PRIVACY POLICY

Talecrew Co., Ltd. (hereinafter referred to as the "Company") is committed to protecting the privacy and security of its users' personal information in strict compliance with all applicable domestic and international privacy laws, regulations, and industry standards, including but not limited to: South Korea’s Personal Information Protection Act (PIPA); General Data Protection Regulation (GDPR) (for users in the European Economic Area, UK, and Switzerland); California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) (for California residents); Children’s Online Privacy Protection Act (COPPA) (for users under 18 in the U.S.); Act on the Protection of Communications Secrets; Act on Consumer Protection in Electronic Commerce; and other relevant sector-specific regulations. The Company adheres to these legal frameworks throughout the entire lifecycle of personal data processing—from initial collection and usage to storage, sharing, and eventual disposal—ensuring transparency, accountability, and user control.

PURPOSE OF THE PRIVACY POLICY

The Company has prepared this Privacy Policy based on the Personal Information Protection Act and other applicable global privacy laws including GDPR and CCPA, aiming to explain the handling of user personal information within the Company in an easily understandable and detailed manner. This adopts the principle of a "Plain Language Privacy Policy" to use straightforward language in the policy.

This Privacy Policy has the following important implications:

• • It transparently discloses information regarding what data the Company collects, how the collected information is used, with whom it may be shared (via 'outsourcing or provision') if necessary, and when and how it is destroyed once the purpose of use is achieved.
• • It informs users, as data subjects, of the rights they have regarding their personal information and how they may exercise these rights through specific methods and procedures.
• • In the event of a personal information breach, it provides details on whom to contact and the assistance available to prevent further harm and recover from any damages.
• • Above all, it serves as a means to guarantee the user’s "right to self-determination of personal information" by defining the rights and obligations between the Company and the user regarding personal information.

PERSONAL INFORMATION COLLECTED

Registration & Data Collection

• • Basic Access: Limited services are available without registration. Full access requires collection of:
• • Direct Sign-Up: Email, password, and username (which can be pseudonymous)
• • Social Media Login: Profile identifier and email (with platform permissions)
• • Age Verification: Date of birth (with parental consent verification for users under 18 per COPPA requirements)

Enhanced Protections for Minors

• • For users under 18: Parental consent is verified through documented confirmation (e.g., government ID submission). Parents may access, correct, or delete their child's data through our Parental Control Portal. Only essential data is collected (no location, voice, or payment information). Accounts are automatically restricted from social features.

Service Usage Data

• • Technical Data: IP address (anonymized after 30 days), device identifiers, browser type.
• • Usage Data: Content interactions, preferences, and feature usage.
• • Optional Data: Nickname, profile picture, or social media connections.
• • Special Features: For voice/image services, explicit consent is obtained separately.

Transparent Processing

• • Legal Bases: Contract; Consent; Legitimate Interest.
• • Data Minimization: We collect only what is necessary for each service tier.

User Controls

• • Cookie Management: Granular opt-in for non-essential cookies (analytics, advertising).
• • Data Access: Download your full data history in machine-readable format.
• • Correction/Deletion: Request rectification or erasure via account settings.
• • Processing Restrictions: Object to specific data uses while maintaining account access.

Third-Party Data Sharing

• • Data is shared only under strict contractual safeguards.
• • International transfers utilize GDPR-approved mechanisms.
• • No sale of personal data to advertisers (only aggregated insights).

Security & Retention

• • DRM Practices: Device authentication logs are retained for 90 days.
• • Encryption: All sensitive data is encrypted in transit and at rest.
• • Breach Notification: Users will be notified within 72 hours of confirmed incidents.

Policy Transparency: Annual independent audits of our data practices; clear version history of policy changes; Dedicated Data Protection Officer contact: contact@mofic.io.

USE OF COLLECTED PERSONAL INFORMATION

The Company processes your personal data for the following business purposes in accordance with applicable data protection laws:

• 1. Service Provision & Account Management: To create and maintain your user account, authenticate your identity, deliver age-appropriate content, provide technical support, and communicate service-related notices.
• 2. Personalization & User Experience: To customize content recommendations, display selected profile information, develop and improve services through analytics, and conduct user surveys.
• 3. Marketing Communications: To send promotional materials (with consent), measure engagement, and administer contests, sweepstakes, and reward programs.
• 4. Security & Compliance: To investigate and prevent prohibited activities, detect fraudulent behavior, enforce our Terms of Service, and comply with legal obligations.
• 5. Advertising Operations: To display relevant advertisements and measure ad performance using anonymized data where possible.

In accordance with COPPA, parents of users under 18 may request access to, correction of, or deletion of their child’s personal data. Parents may also control privacy settings on behalf of their child. To exercise these rights, parents can contact us at contact@mofic.io.

PROVISION AND OUTSOURCING OF PERSONAL INFORMATION

In principle, the Company does not provide personal information to external parties without the user’s prior consent. However, in cases where the user has directly consented to the provision of personal information to an external affiliate to use their services, or where relevant laws impose a duty to submit personal information, personal information may be provided. To offer convenient and improved services, the Company outsources part of its work to external providers under strict safeguards.

Personal information is retained and used until membership withdrawal or the termination of the outsourcing contract.

DISPOSAL OF PERSONAL INFORMATION

The Company, as a rule, promptly disposes of a user’s personal information upon membership withdrawal or when the purpose of use is fulfilled. However, if separate consent has been obtained from the user regarding the retention period of personal information, or if applicable laws impose certain retention obligations, the information will be securely stored for that period.

Retention periods specified by law:

• • Records regarding contracts or withdrawal of offers: retained for five years
• • Records of payment and supply of goods or services: retained for five years
• • Records of consumer complaints or dispute resolution: retained for three years
• • Records of electronic document circulation via authorized electronic addresses: retained for 10 years
• • Login records: retained for three months

Personal information is destroyed in a way that it cannot be restored. For electronic files, a technical method is used to delete them securely, preventing restoration or recovery, and printed materials are destroyed through shredding or incineration.

RIGHTS OF USERS AND LEGAL REPRESENTATIVES, AND METHODS OF EXERCISE

Users may view, modify, or delete their personal information anytime in ‘Member Information’ and may request suspension of personal information processing at any time. Users may withdraw their consent for the collection and use of personal information at any time through ‘Membership Withdrawal’. For children under 14, their legal representative has the right to exercise these rights on the child's behalf. If the user requests correction of personal information errors, the information will not be used or provided until the correction is completed. The rights of users and legal representatives may be exercised by requesting through ‘Contact Us.’

THE COMPANY’S EFFORTS FOR PERSONAL INFORMATION PROTECTION

• • The Company has established and implemented an internal management plan for personal information protection.
• • The Company controls access to personal information and limits access rights to a minimum number of employees.
• • Encryption measures are in place to securely store and transmit personal information, including legally required items as well as email addresses and mobile phone numbers.
• • In case of a data breach, the Company will implement a swift response, including user notifications, containment measures, and follow-up investigation.

PERSONAL INFORMATION PROTECTION OFFICER AND CONTACT INFORMATION

Personal Information Protection Officer
Name: Hee-dam Moon
Affiliation: Talecrew Co., Ltd.
Position: CEO
Email: admin@mofic.io

For reports or consultations regarding personal information violations, you may contact the following organizations:

• • Personal Information Dispute Mediation Committee (www.kopoci.go.kr / 1833-6972)
• • Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
• • Supreme Prosecutor's Office Cyber Crime Division (www.spo.go.kr / 1301)
• • Cyber Investigation Bureau of the National Police Agency (police.go.kr / 182)

Obligation of Prior Notification of Revisions

If there are additions, deletions, or modifications to this Privacy Policy, the changes will be announced via the 'Notices' section at least seven days prior to implementation. In cases of significant changes affecting user rights, user consent may be obtained again if necessary.

• Notice Date: 2025.07.11
• Effective Date: 2025.07.11

ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

If you are a resident of California, this section provides additional information relevant to your rights. We categorize the information we collect according to the classifications established by the California Consumer Privacy Act (CCPA).

Information Collected in the Last 12 Months and Purpose of Collection

• Identifiers: Name, email address, IP address, account username, etc., collected directly from you or automatically.
• Internet or Other Electronic Network Activity Information: Browse history, search history, and interaction data, collected automatically.
• Demographic Information / Protected Classification Characteristics: Age and gender, collected directly or automatically.
• Commercial Information: Purchasing behavior and records, collected directly or automatically.
• Geo-location Data: Locale, zip code, and general location from your IP address, collected directly or automatically.
• Audio, Video, and Other Electronic Data: Chat interactions, customer service communications, and content you post.
• Profiles and Inferences: Profiles reflecting preferences and characteristics, derived from other collected information.

Your Privacy Rights

Under the CCPA, California residents have specific rights, which include the Right to Know, Right to Request Deletion, Right to Non-Discrimination, and Right to be Informed of Financial Incentives. We do not sell personal information, so an opt-out is not necessary. To exercise your rights, please email us at contact@mofic.io. We will need to verify your identity before processing your request.

Additional Information for Users in the European Economic Area (EEA), the United Kingdom, and Switzerland

If you reside in the EEA, the UK, or Switzerland, Talecrew Co. Ltd is the data controller responsible for your personal data.

Legal Basis for Processing Your Personal Data

We collect, use, and share your personal data based on the following legal grounds: Performance of Contract, Consent, Legitimate Interest, and Legal Obligation.

International Data Transfers

Personal data we collect may be transferred, stored, and processed in the United States or other countries. We ensure that any international data transfers are subject to appropriate safeguards.

Your Privacy Rights

You have rights regarding your personal data, including the Rights to Access, Correct, and Delete; the Right to Object; the Right to Withdraw Consent; and the Right to Data Portability. To exercise any of these rights, please email us at contact@mofic.io. If you have unresolved concerns, you also have the right to lodge a complaint with your local data protection authority.

Contact Information

If you have any questions about this Privacy Policy, please reach out to us at:
Talecrew Co. Ltd
Attn: Privacy Policy
660 Daewangpangyo-ro, Bundang-gu, Seongnam-si,
Gyeonggi-do (Sampyeong-dong, Youth Space 1)
L1F 111 Fast Five
Customer Service Email: cs@mofic.io
General Inquiries Email: admin@mofic.io