MustJ Inc. (hereinafter referred to as the "Company") complies with personal information protection regulations under relevant laws and regulations that information and communications service providers must comply with, such as the Communications Secrets Protection Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., Game service, and other services (hereinafter referred to as the "Service") provided through the internet website and mobile game (hereinafter referred to as 'MarbleImpact') operated by the Company, and has established a personal information handling policy in accordance with relevant laws and regulations to do its best to protect user rights and interests.
This has been prepared to ensure users' basic privacy and freedom and communication secrets, and to prevent human rights violations caused by illegal wiretapping information leaks.

1. Items of Personal Information Collected and Purpose of Use
① The purpose of the Company's collection of personal information is to provide optimized and customized services by identifying users and confirming their intention to use the service.
② The Company may use the collected personal information for the following purposes.
Items Collected and Purpose of Use
- Email, Identity Verification Information (CI/DI): Personal identification and prevention of improper use at the time of membership registration
- IP Address, Visit Date and Time, Service Usage Records, Improper Usage Records: Automatically generated and collected during service use and processing
- Carrier CID, Device Information (AD-ID): Personal identification and prevention of improper use at the time of membership registration
- Device Model Name, Device SDK Version, App Version, Language and Country Information: Error tracking and service improvement purposes
- Advertising ID: Display of customized advertisements
- Payment Information: Payment of fees for use of services and additional services
③ All information provided by members is used only for the purposes necessary for the above objectives, and if the scope of collected information, purpose of use, or usage changes, the Company must obtain prior consent from members.
④ The Company collects personal information through internet websites, mobile applications, written documents, telephone, etc.

2. Provision of Personal Information to Third Parties and Purpose
In principle, the Company uses users' personal information within the scope announced in 'Items of Personal Information Collected and Purpose of Use', and does not use it beyond such scope or disclose users' personal information to external parties in principle without prior consent from users.
However, the following cases are exceptions.
① When the member has consented to disclosure in advance
② When it is determined that personal information must be disclosed to take legal action against persons who have violated the 'MarbleImpact' Terms of Service or engaged in illegal acts that cause damage to others or harm public order and morals by using the 'MarbleImpact' service
③ When required by law or when there is a request from investigative agencies according to procedures and methods prescribed by law for investigative purposes

3. Entrustment of Personal Information Handling
The Company may entrust personal information handling to others for smooth and improved services, and takes necessary measures to ensure that personal information can be safely managed when entering into an entrustment contract in accordance with relevant laws and regulations.
In addition, information processed through entrustment is limited to the minimum information necessary to provide smooth services.
The entrustment contents are as follows, and they are stored for the statutory period in accordance with regulations prescribed by relevant laws and regulations.
Amazon Web Service: Web server and DB storage
Atlas Cloud: DB storage

4. Personal Information Retention Period and Usage Period
① While members receive services provided by 'MarbleImpact', the personal information of members registered at the time of membership registration is continuously retained by 'MarbleImpact' and is not used for other purposes.
② In principle, when the purpose of collection or the purpose for which personal information was received is achieved, or when a member requests withdrawal or the member's qualification is restricted or suspended due to stated reasons for loss of membership qualification, the personal information of such individual is destroyed without delay.
However, the following information is retained for the period specified below for the following reasons.
a. Reasons for information retention according to Company's internal policy
- Improper usage records
Reason for retention: Prevention of improper use
Retention period: 1 year
- Records necessary for fraud prevention
Reason for retention: Fraud prevention
Retention period: 3 years
b. Reasons for information retention according to relevant laws and regulations
When it is necessary to retain member information in accordance with provisions of relevant laws and regulations such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, etc., the Company retains member information for a certain period prescribed by relevant laws and regulations. In such cases, the Company uses the retained information only for the purpose of retention, and the retention periods are as follows.
- Records on contracts or withdrawal of offers, etc.
Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.
Retention period: 5 years
- Records on payment of prices and supply of goods, etc.
Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.
Retention period: 5 years
- Records on electronic financial transactions
Reason for retention: Electronic Financial Transactions Act
Retention period: 5 years
- Records on consumer complaints or dispute resolution
Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.
Retention period: 3 years
- Records on identity verification
Reason for retention: Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
Retention period: 6 months
- Records on visits (log records, access location information)
Reason for retention: Communications Secrets Protection Act
Retention period: 3 months

5. Procedures and Methods for Destruction of Personal Information
In principle, members' personal information is destroyed without delay when the purpose of collection and use of personal information is achieved.
① Destruction procedures
- Information entered by members for membership registration, etc. is moved to a separate DB (or a separate document box in the case of paper documents) after the purpose is achieved, stored for a certain period in accordance with internal policies and other relevant laws and regulations (refer to retention and usage period), and then destroyed.
- Personal information moved to a separate DB is not used for other purposes except in cases required by law.
② Destruction methods
- Personal information printed on paper is destroyed by shredding with a shredder or incineration.
- Personal information stored in electronic file format is deleted using technical methods that cannot reproduce the records.

6. Technical/Administrative Protection Measures for Personal Information
The Company takes the following technical/administrative measures to ensure security so that personal information is not lost, stolen, leaked, altered, or damaged when handling users' personal information.
① Administrative measures: Establishment and implementation of internal management plans, regular employee education, etc.
② Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, etc., installation of security programs
③ Physical measures: Access control to computer rooms, data storage rooms, etc.

7. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
Must J Co., Ltd. does not use 'cookies' that store and retrieve information subjects' usage information from time to time.

8. Personal Information Protection Officer
The Company is responsible for overseeing personal information processing tasks and has designated a personal information protection officer as follows to handle complaints and damage relief of information subjects related to personal information processing.
Name: Jeong Sang-jin
Position: CEO
Contact: mustj2025@gmail.com

9. Rights of Users and Legal Representatives and Methods of Exercise
① We do not accept membership registration for children under the age of 14 who require consent from legal representatives.
② Users may view or modify their registered personal information at any time and may also request membership cancellation (withdrawal of consent).
③ To view or modify personal information, users can log in and click 'Personal Information Change' (or 'Member Information Modification', etc.) in 'My', and for membership cancellation (withdrawal of consent), users can click "Member Withdrawal" and go through identity verification procedures to directly view, correct, or withdraw. Alternatively, if you contact the personal information protection officer in writing, by phone, or by email, we will take action without delay.
④ If a user requests correction of errors in personal information, the personal information is not used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, we will notify the third party of the correction processing results without delay so that correction can be made.
⑤ "MarbleImpact" processes personal information that has been terminated or deleted at the user's request in accordance with the provisions stated in "Retention and Usage Period of Collected Personal Information" and processes it so that it cannot be viewed or used for other purposes.

10. Remedies for Rights Infringement
Users may inquire about damage relief, counseling, etc. regarding personal information infringement to the following institutions.
The following institutions are separate from the Company. If you are not satisfied with the Company's own personal information complaint handling and damage relief results, or if you need more detailed help, please contact them
▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Scope of work: Reporting of personal information infringement facts, application for counseling
- Website: privacy.kisa.or.kr
- Phone: (without area code) 118
- Address: 3F Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong), 58324
▶ Personal Information Dispute Mediation Committee
- Scope of work: Application for personal information dispute mediation, collective dispute mediation (civil resolution)
- Website: www.kopico.go.kr
- Phone: (without area code) 1833-6972
- Address: 12F Government Seoul Building, 209 Sejong-daero, Jongno-gu, Seoul, 03171
▶ Supreme Prosecutors' Office Cyber Investigation Division: http://www.spo.go.kr
▶ National Police Agency Cyber Bureau: http://cyberbureau.police.go.kr

11. Obligation to Notify
When there are changes such as addition, deletion, and modification of the contents of the current personal information processing policy, we will notify through service announcements 7 days before the effective date.

Date of Personal Information Processing Policy Announcement: December 30, 2025
Effective Date of Personal Information Processing Policy: December 30, 2025