Signature Gamez Privacy Policy

Signature Gamez LLC (hereinafter “the Company”) processes personal information lawfully and manages it securely in compliance with the Personal Information Protection Act and related laws to protect the rights and freedoms of data subjects. In accordance with Article 30 of the Personal Information Protection Act, the Company has established and publicly disclosed the following Privacy Policy to inform data subjects of the procedures and standards for processing and protecting personal information, and to ensure that related complaints can be handled promptly and smoothly.

1. Purpose of Personal Information Processing

The Company processes personal information for the following purposes. Personal information collected will not be used for any purposes other than those listed below. If the purpose of use changes, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

(a) Membership Registration and Management
Personal information is processed for purposes including confirming the intention to register, identifying and authenticating members, maintaining and managing membership status, preventing service misuse, verifying consent of legal guardians for processing personal information of children under 14, providing notices, and handling complaints.

(b) Service Provision
Personal information is processed to provide services, deliver content, offer personalized recommendations, verify identity and age, process payments and settlements, and handle refunds.

(c) Service Improvement and Analysis
Personal information is processed for analyzing service usage and improving the service.

(d) Service Development
Personal information is processed for developing new services separate from existing services.

2. Categories of Personal Information Processed

The Company collects and uses personal information of data subjects based on the following legal grounds.

(a) Personal information processed without consent of the data subject
The Company processes the following personal information without the consent of the data subject:

1. Membership Service Operation
   
   

• Legal basis: Article 15(1)4 of the Personal Information Protection Act (“Contract conclusion and performance”)
  
  

• Collected/used items: External platform ID (Google, Apple), nationality, nickname, service usage history, access logs, sanctions history, game version, payment records, device information, device identifiers, location information, advertising ID
  
  

2. Customer Support
   
   

• Legal basis: Article 15(1)4 of the Personal Information Protection Act (“Contract conclusion and performance”)
  
  

• Collected/used items: Email address, UID, nickname, other information necessary for support
  
  

3. Order and Payment Processing
   
   

• Legal basis: Article 15(1)4 of the Personal Information Protection Act (“Contract conclusion and performance”)
  
  

• Collected/used items: External platform ID (Google, Apple), order history, payment information
  
  

(b) Personal information processed with consent of the data subject
The Company processes the following personal information based on consent from the data subject:

1. Advertising Information Delivery
   
   

• Legal basis: Article 15(1)1 and Article 22(1)7 of the Personal Information Protection Act
  
  

• Collected/used items: Phone number, email address
  
  

3. Retention and Use Period of Personal Information

The Company processes and retains personal information within the period specified by laws or agreed upon at the time of collection.

1. Information collected for service provision is retained for up to 30 days after game membership withdrawal for recovery and protection in case of identity theft or damages.
   
   

2. Information collected for events is retained for up to 5 years.
   
   

3. Records of SMS or email delivery are retained for up to 1 year and then destroyed.
   
   

However, in the following cases, personal information is retained until the reason for retention ends:

1. Investigation or inquiry under relevant laws: until the investigation or inquiry concludes
   
   

2. Outstanding obligations or claims related to website use: until settlement
   
   

The Company may also retain information for a certain period as required by law, without using it for other purposes:

• Records related to contracts or withdrawal: 5 years (Enforcement Decree of the Consumer Protection Act in Electronic Commerce, Article 6(1)2)
  
  

• Records of payment and supply of goods: 5 years (Article 6(1)3)
  
  

• Records of consumer complaints or disputes: 3 years (Article 6(1)4)
  
  

• Records of advertising: 6 months (Article 6(1)1)
  
  

• Internet log records and connection tracking: 3 months (Article 15-2(2) of the Act on the Protection of Communications Secrets)
  
  

4. Procedures and Methods for Personal Information Destruction

The Company deletes personal information without delay once it is no longer needed.

[Destruction Procedure]
Information entered for membership registration or similar purposes is stored for a certain period in accordance with internal policies and relevant laws (see retention period above) and then destroyed after the purpose has been achieved (30-day grace period after withdrawal request).

[Destruction Method]
Electronic files are irreversibly deleted, and paper records are shredded or incinerated.

5. Outsourcing and International Transfer of Personal Information

The Company transfers personal information collected from service users overseas as follows to provide smooth service. Under Article 28-8(2) of the Personal Information Protection Act, data subjects are informed of international transfers. Refusal to allow transfer may prevent use of the service. Users may request membership withdrawal if they do not wish to transfer their data.

1. Firebase Service
   
   

• Country: USA
  
  

• Transfer method: Transmitted over the network as necessary for service provision
  
  

• Transferred items: Service usage information, device information
  
  

• Purpose: Data storage and system operation for service provision
  
  

• Retention period: Up to 30 days after membership withdrawal or until service termination
  
  

2. Playfab Service
   
   

• Country: USA
  
  

• Transfer method: Transmitted over the network as necessary for service provision
  
  

• Transferred items: Nickname, service usage information, device information
  
  

• Purpose: Data storage and system operation for service provision
  
  

• Retention period: Up to 30 days after membership withdrawal or until service termination
  
  

6. Measures to Ensure Personal Information Security

The Company implements the following measures to secure personal information:

1. Administrative measures: Establishing and implementing internal management plans, training personnel handling personal information
   
   

2. Technical measures: Access control to personal information systems, encryption, installation and updates of security programs, vulnerability checks and corrections
   
   

3. Physical measures: Access control to storage devices, securing documents and media in locked locations, disaster preparedness, controlling removal and entry of storage media
   
   

7. Automatic Collection Devices and Opt-Out

The Company collects and uses advertising identifiers for personalized advertising in the app. Data subjects can block or allow personalized ads via mobile device settings.

• Android: Settings → Google → Ads → Delete advertising ID
  
  

• iOS: Settings → Privacy → Tracking → Disable “Allow Apps to Request to Track”
  
  

Menus and procedures may differ depending on OS version.

8. Rights of Data Subjects and Legal Representatives

1. Data subjects may request access, correction, deletion, suspension of processing, or withdrawal of consent at any time.
   
   

   • For children under 14, legal representatives must exercise rights. Minors over 14 may exercise rights themselves or via legal representatives.
     
     

2. Requests may be submitted via email according to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act. The Company will promptly handle requests.
   
   

3. Requests may also be submitted by authorized representatives with a power of attorney according to the “Notice on Personal Information Processing Methods” [Annex 11].
   
   

4. Rights may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act.
   
   

5. Deletion cannot be requested if personal information is explicitly required by other laws.
   
   

6. The Company verifies the identity of the requester or authorized representative.
   
   

7. Requests can be submitted to:
   
   

   • Department: Privacy Team
     
     

   • Contact: privacy@signaturegamez.net
     
     

9. Personal Information Protection Officer

1. The Company has designated a Personal Information Protection Officer to oversee personal information processing, complaints, and remedy procedures.
   
   

   • Name: Won-Young Jeong
     
     

   • Contact: privacy@signaturegamez.net
     
     

   • Department: Privacy Team
     
     

   • Contact: privacy@signaturegamez.net
     
     

2. Data subjects may contact the officer or team regarding any personal information protection inquiries or complaints. The Company will respond without delay.
   
   

10. Changes to the Privacy Policy

This Privacy Policy is effective from June 1, 2025.