Location-based territorial occupation, SNS, location information sharing, e-commerce-related services, and other services (hereinafter referred to as services) provided by Internet sites and mobile applications operated by MustJ Inc. (hereinafter referred to as "RealmStep") comply with the personal information protection regulations under relevant laws and regulations to be observed by information and communication service providers, such as the Communication Secret Protection Act, the Telecommunications Business Act, the Promotion of Information and Communication Network Utilization and Information Protection Act, and the government establishes a personal information handling policy under relevant laws and regulations to protect users' rights and interests.
This is designed to ensure the basic privacy, freedom, and communication secrets of users and to prevent human rights damage caused by illegal eavesdropping information leakage.

1. Collection items and purpose of use of personal information
① The purpose of the company's collection of personal information is to provide optimized and customized services by confirming the user's personal identification and intention to use the service.
② The company may use the collected personal information for the following purposes. In principle, the company does not collect or use members' social security numbers, but uses alternative measures (such as mobile phone number authentication).
Collection items and purpose of use
- Email, ID, password, identification information (CI/DI): Prevent personal identification and fraudulent use when registering as a member
- User profile image : purpose of displaying a profile for service use
- Gender, age group: Provide accurate exercise information through analysis of gender and age group
- Mobile phone number: Personal identification and product delivery purpose and notification of important information when registering as a member
- IP Address, date and time of visit, location information, service usage record, defective usage record: automatically generated and collected during service usage and processing
- Carrier CID, device information (AD-ID): Prevent personal identification and illegal use when registering as a member
- Location information (latitude, longitude): Purpose of territorial occupation function, pedometer, walking route (exercise route) management, item collection location management, log checking to prevent location manipulation
- Age, Height, Weight Body Information: Data to provide customized services for exercise data
- Device Model Name, Device SDK Version, App Version, Language and Country Information: Error Tracking and Service Use Improvement Purpose
- Advertising ID: Show customized ads
- Payment information: Payment of charges for the use of services and additional services
③ All information provided by the member shall not be used for any purpose other than those necessary for the above purpose, and if the scope, purpose of use, or use of the collected information is changed, prior consent shall be sought from the member.
④ The company collects personal information in the form of Internet sites and mobile applications, documents, and phone calls.

2. Provision and purpose of personal information to third parties
In principle, the company uses users' personal information within the scope of "collection items and purpose of use of personal information", and does not use it beyond the scope or disclose users' personal information to the outside without the user's prior consent.
However, exceptions are made in the following cases.
① If a member has agreed to disclose it in advance
② Where it is deemed necessary to disclose personal information to take legal action against a person who violates the terms and conditions of use of the RealmStep or uses the RealmStep service to damage others or harms beauty and culture
③ Where there is a request from an investigative agency in accordance with the provisions of the statute or in accordance with the procedures and methods prescribed in the statute for investigative purposes

3. Consignment of handling personal information
The company can entrust the handling of personal information to others for smooth and improved services, and take necessary measures to ensure that personal information can be safely managed during consignment contracts in accordance with relevant laws and regulations.
In addition, the information you entrust is limited to the minimum information you need to provide a smooth service.
The contents of the consignment are as follows, and they are kept during the legal period according to the regulations set out in the relevant laws and regulations.
Amazon Web Service : Web Server and DB Archive
Atlas Cloud : DB 보관

4. Period of retention and usage of personal information
① While a member receives the services provided by RealmStep, the personal information of a member registered at the time of membership registration will continue to be held by RealmStep and will not be used for any other purpose.
② In principle, the personal information of a member shall be destroyed without delay if the purpose of collection or provision is achieved, or if the qualification of a member is restricted or suspended due to the reasons for withdrawal or loss of membership expressed.
However, the following information will be retained for the period specified for the following reasons.
A. Reasons for holding information according to the company's internal policy
- Record of illegal use
Reason for Preservation: Prevent Unauthorized Use
Retention period: 1 year
- records necessary to prevent fraud
Reason for Preservation: Fraud Prevention
Retention period: 3 years
B. Reasons for holding information under relevant laws and regulations
If it is necessary to preserve it in accordance with the provisions of related laws such as the Commercial Act and the Consumer Protection Act in Electronic Commerce, etc., the company keeps member information for a certain period prescribed by the relevant laws. In this case, the company uses the information it keeps for the purpose of storage only, and the retention period is as follows.
- Record of contract or withdrawal of subscription, etc
Reason for Preservation: Act on Consumer Protection in Electronic Commerce, etc
Retention period: 5 years
- Record of payment and supply of goods, etc
Reason for Preservation: Act on Consumer Protection in Electronic Commerce, etc
Retention period: 5 years
- Record of Electronic Financial Transactions
Reason for Preservation: Electronic Financial Transactions Act
Retention period: 5 years
- Record of consumer complaints or dispute settlement
Reason for Preservation: Act on Consumer Protection in Electronic Commerce, etc
Retention period: 3 years
- a record of identification
Reasons for preservation: Act on Promotion of Information and Communication Network Utilization and Information Protection, etc
Retention period: 6 months
- History of the visit (log history, access information)
Reason for Preservation: Communication Secret Protection Act
Preservation period: 3 months

5. Procedures and methods for destroying personal information
In principle, members' personal information is destroyed without delay when the purpose of collecting and using personal information is achieved.
① procedure for destruction
- Information entered by members for membership registration, etc., is transferred to a separate DB after the purpose is achieved (in the case of paper, a separate document box) and stored for a certain period of time (refer to the retention and usage period) according to the internal policy and other relevant laws and regulations.
- Personal information transferred to a separate DB will not be used for any other purpose except by law.
② Method of destruction
- Personal information printed on paper is shredded with a grinder or destroyed through incineration.
- Personal information stored in the form of electronic files is deleted using a technical method that cannot be played back.

6. Technical/administrative protection measures for personal information
The company is taking the following technical and administrative measures to ensure safety in handling users' personal information so that personal information is not lost, stolen, leaked, tampered with or damaged.
① Management measures: Establishment of internal management plan. Implementation, regular employee training, etc
② Technical measures: Management of access rights to personal information processing systems, etc., installation of access control systems, encryption of unique identification information, etc., installation of security programs
③ Physical measures: Control of access to computer rooms, data storage rooms, etc

7. Matters concerning the installation, operation and rejection of automatic personal information collection devices
MustJ Co., Ltd. does not use 'cookies' that store the information subject's usage information and call it up from time to time.

8. Director of Privacy
The company is in charge of handling personal information and designates a personal information protection officer as follows to handle complaints and damage relief by the data subject related to personal information processing.
Name: Jeong Sang-jin
Position: Representative
Contact: mustj2025@gmail.com

9. Rights of users and legal representatives and methods of exercising them
① We do not accept membership of children under the age of 14 who need the consent of a legal representative.
② Users can inquire or modify their registered personal information at any time, and they can also request cancellation (withdrawal of consent).
③ To inquire and modify the user's personal information, you can log in and change personal information (or modify membership information) from My, and to cancel (withdrawal of consent), you can directly read, correct, or leave after going through the identity verification process. Or, if you contact the person in charge of personal information protection by writing, phone, or e-mail, we will take action without delay.
④ If a user requests correction of an error in personal information, the personal information will not be used or provided until the correction is completed. In addition, if the wrong personal information has already been provided to a third party, we will notify the third party of the correction process without delay so that the correction can be made.
⑤ "RealmStep" processes personal information that has been terminated or deleted at the request of the user in accordance with the "retention and usage period of personal information collected" and prevents it from being viewed or used for other purposes.

10. Relief for infringement of rights
Users can inquire about the following institutions for damage relief and counseling for personal information infringement.

▶ Personal Information Infringement Reporting Center (operated by the Korea Internet & Security Agency)
- Affairs under jurisdiction: Report of infringement of personal information, request for consultation
- Home page: privacy.kisa.or.kr
- Phone: 118 (without country number)
- Address: (58324) 3rd floor Personal Information Infringement Reporting Center, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2)
▶ Personal Information Dispute Mediation Committee
- Subject matter: Personal information dispute mediation application, collective dispute mediation (civil resolution)
- Home page: www.kopico.go.kr
- Phone: (without country number) 1833-6972
- Address: (03171) 12th floor of the Seoul Government Complex, 209, Sejong-daero, Jongno-gu, Seoul
▶ Cyber Investigation Division of Supreme Prosecutors' Office: http://www.spo.go.kr
▶ Cyber Safety Bureau of the National Police Agency: http://cyberbureau.police.go.kr

11. Duty of Notification
If there is a change in the addition, deletion, or amendment of the current personal information processing policy, it will be notified through the notice in the service 7 days before the effective date.

Date of announcement of personal information processing policy: 2025.04.01
Date of Enforcement of Personal Information Processing Policy: 2025.05.01