating referral program and managing rewards
2. The Company uses collected personal information for the following purposes.
   • Contract fulfillment for service provision and fee settlement: Content provision, purchase and fee payment, identity verification, etc.
   • Member management: Identity verification for member service use, personal identification, prevention of fraudulent use by bad members and unauthorized use, confirmation of intention to join, age verification, complaint handling and civil affairs processing, delivery of notices
   • New service development and marketing/advertising utilization: New service development and customized service provision, service provision and advertisement posting according to statistical characteristics, service validity verification, access frequency analysis, statistics on member service use
   • AI model performance improvement: For research purposes to improve services such as developing new AI astrologers and improving conversation quality, personal information (date of birth, gender, conversation records, etc.) is safely de-identified so that individuals cannot be identified.

Article 2 (Personal Information Processing and Retention Period)

1. The Company processes and retains personal information within the personal information retention and use period under the law or the retention and use period agreed upon when collecting personal information from the data subject.
2. The processing and retention periods for each type of personal information are as follows.
   • Member registration and management: Until membership withdrawal. However, in the following cases, it is exceptionally retained.
     1. To prevent re-registration of fraudulent members, minimum identification information such as email is retained for 30 days after withdrawal
     2. Records related to contracts, payments, and dispute resolution are retained for 3-5 years according to the "Act on Consumer Protection in Electronic Commerce"
     3. Retained until the end of the reason when necessary for investigation/inquiry due to violation of relevant laws or settlement of claims/debts due to service use
   • Saju profile information and AI conversation records:
     1. All conversation records and profile information are immediately destroyed upon membership withdrawal.
     2. Conversation records for free plan (Basic) members are automatically destroyed 60 days after the last conversation.
     3. Conversation records for paid plan members are retained indefinitely during the subscription period.
     4. After paid plan expiration, conversation records are separately retained for 180 days from the expiration date for possible restoration upon re-subscription, then destroyed. During this period, the conversation records are not exposed in the service.
     5. For service improvement and AI model performance research, conversation records may only be used in de-identified data form where all information that can identify an individual (email, nickname, name, etc.) has been completely removed and cannot be restored.
   • Referral program information:
     1. Referral codes and referral/referee history are retained during the referral program operation period and destroyed upon membership withdrawal.

Article 3 (Provision of Personal Information to Third Parties)

1. The Company processes the data subject's personal information only within the scope specified in Article 1 (Items of Personal Information Collected and Purpose of Use), and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as with the data subject's consent or special provisions of law.
2. The Company does not currently provide personal information to third parties. If such need arises in the future, we will seek consent from the data subject by specifying the recipient, purpose of provision, items provided, and retention and use period.

Article 4 (Entrustment of Personal Information Processing)

1. The Company may entrust personal information processing as follows for smooth personal information processing.
   • Payment agency and identity verification: PortOne Inc.
     (Actual payments are processed through PG companies such as KG Inicis depending on the payment method selected by the user.)
   • Cloud server operation and data storage: Google Cloud Platform (GCP)
   • Customer support and inquiry response: hello@solzigi.com
2. When entering into an entrustment contract, the Company specifies in the contract or document matters concerning prohibition of personal information processing for purposes other than the purpose of performing entrusted work, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of trustees, and liability for damages, etc., in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the trustee processes personal information safely.
3. If the content of entrusted work or the trustee changes, we will disclose it through this Privacy Policy without delay.

Article 5 (Rights and Obligations of Data Subjects and Legal Representatives and Exercise Methods)

1. Data subjects may exercise their rights to request access, correction, deletion, or suspension of processing of personal information from the Company at any time.
2. The exercise of rights under paragraph 1 may be made to the Company in writing, by email, or by fax in accordance with Article 41, paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
3. The exercise of rights under paragraph 1 may be made through a legal representative of the data subject or an agent. In this case, a power of attorney according to Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
4. Requests for access to and suspension of processing of personal information may be restricted under Article 35, paragraph 4 and Article 37, paragraph 2 of the Personal Information Protection Act.
5. If other laws specify that the personal information is a subject of collection, the request for correction and deletion of personal information cannot be requested.
6. The Company verifies whether the person who made the request for access, correction/deletion, or suspension of processing is the data subject or a legitimate representative.

Article 6 (Destruction of Personal Information)

1. The Company destroys personal information without delay when personal information becomes unnecessary due to the passage of the retention period or achievement of the processing purpose.
2. If personal information must be retained according to other laws despite the passage of the agreed retention period or achievement of the processing purpose, the personal information is moved to a separate database (DB) or stored in a different storage location.
3. The procedures and methods for destroying personal information are as follows.
   1. Destruction procedure: The Company selects personal information for which destruction reasons have occurred and destroys the personal information with the approval of the Company's personal information protection officer.
   2. Destruction method: Personal information recorded and stored in electronic file format is deleted using technical methods that make it impossible to reproduce the records, and personal information recorded and stored in paper documents is shredded or incinerated.

Article 7 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

1. The Company uses 'cookies' that store usage information and retrieve it frequently to provide customized services to users.
2. Cookies are small pieces of information sent by the server (http) used to operate the website to the user's computer browser and may be stored on the hard disk of the user's PC.
   1. Purpose of using cookies: Used to provide optimized information to users by identifying visits and usage patterns of each service and website visited by users, popular search terms, and secure access status.
   2. Installation, operation, and rejection of cookies: You can refuse to store cookies through the option settings in Tools > Internet Options > Privacy menu at the top of your web browser.
   3. If you refuse to store cookies, you may experience difficulties using customized services.

Article 8 (Measures to Ensure Personal Information Security)

The Company takes the following measures to ensure the security of personal information.

1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: Access authority management for personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
3. Physical measures: Access control to computer rooms and data storage rooms

Article 9 (Personal Information Protection Officer)

1. The Company designates a personal information protection officer as follows to be responsible for overall personal information processing and to handle complaints and damage relief of data subjects related to personal information processing.
   • Name: HANSUNG LEE
   • Position: Manager
   • Contact: +82-2-849-9901, hello@solzigi.com

   ※ Connects to the personal information protection department.

2. Data subjects may contact the personal information protection officer and department regarding all personal information protection-related inquiries, complaint handling, and damage relief that arose while using the Company's services (or business). The Company will respond to and process data subjects' inquiries without delay.

Article 10 (Remedies for Infringement of Rights)

Data subjects may contact the following organizations for damage relief and consultation regarding personal information infringement. (The following organizations are separate from the Company, so if you are not satisfied with the Company's own personal information complaint handling or damage relief results, or if you need more detailed help, please contact them)

• Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
  • Jurisdiction: Personal information infringement report, consultation application
  • Website: privacy.kisa.or.kr
  • Phone: (no area code) 118
  • Address: 3rd Floor Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do (Bitgaram-dong 301-2) (58324)
• Personal Information Dispute Mediation Committee
  • Jurisdiction: Personal information dispute mediation application, collective dispute mediation (civil resolution)
  • Website: www.kopico.go.kr
  • Phone: (no area code) 1833-6972
  • Address: 12th Floor, Government Seoul Building, 209 Sejong-daero, Jongno-gu, Seoul (03171)
• Supreme Prosecutors' Office Cyber Investigation Division: (no area code) 1301 (cid@spo.go.kr)
• National Police Agency Cyber Safety Guardian: (no area code) 182 (cyberbureau.police.go.kr)

Article 11 (Changes to Privacy Policy)

This Privacy Policy takes effect from November 1, 2025. If there are additions, deletions, or corrections of changes according to laws and policies, we will notify through announcements 7 days before the implementation of the changes.

[CROBO Corp. Information]

• Company Name: CROBO Corp.
• Representative: JUNGYONG KANG
• Business Registration Number: 769-87-01147
• Mail-order Sales Registration Number: 제2019-서울금천-1432호
• Address: B2F B202, 225 Gasan Digital 1-ro, Geumcheon-gu, Seoul, Korea
• Customer Service Email: hello@solzigi.com
• Customer Service Phone: +82-2-849-9901