XOCIETY

Privacy Policy

Revised Date: November 23, 2025

1. General Provisions

Team XOCIETY (the "Company") values users' personal information and complies with applicable laws and regulations, including the Personal Information Protection Act.

This Privacy Policy (the "Policy") applies to the Company's gaming, NFT creation, and related service platform (the "Platform"), and explains how the Company collects, uses, provides, transfers, retains, and protects users' personal information.

2. Personal Information We Collect

The Company may collect information when users use the Platform, create or upload NFTs, connect external services, or communicate with the Company. The information collected may include the following:

(1) Items Collected

Personal information such as name, email address, Google User ID, and payment information
NFT-related information, including NFTs created or uploaded by users
Wallet address and blockchain transaction-related information
Usage information such as IP address, device information, and browser type
Any other information voluntarily provided by users while using the Platform

(2) Methods of Collection

Information provided directly by users
Information automatically collected during the use of the Platform
Information collected through third-party services such as wallet providers or authentication services

3. Purposes of Processing Personal Information

The Company uses collected personal information for the following purposes:

Provision, operation, maintenance, and improvement of the Platform and services
Processing of transactions and payments
Communications and notices related to the Platform and services
Compliance with legal obligations and regulatory requirements
Prevention of fraud, unauthorized access, or other misuse
Protection of the rights of the Company and its users
Other purposes for which separate consent has been obtained

Except where permitted or required by applicable law, the Company does not use personal information beyond the stated purposes without separate consent.

4. Provision of Personal Information to Third Parties

The Company does not provide users' personal information to third parties without consent, except in the following cases:

Where disclosure is required under applicable laws or lawful procedures
Where disclosure is necessary to comply with legal obligations or regulatory requirements
Where the user has separately consented to such disclosure

5. Entrustment of Personal Information Processing

The Company may entrust certain personal information processing tasks to external service providers for the operation of the Platform.

Service Provider	Entrusted Tasks	Retention and Use Period
Tencent Cloud Service	Cloud infrastructure and data storage	Until termination of the service
Google LLC (Firebase, Google Login)	User authentication and data processing	Until termination of the service

The Company supervises entrusted service providers to ensure that they comply with applicable personal information protection laws and process personal information safely.

6. Overseas Transfer of Personal Information

The Company may transfer and process personal information outside the Republic of Korea for the operation of the Platform.

Recipient	Country	Items Transferred	Purpose	Retention Period
Tencent Cloud Service	Singapore	User data required for platform operation	Cloud operation	Until termination of the service
Google LLC	United States	Email address, login information, authentication-related data, and usage data	User authentication and analytics	Until termination of the service

The Company transfers personal information overseas only where consent has been obtained from the user or where such transfer is necessary for the performance of a contract for service provision.

Users may refuse the overseas transfer of personal information; however, certain services may be restricted in such cases.

7. Measures to Ensure the Security of Personal Information

The Company implements appropriate technical, administrative, and physical safeguards to protect personal information from unauthorized access, use, disclosure, alteration, or destruction. Such measures may include the following:

Encryption of personal information where appropriate
Management of access rights and authorization
Internal management plans and employee training
Security monitoring and operational safeguards

However, no method of transmission over the Internet or electronic storage can be guaranteed to be absolutely secure.

8. Retention and Use Period of Personal Information

The Company retains personal information only for the period necessary to achieve the purposes for which it was collected. Where retention is required by law or necessary for the establishment, exercise, or defense of legal claims, the Company may retain such information accordingly.

Records relating to contracts or withdrawal of subscription: 5 years
Records relating to payments and the supply of goods or services: 5 years
Records relating to consumer complaints or dispute resolution: 3 years
Website access records (log data): 3 months

9. Destruction of Personal Information

When personal information is no longer necessary for the purposes of collection or retention, the Company destroys such information without delay.

Electronic records are permanently deleted using methods that make recovery impossible or extremely difficult
Printed materials and paper documents are shredded or disposed of by other secure means

10. Users' Rights

Within the scope permitted by applicable law, users have the right to request access to, correction of, or deletion of personal information held by the Company, and to object to, restrict, or request suspension of the processing of personal information. Users may also request the transfer of personal information where permitted by applicable law.

Requests to exercise these rights may be submitted via the following email address:

Email: contact@txcelerator.com

11. Protection of User Rights and Prevention of Harm

The Company strives to ensure that all users can use the services in a safe, inclusive, and respectful environment. To this end, the Company implements the following measures:

Non-Discrimination Principle: The Company prohibits discrimination based on gender, sexual orientation, cultural background, social status, or personal values, and endeavors to provide all users with fair access to the services.

Prevention of Harmful Conduct: The Company monitors harmful conduct, including hate speech, harassment, discriminatory content, and other abusive behavior, and may take appropriate action in accordance with its policies.

User Protection Measures: The Company may impose service restrictions, temporary suspension, or account termination on users who violate policies or cause harm to others.

Reporting and Response System: Users may report harmful or inappropriate conduct, and the Company will promptly review and respond to such reports within a reasonable scope.

Support for Remedies: The Company may provide appropriate guidance, support, or corrective measures to users who have experienced harm.

Continuous Improvement: The Company continuously reviews and improves its policies and operational procedures to maintain a safer and more trustworthy service environment.

12. Children's Personal Information

The Platform is not intended for children under the age of 18, and the Company does not knowingly collect personal information from children under 18. If the Company becomes aware that it holds such information, it will delete it as promptly as possible in accordance with applicable law.

13. Third-Party Integrations and Tools

Transactions within the services may be processed through third-party electronic wallet extensions or related service providers. Each service is subject to its own terms of service and privacy policy, and users are encouraged to review them carefully.

MetaMask Terms of Use: https://consensys.net/terms-of-use
Slush Terms of Service: https://slush.app/terms-of-service

Use of such third-party services is governed by the applicable provider's terms and policies.

14. Changes to this Policy

The Company may amend this Policy from time to time, and any revised Policy will be posted on the Platform. Continued use of the Platform after such revision may be deemed acceptance of the revised Policy.

15. Contact

If you have any questions or concerns regarding this Policy or the Company's personal information handling practices, please contact us at:

Email: contact@txcelerator.com

16. Personal Information Protection Officer

The Company designates the following person as its Personal Information Protection Officer:

Name: Park Namchoon
Position: Director
Email: contact@txcelerator.com