1. Purpose of Processing Personal Data

We process personal data for the following purposes:

1. account registration and account management, if membership features are available;
   
   

2. user identification and communication;
   
   

3. processing orders, confirming payments, delivering Digital Products, and handling transaction records;
   
   

4. responding to customer inquiries, complaints, refund requests, and disputes;
   
   

5. sending notices, newsletters, and marketing communications where permitted by law or based on consent;
   
   

6. protecting the security and integrity of the Site, preventing abuse, and maintaining service operations;
   
   

7. complying with legal obligations and responding to lawful requests.

2. Categories of Personal Data We Process

Depending on how you use the Site, we may process the following categories of personal data:

2.1 Account or Membership Information

• email address
  
  

• password
  
  

• name or nickname
  
  

• any profile details voluntarily provided by the user

2.2 Order and Transaction Information

• purchaser name
  
  

• email address
  
  

• order history
  
  

• payment confirmation information
  
  

• refund-related information where necessary
  
  

• transaction records required by law

Important: We do not intentionally store full payment card numbers, card security codes, or account passwords. Where online payment services are used, payment processing may be handled by the relevant payment provider.

2.3 Customer Inquiry Information

• name
  
  

• email address
  
  

• phone number (if provided)
  
  

• inquiry details
  
  

• attached files or information voluntarily submitted by the user

2.4 Newsletter or Marketing Subscription Information

• email address
  
  

• subscription preferences
  
  

• records relating to consent, subscription, or unsubscribe activity

2.5 Technical and Access Information

In connection with access to the Site and its infrastructure, we may process technical information such as:

• IP address
  
  

• access logs
  
  

• browser type and version
  
  

• device information
  
  

• pages visited
  
  

• date and time of access
  
  

• referrer information
  
  

• technical error logs
  
  

• security-related operational logs

3. Retention Period

We retain personal data only for as long as necessary for the purposes stated in this Privacy Policy, unless a longer retention period is required by applicable law.

Typical retention standards are as follows:

1. Membership information: until account deletion or withdrawal, unless retention is required by law or necessary for ongoing dispute handling;
   
   

2. Order and transaction records: for the period required by applicable law;
   
   

3. Customer inquiry and complaint records: for a reasonable period necessary to handle the inquiry, dispute, or follow-up;
   
   

4. Newsletter subscription information: until the user unsubscribes or withdraws consent;
   
   

5. Technical logs: for a period reasonably necessary for security, operation, legal compliance, or dispute response.

Where Korean law requires specific retention periods, the Company will retain relevant records for the applicable statutory period.

4. Provision of Personal Data to Third Parties

1. The Company does not sell personal data.
   
   

2. The Company does not voluntarily disclose personal data to unrelated third parties except as required by law, with the data subject’s consent, or where disclosure is otherwise legally permitted.
   
   

3. If third-party provision becomes necessary in the future, we will disclose the legally required details through this Privacy Policy or by other lawful notice methods.

5. Processing by Service Providers / Entrusted Processing

1. The Company directly manages its business operations, but uses external infrastructure where necessary to operate the website.
   
   

2. In particular, the Site is published and hosted through Framer, and personal data or technical access information may be processed through the website infrastructure to the extent necessary for website publication, hosting, delivery, security, performance, form handling, and operational support.
   
   

3. As of the effective date of this Policy, the Company reflects the following website infrastructure-related processing arrangement:

• Service Provider: Framer B.V. and/or its affiliates, as applicable to the website infrastructure
  
  

• Purpose / Scope: website publishing, hosting, content delivery, security, operational support, and infrastructure-based processing necessary to provide the Site
  
  

• Categories of Data Potentially Involved: technical access data (such as IP address, browser/device information, access logs), and any information voluntarily submitted through website forms if such forms are enabled

4. Except as stated above or as otherwise lawfully required, the Company does not currently entrust unrelated third parties with independent personal data processing for its own business purposes.
   
   

5. If additional processors, vendors, or entrusted service providers are introduced in the future, the Company will update this Privacy Policy as required by law.

6. Overseas Transfer / International Processing

1. Because the Site is published and hosted through Framer’s infrastructure, and because website delivery may rely on global hosting, edge delivery, or cloud infrastructure, personal data or technical access data may be processed outside the Republic of Korea to the extent necessary for operation of the Site.
   
   

2. To the extent applicable, this may include processing through infrastructure associated with Framer and its hosting environment or sub-processors.
   
   

3. The Company will provide disclosure required under applicable Korean law regarding overseas transfer or overseas processing, including the relevant details reasonably available to the Company.
   
   

4. As of the effective date of this Policy, the following information is disclosed on a good-faith basis for website infrastructure-related international processing:

• Recipient / Infrastructure Provider: Framer B.V. and/or its affiliates; underlying infrastructure may involve Framer-designated hosting or sub-processing providers
  
  

• Country: may include jurisdictions outside the Republic of Korea, including the United States, to the extent relevant to the hosting environment and infrastructure used to provide the Site
  
  

• Items Potentially Processed: technical access information such as IP address, browser/device data, access logs, and, if forms are enabled, user-submitted form data
  
  

• Purpose: website publication, hosting, infrastructure operation, security, performance, content delivery, and related support
  
  

• Retention / Processing Period: for the period reasonably necessary to provide the Site and meet legal or operational requirements

5. If the Company enables additional third-party tools involving overseas processing, this Privacy Policy will be updated accordingly.

7. Destruction of Personal Data

1. Personal data shall be destroyed without undue delay once the purpose of processing has been achieved and retention is no longer required by law or by legitimate operational necessity.
   
   

2. Where continued retention is required by law, the relevant data will be stored separately or protected in a manner that prevents use for unrelated purposes.
   
   

3. Electronic records are destroyed using technical methods designed to prevent recovery where reasonably practicable, and paper records are shredded or destroyed.

8. Data Subject Rights

Under applicable law, data subjects may request access to, correction of, deletion of, suspension of processing of, or withdrawal of consent regarding their personal data, subject to applicable legal limitations.

Requests may be made through the contact details provided below.

9. Privacy Contact

For questions, requests, or complaints regarding personal data, please contact:

• Privacy Officer / Contact: [Jen Park]
  
  

• Email: [a2setofficial@gmail.com]
  
  

• Address: [165 Gangseo-ro 47-gil, Gangseo-gu, Seoul]

10. Security Measures

The Company takes commercially reasonable administrative, technical, and physical measures to protect personal data, including access control, credential management, internal management measures, logging, backup practices, and reasonable security procedures appropriate to the nature of the data processed.

11. Cookies and Similar Technologies

The Site may use cookies or similar technologies where necessary for website operation, user preferences, security, login maintenance, performance, or lawful analytics purposes. Details are described in the Cookie Policy below.

12. External Links

The Site may contain links to third-party sites or services. We are not responsible for the privacy practices of third-party sites not operated by us.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or service-related changes. Updated versions will be posted on the Site with a revised effective date.

Effective Date

This Privacy Policy is effective as of [March 13, 2026].