Under the Personal Information Protection Act, CYANSTAR Corporation (hereinafter referred to as the "Company"), which operates "HASH BROWN", has the following measures to protect users' privacy and rights and to deal with users' grievances:
When the company revises its personal information processing policy, it will announce it through a website announcement (or individual notice).

The company processes personal information for the following purposes: Personal information processed will not be used for any purpose other than the following, and we will seek prior consent if the purpose of use is changed.

A. Register and manage homepage membership
Personal information is processed for the purpose of identifying and certifying membership, maintaining and managing membership, preventing fraud, various notices and notices, complaints, and preserving records for dispute settlement.

B. Processing civil affairs
Personal information is processed for the purpose of verifying the identity of the civil petitioner, verifying the civil petitioner, contacting and notifying the facts, and notifying the results of the processing.

C. Providing goods or services
Personal information is processed for the purpose of delivering goods, providing services, sending bills, providing contents, providing customized services, authentication, age certification, payment and settlement of charges, collecting bonds, etc.

D. Use in marketing and advertising
Personal information is processed for the purpose of developing new services (products), providing customized services, providing events and advertising opportunities, providing and advertising services based on demographic characteristics, validating services, identifying access frequency, or statistics on members' use of services.

E. Personal video information.
Personal information is handled for the purpose of preventing and investigating crimes.

The company collects the following types of information:

A. Information you provide directly to the service:
When you sign up for a hash brown account, you can request personal information for e-mail addresses, passwords, gender, region, occupation or affiliation, age, interests, etc./ Hashbrown events, promotions, name, phone number, and payment methods.

B. Information that you collect when you use the service:
Hash Brown collects the following information and uses it as a marketing information, improving the service, improving user convenience.
Device identifiers, operating systems, access areas, cookies and similar technologies, log file information, access IP, metadata related to user content, etc.

A. Implementation of contracts for the provision of services and settlement of charges for the provision of services;
Delivering content, providing specific customized services, shipping goods, or billing, etc., authorizing, purchasing and paying.

B. Member management
Identification of identity, personal identification, prevention of illegal use and unauthorized use of defective members, confirmation of intention to join, preservation of records for dispute settlement, etc. of complaints, delivery of notices, and confirmation of withdrawal of members;

C. Development of new services and use of them for marketing and advertising
New service development and customized service delivery, service delivery and advertising according to statistical characteristics, validation of services, event and advertising information and opportunity to participate, frequency of access, statistics on service use by members

In principle, personal information of users shall be destroyed without delay when the purpose of collecting and using personal information is achieved. However, the following information shall be preserved for the period specified for the following reasons:

A. Reasons for holding information based on company's internal policy
£ Negative employment record
Reason for preservation: Prevent fraudulent use
Retention period: 1 year

B. Reasons for holding information under the relevant statutes
If it is necessary to preserve in accordance with the provisions of the relevant statutes, such as the Commercial Act and the Consumer Protection Act, e-commerce, etc., the company shall keep the member information for a certain period of time as prescribed by the relevant statutes. In such cases, the company uses the information stored only for the purpose of storage, and the retention period is as follows.

1) Records on the withdrawal of contracts or subscriptions, etc.
Reasons for preservation: Act on consumer protection in e-commerce, etc.;
Retention period: 5 years
2) Records of payment and supply of goods, etc.
Reasons for preservation: Act on consumer protection in e-commerce, etc.;
Retention period: 5 years
3) Records on electronic financial transactions
Reason for Conservation: Electronic Financial Transactions Act
Retention period: 5 years
4) Records of consumer complaints or dispute handling
Reasons for preservation: Act on consumer protection in e-commerce, etc.;
Retention period: 3 years
5) Records of identification
Reasons for preservation: Act on the Promotion of the Use of Information and Communication Networks and the Protection of Information, etc.;
Retention period: 6 months
6) Website visit record
Reason for Conservation: Communication Secrets Protection Act
Retention period: 3 months

The company shall not share or entrust user's personal information to a third party except in the following cases:

A. Where required by law to disclose;
B. Where there is a request from the investigative agency in accordance with the procedures and methods prescribed in Acts and subordinate statutes for investigative purposes;

In principle, personal information of users shall be destroyed without delay when the purpose of collecting and using personal information is achieved. The company's personal information destruction procedures and methods are as follows.
A. Destruction procedure
- Information entered by the user for membership registration is transferred to a separate DB after the purpose is achieved (in case of paper, separate document box) and stored for a certain period of time (refer to retention and usage period) according to internal policies and other related laws.
- Personal information is not used for any purpose other than those held unless it is under the law.

B. Destruction method
- Personal information printed on paper should be shredded with a grinder or destroyed through incineration.
- Personal information stored in electronic file format is deleted using technical methods that cannot be played back.