Bloomi Privacy Policy

JustPin Inc. (“Company”) establishes and discloses this Privacy Policy based on relevant laws and regulations to protect users’ personal information in accordance with applicable privacy protection laws and to facilitate the smooth handling of related grievances.

Article 1 (Purpose of Personal Information Processing)

The Company processes personal information for the following purposes and will not use it for purposes other than those specified. If the purpose changes, the Company will implement necessary measures such as obtaining separate consent in accordance with applicable privacy protection laws.

1. Overall membership management including confirmation of membership registration intention, identity verification of users and legal representatives, user identification, and confirmation of membership withdrawal intention
2. Service provision, service improvement, and new service development
3. Analysis of service usage records and provision of customized services
4. Customer consultation, partnerships, and delivery of notices
5. Prevention of illegal and unauthorized use of services
6. Events, marketing, and promotions
7. Record retention in accordance with relevant laws and regulations

Article 2 (Personal Information Processing Items)

The Company processes the following personal information items:

1. For membership registration, login, and overall membership management, the following personal information is collected and processed:
   1. Kakao Account Integration Registration: [Required] Email
   2. Google Account Integration Registration: [Required] Email
   3. Apple Account Integration Registration: [Optional] Email
   4. Common: [Required] Nickname/Date of Birth/Gender
   5. [Optional] Phone Number
2. For service provision, usage record analysis, and overall service operation, the following personal information is automatically generated and collected:
   1. Usage Record Analysis and Fraud Prevention:
      1. [Required] Used/generated content, usage/generation time, purchase time, etc.
      2. [Required] Usage records (IP address, cookies, fraudulent usage records, service usage records, etc.)
      3. [Required] Device information (device type, device ID, OS version, etc.)
3. For customer consultation and partnerships, the following personal information is collected and processed:
   1. Customer Consultation: [Required] Email or phone number, device information, personal information included in requests and inquiry content
   2. Partnerships: [Required] Email or phone number, company (organization) name, contact person name, position

Article 3 (Personal Information Processing Methods)

The Company may collect and process personal information through the following methods:

1. Apps, web, email, written documents, fax, telephone, and other customer consultations
2. Automatic collection through generated information collection tools

Article 4 (Personal Information Destruction)

1. The Company shall destroy personal information without delay when personal information becomes unnecessary due to the expiration of personal information retention and usage periods, achievement of processing purposes, etc.
2. The Company shall select personal information for which destruction reasons have arisen and destroy personal information with the approval of the Company’s Personal Information Protection Officer.
3. Notwithstanding Paragraph 1 of this Article, when personal information must be preserved for a certain period according to laws and regulations, it shall be preserved for the period specified in relevant laws and regulations. The preservation periods are as follows:

Personal Information Type	Legal Basis	Retention Period
Service usage-related visit records	Communications Secret Protection Act	3 months
Records related to display/advertising	Act on Consumer Protection in Electronic Commerce, etc.	6 months
Records related to consumer complaints or dispute handling		3 years
Records related to contracts or subscription withdrawal		5 years
Records related to payment and supply of goods		5 years
Electronic financial transaction records	Electronic Financial Transactions Act	5 years
All transaction-related books and supporting documents as stipulated by tax law	Framework Act on National Taxes	5 years

4. Personal information destruction methods are as follows:

1. Electronic file format: Use technical and physical methods to prevent recovery and regeneration
2. Paper documents: Shredding or incineration

Article 5 (Personal Information Provision and Sharing)

The Company uses users’ personal information within the scope of specified purposes and does not use it for purposes other than those specified or provide it to third parties without users’ consent. However, the following cases are exceptions:

1. When there is separate consent from users
2. When required by law or when requested by investigative agencies according to procedures and methods established by law for investigative purposes

Article 6 (Personal Information Processing Consignment)

1. The Company consigns the following tasks for service provision:

Consignee	Consigned Task Content
Google LLC	Infrastructure operation, service provision and analysis
Amazon Web Services, Inc.
Naver Corporation
Vercel Inc.
Railway Corp.
KG Inicis Co., Ltd.	Payment processing for paid service provision
Amplitude, Inc.	Service data analysis
Mixpanel, Inc.
AppsFlyer Ltd.
X.AI Corp.	Conversational service provision and research & development
Anthropic PBC
OpenAI Group PBC
BytePlus Pte. Ltd.
Neosapience, Inc.
Meta Platforms, Inc.	Marketing activities andpersonalized advertising

2. The Company transfers personal information to consignees located outside of Korea among the aforementioned consignees, and the details regarding the cross-border transfer of personal information are as follows:
   1. Personal information items transferred: Personal information items specified in Article 2
   2. Countries to which personal information is transferred: United States, Singapore, Japan, and other countries (countries where each consignee is located and countries where servers operated by such consignees are located)
   3. Date, time and method of transfer: Transmitted in real-time via secure protocols at the time of service use
   4. Recipients of personal information: Each overseas consignee listed in the table above
   5. Purpose of use: Same as the consigned task content in the table above
   6. Retention and use period: Until termination of consignment contract or achievement of personal information processing purpose
3. The Company shall promptly modify and announce this Privacy Policy when consignees or consigned task content changes.

Article 7 (Measures to Ensure Personal Information Security)

The Company implements the following technical/administrative measures to ensure personal information security:

1. The Company safely protects users’ personal information through information protection measures in accordance with relevant laws and internal policies.
2. The Company takes measures to prevent damage from computer viruses and hacking using security programs.
3. Personal information is safely stored and managed through encryption, enabling secure transmission of personal information.
4. The Company uses security devices that block external access to prevent personal information leakage.
5. The Company minimizes personal information processing personnel and does its best to comply with laws and internal policies through administrative measures such as education for personal information processing personnel.

Article 8 (Installation, Operation, and Rejection of Personal Information Automatic Collection Devices)

1. The Company uses “cookies” that store users’ information and retrieve it from time to time to provide personalized and customized services. Cookies are small amounts of information sent by servers used to operate websites to users’ browsers and may be stored on users’ computers.
   1. Cookie Usage Purpose: Used to provide optimized customized information and services including advertisements to users by identifying users’ visit and usage patterns, user scale, etc.
   2. Cookie Installation, Operation, and Rejection: Users have the right to choose cookie installation. Therefore, users can allow all cookies, go through confirmation each time cookies are saved, or refuse storage of all cookies by setting options in web browsers.

• Microsoft Edge: Settings > Cookies and site permissions
• Chrome: Settings > Privacy and security > Cookies and other site data
• Safari: Preferences > Privacy > Cookies and website data

3. However, if cookie storage is refused, there may be difficulties in technical support and service provision, and the Company shall not be responsible in such cases.
4. The Company collects users’ advertising identifiers (ADID/IDFA) to provide customized services and advertisements when users use mobile app services. Users have the right to choose advertising identifier collection and can set permission in the following menus:

• Android: Settings -> Google -> Ads -> Reset/Delete Ad ID
• iOS: Settings -> Privacy & Security -> Apple Advertising -> Personalized Ads

Article 9 (Users’ Rights and Obligations)

1. Users may inquire about their registered personal information at any time and request service agreement termination (membership withdrawal).
2. Users may withdraw consent for personal information collection and use at any time through service agreement termination, etc.
3. Users must maintain their personal information in the latest state, and users are responsible for problems arising from users’ inaccurate information input.
4. Membership registration using others’ information or false information may result in loss of user qualifications or punishment under relevant personal information protection laws.
5. Users are responsible for maintaining security of account information and cannot transfer or lend it to third parties.

Article 10 (Personal Information Protection Officer)

1. The Company designates a Personal Information Protection Officer as follows to take overall responsibility for personal information processing tasks and handle users’ complaint processing and damage relief related to personal information processing:

• Name: Kim Myung-rae
• Position: CTO
• Email: our@justpin.io

2. Users may contact the Personal Information Protection Officer regarding all matters related to personal information inquiries, complaint processing, damage relief, etc. that occur while using services. The Company will sincerely review and respond to users’ inquiries.

Article 11 (Rights Infringement Relief Methods)

Users may contact the following organizations regarding damage relief and consultation for personal information infringement:

• Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
• Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972)
• Supreme Prosecutors’ Office Cyber Investigation Department (spo.go.kr / 1301)
• National Police Agency Cyber Safety Bureau (cyberbureau.police.go.kr / 182)

Article 12 (Changes and Notice of Privacy Policy)

1. This Privacy Policy applies from the effective date, and when there are changes to Privacy Policy content, notice will be given through service notices or member emails at least 7 days before revision.
2. Privacy Policy Version Number: v1.3
3. Privacy Policy Effective Date: April 22, 2026

Additional Provisions for International Compliance

Data Subject Rights: In accordance with applicable international privacy laws, users may exercise the following rights:

• Right of access to personal information
• Right to rectification of inaccurate personal information
• Right to erasure of personal information (subject to legal retention requirements)
• Right to restriction of processing
• Right to data portability (where technically feasible)
• Right to object to processing for direct marketing purposes

Cross-Border Data Transfers: Personal information may be transferred to and processed in countries other than your country of residence for the purposes outlined in this Privacy Policy. The Company implements appropriate safeguards to protect personal information in accordance with applicable laws.

Contact for International Users: For users outside of Korea, inquiries regarding this Privacy Policy may be directed to: our@justpin.io

Legal Basis for Processing: The Company processes personal information based on the following legal grounds:

• Performance of contract with the user
• Legitimate interests of the Company (where not overridden by user rights)
• Compliance with legal obligations
• Consent of the user (where obtained)

This Privacy Policy is designed to comply with applicable privacy protection laws including but not limited to GDPR, CCPA, and Korean Personal Information Protection Act, while allowing the Company maximum operational flexibility within legal boundaries.