The Company collects only the minimum personal information necessary to provide its services.

1. Required Information

   The following information is required for service use:

   • Email address
   • Password
   • Nickname
2. Optional Information

   The following information may be provided voluntarily, and failure to provide it will not restrict service use:

   • Country (user-selected or “Other”)
   • Gender (Male, Female, Other)

   ※ The Company does not collect unnecessary personal information such as real names or dates of birth.

3. Automatically Collected Information

   During service use, the following information may be automatically generated and collected:

   • IP address and access timestamps
   • Device information (operating system, browser type, screen resolution, etc.)
   • Service usage records (download history, widget installation history, configuration change logs, etc.)

   This information is used for security enhancement, prevention of fraudulent activities, and service quality improvement.

The Company uses collected personal information for the following purposes:

1. Member Management
   • User registration and identification
   • Login and account maintenance
   • Password management and account security enhancement
2. Service Provision and Operation
   • Providing customized widget and icon features
   • Maintaining user environment settings based on usage history
   • Optimizing user experience
3. Customer Support
   • Responding to inquiries and resolving issues
   • Delivering service-related notices and announcements
4. Security and Service Stability
   • Detecting unauthorized access and abnormal activities
   • Analyzing system logs and improving service quality
5. Compliance with Legal Obligations
   • Fulfilling data retention and submission obligations required by law

The Company destroys personal information without delay once the purpose of collection and use has been fulfilled.
However, where required by law, personal information is retained for the following periods and then destroyed:

The Company does not provide users’ personal information to third parties.
Personal information may be provided only when required by law or when the user has given separate consent.

Currently, the Company does not provide personal information to any third parties.

The Company may outsource personal information processing to external service providers as necessary for service operation.

※ Data may be stored in AWS regions selected by the Company (e.g., Virginia (US), Singapore, Tokyo (Japan)).

※ AWS complies with internationally recognized security standards.

For global service operation, the Company may store personal information on overseas servers (AWS).

1. Transferred Countries: United States (Virginia), Singapore, Japan (Tokyo)
2. Recipient: Amazon Web Services, Inc.
3. Transferred Data: All personal information collected in connection with service use
4. Purpose: Service operation, data storage, and backup
5. Safeguards: AWS standard security certifications, GDPR Standard Contractual Clauses (SCCs)
6. CCPA/CPRA: The Company does not sell or share personal information and respects users’ opt-out rights

Users may withdraw consent for cross-border transfers at any time.

Users have the following rights:

1. Right to access personal information
2. Right to request correction
3. Right to request deletion
4. Right to request suspension of processing
5. Right to withdraw consent
6. Right to object to automated decision-making

The Company will process user requests within 10 days, and if an extension is required, the reason will be provided.

These rights include those guaranteed under GDPR Articles 12–22, CCPA/CPRA, and other applicable data protection laws.

California residents may exercise their rights to access, delete, and opt out of the sale or sharing of personal information without discrimination.

Cookies may be used to improve service quality and user experience.
Users may refuse cookie storage through browser settings.

1. The Company does not provide services to users under the age of 14.
2. Minimal verification procedures may be used during registration to confirm age eligibility.

These measures comply with PIPA (Korea), GDPR (EU/UK), APPI (Japan), and COPPA (United States).

The Company has designated a Data Protection Officer to handle inquiries related to personal information protection.

1. Data Protection Officer: Sarang Kim
2. Email: iconiq.official.team@gmail.com

The Company implements the following safeguards:

1. Password hashing and encryption
2. Encrypted data transmission (HTTPS/TLS)
3. Access control and permission management
4. AWS-based security systems and monitoring
5. Malware prevention and intrusion detection

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our services.
If any material changes are made, we will provide prior notice through appropriate means.

Users may exercise their rights described in this Privacy Policy by contacting:

1. Customer Support Email: iconiq.official.team@gmail.com