Privacy Policy

The Company processes personal information for the following purposes. The personal information being processed is not used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be implemented. ① Service Provision - Provision of services such as investment analysis, briefing, and company analysis - Content provision and personalized service provision ② Member Management - Confirmation of membership registration intention, identification and authentication for membership services - Maintenance and management of membership, prevention of fraudulent use of services - Various notices and notifications, complaint handling ③ Provision of Goods or Services - Credit purchase and provision, paid service provision ④ Marketing and Advertising - Development of new services and provision of personalized services - Provision of events and promotional information and participation opportunities

① The Company processes and retains personal information within the period of retention and use of personal information in accordance with laws and regulations or the period of retention and use of personal information agreed upon when collecting personal information from the data subject. ② The processing and retention period of each personal information is as follows: - Membership registration and management: Until membership withdrawal (However, if investigation or inquiry is in progress due to violation of related laws, until the end of such investigation or inquiry) - Provision of goods or services: Until completion of supply of goods/services and payment/settlement - Records on contracts and withdrawal of offers in e-commerce: 5 years - Records on payment and supply of goods: 5 years - Records on consumer complaints or dispute handling: 3 years

The Company processes the following personal information items: ① Required Items - Email address, password, name (or information provided by social login provider) - Service usage records, access logs, IP address, cookies, MAC address, device information ② Optional Items - Profile image, interests, watchlist ③ Collection Method - Membership registration, automatic collection during service use, social login

① The Company processes personal information of data subjects only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only in cases corresponding to Article 17 and Article 18 of the Personal Information Protection Act, such as consent of the data subject or special provisions of laws. ② The Company, in principle, does not provide personal information of data subjects to foreign countries. However, if necessary for service provision, personal information may be provided to foreign countries only in cases corresponding to Article 17 and Article 18 of the Personal Information Protection Act.

① The Company entrusts personal information processing tasks as follows for smooth personal information processing: - Cloud service provision: Google Cloud Platform (server hosting and data storage) - Payment processing: Payment gateway when payment module is connected (currently suspended) ② When concluding an entrustment contract, the Company specifies matters such as prohibition of personal information processing other than the purpose of performing entrusted tasks, technical and administrative protection measures, restriction of re-entrustment, management and supervision of the trustee, and compensation for damages in contracts and other documents in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the trustee safely processes personal information.

① Data subjects may exercise the following rights related to personal information protection against the Company at any time: - Right to request suspension of personal information processing - Right to request access to personal information - Right to request correction or deletion of personal information - Right to request suspension of personal information processing ② The exercise of rights under paragraph 1 may be made to the Company in writing, by email, facsimile transmission (FAX), etc., and the Company will take action without delay. ③ If a data subject requests correction or deletion of errors in personal information, the Company shall not use or provide the personal information until the correction or deletion is completed.

① The Company destroys personal information without delay when personal information becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose. ② The procedure and method of destroying personal information are as follows: - Destruction procedure: The Company selects personal information for which the reason for destruction has occurred and destroys it after obtaining approval from the Company's personal information protection officer. - Destruction method: Information in electronic file format is deleted using technical methods that cannot reproduce records, and personal information printed on paper is destroyed by shredding with a shredder or incineration.

① The Company is responsible for overall personal information processing tasks and designates a personal information protection officer as follows to handle complaints and damage relief of data subjects related to personal information processing. ▶ Personal Information Protection Officer - Name: Euiseok Kim - Position: CEO - Contact: lionandthelab@gmail.com ② Data subjects may contact the personal information protection officer for all matters related to personal information protection inquiries, complaint handling, and damage relief that occur while using the Company's services.

The Company takes the following technical, administrative, and physical measures necessary to ensure security in accordance with Article 29 of the Personal Information Protection Act: ① Minimization and Training of Personal Information Handling Staff - Designating staff handling personal information and limiting them to designated personnel to minimize and implement measures to manage personal information. ② Restriction of Access to Personal Information - Taking necessary measures to control access to personal information by granting, changing, and terminating access rights to database systems that process personal information. ③ Encryption of Personal Information - Users' personal information passwords are encrypted and stored and managed so that only the user knows them, and important data uses separate security functions such as encrypting files and transmission data or using file locking functions. ④ Technical Measures Against Hacking - The Company installs security programs and conducts regular updates and inspections to prevent leakage and damage of personal information due to hacking or computer viruses, and installs systems in areas where external access is controlled and monitors and blocks them technically and physically.

① The Company uses 'cookies' that store and retrieve user information from time to time to provide personalized services to users. ② Cookies are small amounts of information sent by the server (HTTP) that operates the website to the user's computer browser and may be stored on the user's PC computer hard disk. ③ Users have the right to choose whether to install cookies. Therefore, users can decide whether to accept cookies by setting options in their web browser.

This privacy policy applies from November 1, 2025, and if there are additions, deletions, or corrections to the content due to changes in accordance with laws and policies, it will be notified through the notice board 7 days before the implementation of the changes.