Privacy Policy

MOVA Tech values your personal information and processes it lawfully in accordance with applicable regulations.

Effective date: March 24, 2026

1. Purpose of Processing Personal Information

MOVA Tech Co.,Ltd. (hereinafter "the Company") processes personal information for the following purposes. Personal information collected shall not be used for any purpose other than those stated below. If the purpose of use changes, necessary measures such as obtaining separate consent will be taken. • Inquiry handling: Confirming customer inquiries, investigating facts, and notifying results • Project consultation: Reviewing project requests and providing proposals

2. Personal Information Collected

The Company collects the following personal information for handling inquiries. • Required: Name, email address • Optional: Company name • Automatically collected: Inquiry category, message content

3. Retention Period

The Company destroys personal information without delay after the purpose of collection and use has been achieved. • Inquiry information: Retained for 1 year after inquiry processing is completed, then destroyed • However, if retention is required by relevant laws, information is retained for the period specified by such laws.

4. Provision to Third Parties

The Company does not provide personal information to external parties in principle. Exceptions include: • When the data subject has given prior consent • When required by law

5. Outsourcing of Processing

The Company outsources personal information processing for inquiry notification purposes as follows. • Service provider: Slack Technologies (Salesforce) • Purpose: Delivery of inquiry notifications • Period: Until termination of the service agreement

6. Cross-border Transfer of Personal Information

The Company transfers personal information overseas as follows: • Recipient: Slack Technologies (Salesforce, Inc.) • Country: United States • Information transferred: Name, email address, company name, inquiry category, message content • Purpose: Delivery of inquiry notifications • Method: Automatic transmission via Slack API upon inquiry submission • Retention period: Until termination of the service agreement This website is operated via Cloudflare, and data may be routed through servers located outside your country of residence during the course of providing services. The United States may not maintain a level of personal information protection equivalent to that of Korea or Japan. However, the Company applies necessary protective measures such as encryption during data transmission.

7. Security Measures

The Company takes the following measures to ensure the security of personal information: • Technical measures: SSL/TLS encryption across the entire website, restricted access to personal information • Administrative measures: Minimized number of personnel handling personal information, designated privacy officer • Physical measures: Cloud-based infrastructure with controlled physical server access

8. Cookies and Automatic Collection

The Company may use cookies for user convenience. • Purpose of cookies: Providing basic website functionality such as language preferences • Managing cookies: You can refuse cookie storage through your web browser settings. However, refusing cookies may limit your use of some services. The Company does not use tracking cookies or web beacons for marketing or advertising purposes.

9. Rights of Data Subjects

Data subjects may exercise the following rights: • Request to access personal information • Request correction of errors • Request deletion • Request suspension of processing These rights may be exercised via email ([email protected]), and the Company will take action without delay.

10. Destruction of Personal Information

The Company destroys personal information without delay when it is no longer needed due to expiration of the retention period, achievement of the processing purpose, etc. • Electronic files: Permanently deleted using methods that prevent recovery • Paper documents: Shredded or incinerated

11. Remedies for Infringement of Rights

Data subjects may contact the following organizations in Korea for dispute resolution or consultation regarding personal information infringement: • Personal Information Dispute Mediation Committee: 1833-6972 • Personal Information Infringement Report Center (KISA): 118 • Supreme Prosecutors' Office Cyber Investigation Division: 1301 • National Police Agency Cyber Bureau: 182

12. No Sale of Personal Information

The Company does not sell users' personal information and has no plans to do so. The Company does not share personal information with third parties for advertising or marketing purposes.

13. Privacy Officer

The Company has designated the following privacy officer to oversee all matters related to personal information processing and handle related complaints. • Name: Myeongsub Kim • Position: CEO • Email: [email protected]

14. Changes to This Policy

This privacy policy is effective from the date of enforcement. Any additions, deletions, or corrections due to changes in laws or policies will be announced through website notices at least 7 days before the changes take effect.