Playsquad Privacy Policy (02-14-2025)

Draftify Inc. (hereinafter referred to as the “Company”) complies with the personal information protection regulations under relevant laws that information and communication service providers must observe, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Protection of Communications Secrets Act, and the Telecommunications Business Act. We are committed to protecting member rights by establishing a Privacy Policy in accordance with relevant laws.

This Privacy Policy informs you how the personal information you provide is being used and what measures are being taken to protect it.

Effective Date: February 14, 2025

Section 1 (Items of Personal Information Collected and Collection Method)

A. Items of Personal Information Collected

1. The Company collects the following personal information:
   1. Membership Registration
      1. Mandatory: Name, Nickname, Contact info (Email), Information provided by third-party services used for social login, Consent to being over 14 years old, Consent to Terms of Service, Consent to Privacy Policy.
      2. Optional: Referral path, Consent to receive promotional information.
   2. Use of Paid Services
      1. Mandatory (Payment Info):
         1. Credit Card: Card issuer name, Card number, Expiry date, etc.
         2. Mobile Payment: Phone number, Carrier, Approval number, etc.
         3. Bank Transfer: Bank name, Account number, etc.
         4. Easy Payment: Linked account info, Payment password, Phone number, Date of birth, etc.
      2. Optional: Legal representative information (for minors only).
   3. Identity Verification (When Required)
      1. Mandatory: Name, Date of birth, Gender, Nationality (Local/Foreigner), Phone number, Carrier info or i-PIN info, Identity verification values (CI, DI, etc.).
   4. Use of Third-Party Services
      1. Collection via User Consent
         1. The Company uses official APIs of supported platforms as a third party (Google API, YouTube Data API, Twitch, etc.).
         2. Provision from partners/affiliates/agencies, and collection through generated information collection tools.
      2. Depending on the feature, the following may be collected via YouTube Data API or Google API:
         1. Common (Streamer/Viewer): Login info, Member profile.
         2. Streamer: Channel info (Name, URL, etc.), Chat list, Subscriber list, Super Chat list, Membership (Sponsor) info.

2. The following information may be automatically generated and collected during the course of service use or business processing:
   1. IP Address, cookies, date and time of visit, service usage records, records of misuse, Device Token upon mobile app installation, terminal information (model name, OS version, unique device ID, firmware version, etc.), carrier information, network location information, automatic updates of service applications, memory of user information to avoid re-entry upon re-visiting or subsequent access, customized advertisements, provision of content and information, monitoring the effectiveness of marketing campaigns, monitoring and recording of overall site usage status such as the total number of visitors and pages accessed, and tracking of user participation, submission, and entry status for promotions or other activities.

B. Collection Method

1. The Company collects personal information through the following methods:
   • Website (Registration, Boards), Mobile, Written forms, Fax, Phone, Customer support, Email, Event entries.
   • Provided by affiliates/partners.
   • Automated collection tools for generated information.

C. Processing of Unique Identification Information

Section 2 (Purpose of Collection and Use)

The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than those stated below. If the purpose of use changes, the Company intends to implement necessary measures, such as obtaining separate consent in accordance with Article 18 of the 「Personal Information Protection Act」.

A. Performance of Contract regarding Service Provision and Fee Settlement for Services Provided

• Collection and use for content provision, provision of specific customized services, delivery of goods or sending of invoices, identity verification, purchase and payment, debt collection, income reporting to the National Tax Service, deposit of Payout amounts for received Tips, and seamless service provision.

B. Member Management

• Provision of membership services, personal identification, measures to restrict use for members violating the Terms of Service, sanctions against acts hindering the smooth operation of the service and unauthorized use of the service, verification of intent to join, restrictions on joining and frequency of joining, verification of consent from a legal representative when collecting personal information of children under 14, verification of consent from a legal representative for payments made by minors under 19, subsequent identity verification of legal representatives, record retention for dispute mediation, handling of civil complaints such as grievance processing, delivery of notices, and verification of intent to withdraw membership.

C. Development of New Services and Utilization in Marketing and Advertising

• Development of new services and provision of customized services, provision of services and placement of advertisements according to demographic characteristics, verification of service validity, provision of event information and opportunities for participation, provision of promotional information, identification of access frequency, and statistics on members' service usage.

Section 3 (Retention and Usage Period)

1. The Company retains information while the member maintains their membership status.

2. Upon withdrawal or loss of status, information is destroyed immediately, except for the following:
   • Internal Policy:
     • Records to prevent re-registration of withdrawn members: 1 year.
     • Records to prevent re-registration of restricted/fraudulent members: 1 year or Permanent (stored separately).
   • Legal Requirements:
     • Records on Advertising: 6 months (Electronic Commerce Act).
     • Records on Contracts/Withdrawal: 5 years (Electronic Commerce Act).
     • Records on Payments/Supply of Goods: 5 years (Electronic Commerce Act).
     • Records on Electronic Financial Transactions: 5 years (Electronic Financial Transactions Act).
     • Records on Handling of Consumer Complaints or Disputes: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.)
     • Login records: 3 months (Protection of Communications Secrets Act).

Section 4 (Right to Refuse Consent)

Members have the right to refuse consent to the collection of personal information. However, refusal to provide mandatory information will result in the inability to use the service. Refusal to provide optional information may limit access to events, benefits, and customized discounts.

Section 5 (Destruction Procedures and Methods)

In principle, the Company destroys personal information without delay once the purpose of collection and use has been achieved. The Company’s procedures and methods for destroying personal information are as follows:

A. Destruction Procedure

1. Information entered by Members for registration and other purposes is moved to a separate database (or a separate filing cabinet for paper documents) after the purpose is achieved.

2. It is stored for a certain period and then destroyed in accordance with internal policies and other relevant information protection laws (refer to the retention and usage period).

3. Personal information moved to a separate database is not used for any purpose other than retention unless required by law.

B. Destruction Method

1. Personal information stored in electronic file format is deleted using technical methods that render the records unrecoverable.

2. Personal information printed on paper is destroyed by shredding with a shredder or by incineration.

C. Personal Information Expiration System (Dormant Account Policy)

1. Personal information of dormant Members who have no service usage records for one year is stored and managed separately from other members' personal information.
   However, if a dormant Member requests it, their personal information will be restored at the time they resume using the service.

2. The Company notifies Members via email or other means 30 days prior to the date their account is scheduled to be converted to dormant status.

3. Separately stored personal information is not used or provided unless there are special provisions in other laws.
   Furthermore, separately stored personal information is destroyed without delay after a certain period (1 year) specified by relevant laws, and Members are notified of this via email or other means 30 days prior to the point of destruction.

Section 6 (Rights of Members and Legal Representatives)

A. Members and their legal representatives may access or modify their registered personal information or that of children under the age of 14 at any time. If they do not agree with the Company’s processing of personal information, they may refuse consent or request termination of membership (withdrawal). However, in such cases, use of part or all of the service may be restricted.

B. To view or modify the personal information of a member or a child under 14, click on 'Change Personal Information' (or 'Edit Member Information,' etc.). To terminate membership (withdraw consent), click on "Withdrawal of Membership." After completing the identity verification process, you may directly access, correct, or withdraw. Alternatively, you may contact the Privacy Officer in writing or via email for immediate action. The Company verifies whether the person requesting access, correction, deletion, or suspension of processing is the individual themselves or a legitimate representative.

C. If a member or legal representative requests the correction of an error in personal information, the information will not be used or provided until the correction is completed.
Furthermore, if incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction results without delay to ensure the correction is made.

D. Personal information terminated or deleted at the request of a member is processed as specified in “3. Retention and Usage Period of Personal Information” and is handled so that it cannot be accessed or used for any other purpose.

D. A request for the correction or deletion of personal information may not be granted if that personal information is explicitly required to be collected under other laws and regulations.

Section 7 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

The Company operates ‘cookies’ and similar technologies that frequently store and retrieve Member information. A cookie is a very small text file sent to the Member's browser by the server used to operate the Company's website and is stored on the Member's computer hard disk. The purposes of using cookies and the methods for refusing cookie settings are as follows:

A. Purpose of Using Cookies, etc.

• When a Member visits the website, the website server reads the contents of the cookies stored on the user's hard disk to maintain the Member's preferences and provide customized services.

• Cookies do not automatically or actively collect personally identifiable information, and users can refuse to store or delete these cookies at any time.

• Cookies are used to provide optimized, customized information, including advertisements, by identifying the visit and usage patterns of services and websites visited by users, popular search terms, secure connection status, news editing, and user scale.

B. Installation, Operation, and Refusal of Cookies

• Users have the right to choose whether to install cookies. Therefore, by setting options in their web browser, users can allow all cookies, go through a confirmation process whenever a cookie is stored, or refuse the storage of all cookies altogether.

• However, if you refuse to store cookies, you may experience difficulties in using some services that require a login, and in this case, the Company shall not be held liable.

• The method for specifying whether to allow cookie installation (for Internet Explorer) is as follows:
  1. Select [Tools] → [Internet Options]
  2. Select the [Privacy] Tab → Set [Privacy Level]

Google Analytics

A. For the purpose of providing better service to customers, the Company uses Google Analytics, a web analysis service provided by Google, Inc. (hereinafter "Google"). The objective is to analyze and evaluate how customers use the services, identify customer needs, and provide efficient services by improving and customizing them.

B. Google Analytics may be used for the Company's statistical compilation and academic research purposes.

C. The processing of information collected through Google Analytics is subject to the Google Privacy Policy and the Google Analytics Service Terms of Service.

• Google Analytics Terms of Service: https://www.google.com/analytics/terms/us.html

• Google Privacy Policy: https://policies.google.com/privacy?hl=en

D. You can disable the use of cookies by selecting the appropriate parameters in your browser. If you do not want your data used by Google Analytics, you can install the Google Analytics Opt-out Browser Add-on for your specific web browser at https://tools.google.com/dlpage/gaoptout?hl=en.

Section 8 (Third-Party Provision and Sharing)

A. The Company processes Members' personal information only within the scope notified in "Section 2. Purpose of Collection and Use of Personal Information." The Company provides personal information to third parties only in cases that fall under Articles 17 and 18 of the 「Personal Information Protection Act」, such as the prior consent of the Member or special provisions in laws; otherwise, the Company does not provide the personal information of the data subject to third parties. However, for the smooth provision of services, the Company may use and provide personal information within the minimum necessary scope in the following cases with the Member's consent:

1. When the Member has given prior consent.

2. When necessary for Payouts following service provision or for events, etc.

3. When providing personal information related to the services provided by the Company to other Members within the necessary scope.

4. When an obligation to submit a Member's personal information to the Company arises under the provisions of laws and regulations, or when there is a request from an investigative agency according to the procedures and methods prescribed by law for investigative purposes.

B. The Company may provide Members' personal information to affiliates or share it with affiliates to provide better services to Members. In cases where personal information is provided to or shared with a third party, a prior consent process will be conducted. The Company will seek consent by specifying the recipient of the personal information, the recipient's purpose for using the personal information, the items of personal information provided, the recipient's retention and usage period of the personal information, the fact that the Member has the right to refuse consent, and any disadvantages resulting from such refusal.

C. To facilitate the performance of duties, such as providing better service and Member convenience, the Company entrusts the collection, storage, and processing of Members' personal information to other companies within the necessary business scope as follows, provided that the Member has consented.

However, even if the purpose of provision is achieved or a request for withdrawal is made, information necessary for contract performance and dispute preparation—such as internal reporting, audits and inspections, and cost settlement (billing)—shall be retained and used for up to 6 months after the termination of the service. If non-performance or disputes continue, the information will be retained until the performance is completed or the dispute is resolved. Furthermore, if there are special provisions in relevant laws such as the Commercial Act, the information shall be stored in accordance with those regulations.

Section 9 (Entrustment of Personal Information Processing)

The Company entrusts some of its tasks necessary for service provision to external companies and regulates, manages, and supervises necessary matters so that the entrusted companies process personal information safely in accordance with the Personal Information Protection Act, the Credit Information Use and Protection Act, etc.

• Retention: Until withdrawal or termination of entrustment contract.

Section 10 (Overseas Transfer of Personal Information)

To provide its services, the Company entrusts and stores personal information processing tasks through contracts with overseas companies in accordance with Article 28-8, Paragraph 1, Item 3 (a) of the Personal Information Protection Act. The Company manages and supervises these tasks to ensure that the entrusted personal information is processed safely.

Members have the right to refuse the overseas transfer of their personal information; however, please note that using the applicable service will be unavailable upon such refusal.

Section 11 (Technical and Administrative Protection Measures)

In processing the personal information of users, the Company is taking the following technical, administrative, and physical measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged.

A. Technical Measures

1. Members' personal information is protected by passwords, and important data is protected through separate security functions by encrypting files and transmission data or using a file lock function (Lock).

2. The Company takes measures to prevent damage caused by computer viruses using anti-virus programs. Anti-virus programs are updated periodically, and if a sudden virus appears, the Company prevents the infringement of personal information by providing a patch as soon as it is released.

3. The Company adopts security devices (SSL or SET) that can safely transmit personal information over the network using encryption algorithms.

4. To prepare for external intrusions such as hacking, the Company makes every effort to ensure security by using intrusion prevention systems and vulnerability analysis systems for each server.

5. When the Privacy Officer or a person in charge of handling personal information attempts to access personal information from the outside, secure access methods such as VPNs or secure connections are used. Measures are taken on systems and personal PCs for personal information inquiry and processing to prevent unauthorized persons, such as outsiders, from viewing personal information.

B. Administrative Measures

1. The Company has established procedures necessary for accessing and managing Members' personal information and ensures that its employees are familiar with and comply with them.

2. The Company limits access rights to personal information to the minimum scope necessary for performing duties, assigning one account to each person in charge, and providing differentiated authority. Access to personal information is prohibited except for the following tasks:
   1. When necessary for security purposes (e.g., bugs or abusing)
   2. When it is necessary to comply with relevant laws and regulations for service operation
   3. When aggregated and used for internal operations in accordance with applicable personal information protection and legal requirements

3. When a personal information handler or their assigned duties change, the Company changes or revokes the access rights to personal information without delay.

4. The Company conducts regular internal training and external commissioned training for employees handling personal information regarding the acquisition of new security technologies and personal information protection obligations.

5. The handover of duties regarding personal information is strictly carried out under maintained security, and responsibilities for personal information incidents after joining or leaving the Company are clearly defined.

6. When processing Members' personal information using a computer, the Company designates a person in charge with access rights, assigns IDs and passwords, and renews the passwords regularly.

7. When hiring new employees, the Company prevents information leakage by requiring them to sign an information protection pledge or a personal information protection pledge, and has established and continuously implements internal procedures to audit the implementation of the Privacy Policy and compliance by employees.

8. Upon employee resignation, the Company requires them to sign a confidentiality pledge to ensure that those who handled Members' personal information do not damage, infringe, or leak personal information learned in the course of their duties.

9. When collecting information regarding payment, such as credit card numbers and bank settlement accounts, or providing such information to a Member for the purpose of concluding a service contract or providing services, the Company takes necessary measures to verify the identity of the Member.

10. In accordance with Article 29-2, Paragraph 2 of the Information and Communications Network Act and Article 16 of the Enforcement Decree of the same Act, the Company stores and manages the personal information of Members who have not used the service for one year separately from other members' personal information to protect it.

11. The Company is not responsible for incidents caused by an individual Member's mistake or the inherent risks of the Internet. Individual Members must appropriately manage their own IDs and passwords and take responsibility for them to protect their personal information. Furthermore, it is recommended to avoid using easy passwords that others can guess and to change passwords regularly.

12. When moving to another site or ending service use after logging in to our website from a shared PC, please make sure to log out and close the browser. Otherwise, there is a risk that the Member's information, such as ID and password, may be easily leaked to others through that browser.

C. Physical Measures: The Company sets computer rooms and data storage rooms as special protection areas to control physical and logical access.

Section 12 (Privacy Officer and Department)

The Company has designated the following department and Privacy Officer to protect Members' personal information and handle complaints related to personal information. Members may report any privacy-related grievances arising from the use of the Company's services to the Privacy Officer or the relevant department. The Company will provide prompt and sufficient responses to all reports made by Members.

[Privacy Officer]

• Name: Yong-cheol Jeong

• Affiliation: CEO

• Position: CEO

[Privacy Protection Department]

• Department: Operations Team

• Phone: +82-2-6191-0033

• Email: contact@draftify.gg

Reporting and Consultation for Infringement of Rights

If you require reporting or consultation regarding other personal information infringements, please contact the following organizations:

• Personal Information Dispute Mediation Committee: (www.kopico.go.kr)

• Personal Information Infringement Reporting Center: (Dial 118 without area code)

• Cybercrime Investigation Unit of the Supreme Prosecutors' Office: (www.spo.go.kr / +82-2-3480-3571)

• Cyber Bureau of the National Police Agency: (Dial 182 without area code)

Section 13 (Obligation to Notify)

If there are any additions, deletions, or modifications to the contents of this Privacy Policy, the Company shall notify Members through ‘Announcements’.

Section 14 (Amendments to the Privacy Policy)

This Privacy Policy is effective as of February 14, 2025. You can review the previous versions of the Privacy Policy below:

• September 29, 2023 – February 13, 2025

• October 19, 2022 – September 28, 2023