Plum SEC (hereinafter referred to as 'the Site') complies with the 'Personal Information Protection Act' and related laws and regulations to protect the freedoms and rights of data subjects, lawfully processing and safely managing personal information. Accordingly, pursuant to Article 30 of the 'Personal Information Protection Act', we establish and disclose this Privacy Policy to guide data subjects on the procedures and standards for the processing and protection of personal information, and to handle related grievances swiftly and smoothly.

This policy will take effect on June 1, 2026.

1. Purpose of Processing Personal Information

The Site does not have a separate membership registration process and does not collect information that can directly identify individuals, such as the user's ID, name, or contact details. However, pseudo-identifiable information generated during the use of the service is processed solely for the following purposes.

• Ensuring Website Security and Stability: Blocking unauthorized server access, responding to web attacks such as malicious traffic and DDoS, and preventing security breach incidents through system access log management
• Displaying Google AdSense Advertisements: Providing customized online advertisements and measuring ad performance through integration with third-party advertising systems

2. Items of Personal Information Processed

The Site processes the following items through automatic collection devices and server logs when users access the service.

• Legal Basis: Article 15, Paragraph 1, Item 6 of the 'Personal Information Protection Act' (Legitimate Interests of the Personal Information Controller)
• Collected Items: User's IP address, cookies, website visit and usage history (access time, click history), browser type, and operating system (OS) information

3. Processing and Retention Period of Personal Information

Data for user security management will be retained and then destroyed in strict compliance with the retention periods specified in the relevant laws and regulations once the purpose is achieved.

• Website Security and Access Logs (IP address, etc.): 3 months (Compliance with the time limit pursuant to Article 15-2 of the Protection of Communications Secrets Act)
• Google AdSense Cookies and Behavioral Information: Follows the retention period set within the relevant system in accordance with Google Inc.'s advertising privacy policy

4. Procedures and Methods for Destruction of Personal Information

The Site destroys relevant personal information without delay when it becomes unnecessary, such as upon expiration of the personal information retention period or achievement of the processing purpose.

• Destruction Procedure: Access logs and IP addresses whose retention period (3 months) has expired are automatically included in the destruction targets according to internal system guidelines.
• Destruction Method: Log data recorded and stored in electronic file format is deleted using technical methods (permanent database deletion and formatting) so that the records cannot be reproduced.

5. Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

The Site uses 'cookies' that store and frequently retrieve usage information to provide individual convenience to users and to serve customized advertisements. A cookie is a small amount of information sent to the user's browser by the server (HTTP) used to operate the website, and it is stored on the user's computer or mobile device.

Users can refuse cookie storage or block third-party customized advertising cookies through their web browser option settings. However, refusing cookie storage may result in restrictions on the use of some services on the website.

[How to Configure Cookie Blocking Settings by Web Browser]

• Chrome: Top right 'Three Dots (⋮)' menu → Settings → Privacy and Security → Third-party cookies → Select 'Block third-party cookies'
• Edge: Top right 'Three Dots (…)' menu → Settings → Privacy, Search, and Services → Select Tracking Prevention level or Manage cookies and site permissions
• Safari: Mobile device Settings → Apps → Safari → Advanced → Activate Block All Cookies
• Samsung Internet: Mobile browser bottom menu (=) → Settings → Privacy Dashboard → Select Smart Tracking Prevention 'Strict'

6. Matters Concerning the Allowance and Refusal of Third-Party Behavioral Information Collection (Google AdSense)

The Site uses 'Google AdSense', an advertising service provided by Google Inc., and in this process, allows third parties to collect users' behavioral information.

• Entity Collecting Behavioral Information: Google Inc.
• Collected Items: User's visit history to the Site, navigation paths, and search/usage patterns
• Purpose of Collection: Serving user-customized online advertisements and measuring ad effectiveness
• Method of User Refusal: Users can visit the Google Ads Settings page (https://adssettings.google.com) and opt out of 'Personalized Ads' to block behavioral information collection and customized advertisement delivery.

7. Rights, Obligations, and Methods of Exercise of Data Subjects

Users may request to inspect, correct, delete, or suspend the processing of their personal information (limited to automatically collected IP addresses and cookie information) processed by the Site at any time. Rights can be exercised by contacting the Privacy Officer via email, etc., and the Site will take action without delay.

※ As the Site does not maintain separate membership registration or identification data and only collects non-identified IP addresses and log information, legally, requests for inspection and deletion may be restricted if it cannot be objectively proven that specific log data belongs to the applicant themselves.

8. Privacy Officer and Grievance Handling Department

The Site designates a Privacy Officer as follows to take overall responsibility for tasks related to personal information processing and to handle data subject complaints and remedy damages regarding personal information processing.

• Privacy Officer: Kyuhwan Lee
• Contact (Email): support@plumsec.com

Users may inquire with the Privacy Officer regarding all privacy-related inquiries, complaint handling, and damage remedies arising while using the services of the Site, and we will answer and process them without delay upon receipt.

9. Remedies for Infringement of Rights and Interests of Data Subjects

In addition to the Site's internal grievance handling, users may contact the following institutions to receive remedies and consultation for damages caused by personal information breaches.

• Personal Information Dispute Mediation Committee: 1833-6972 (without area code) (www.kopico.go.kr)
• Personal Information Breach Report Center: 118 (without area code) (privacy.kisa.or.kr)
• Supreme Prosecutors' Office Cyber Crime Investigation Division: 1301 (without area code) (www.spo.go.kr)
• National Police Agency Cyber Bureau: 182 (without area code) (ecrm.police.go.kr)

10. Matters Concerning Changes to the Privacy Policy

This Privacy Policy applies from June 1, 2026.