Privacy Policy Article 1 (General Provisions and Scope) AllTheTime Co., Ltd. (“Company”) complies with applicable privacy laws (including the Korean Personal Information Protection Act (PIPA)) and aligns with international standards (e.g., GDPR/CCPA) where relevant. This Policy applies to: (i) the ALLTHETIME mobile app and web services, (ii) BLE smart trackers and connected devices, and (iii) related or ancillary features the Company provides. If this Policy is updated, the Company will notify users at least 7 days in advance (30 days for material changes). Continued use after the effective date constitutes acceptance. Article 2 (Personal Information We Collect and How We Collect It) We collect only what is necessary to provide and improve the service. 1) Account & Basic Services: email (or social login ID such as Apple/Kakao/Google), password, display name, country/language, usage records, access logs, device info (model/OS), and IP address. 2) Location-Based Features: real-time location (GPS, Wi‑Fi, Bluetooth beacons, cell towers), travel routes and time-based patterns, and logs such as SOS button usage and theft/intrusion alerts. 3) Optional AI Features: with your separate consent, user‑submitted incident/consultation content (text/voice), time/location/context, chat logs, and other data needed to improve AI features. 4) Payments: minimum payment information provided by payment processors and purchase history necessary for processing and refunds. Article 3 (Purposes of Use) We use personal information only to: (i) register and authenticate accounts, (ii) provide location-based safety services and other functions, (iii) deliver notices and support, (iv) prevent misuse and ensure security, (v) improve services and develop new features including AI, (vi) process payments, and (vii) comply with law and resolve disputes. We do not use personal information for any other purpose without consent. Article 4 (Third‑Party Sharing and Vendor Processing; International Transfers) 1) Third‑Party Sharing (Principle): We do not share personal information with third parties without consent, except as required by law or valid legal process. 2) Vendors (Processors): We may engage specialized vendors (e.g., cloud hosting, analytics/ads, email/push providers, customer support) under contracts that require appropriate security and confidentiality. Data shared is limited to what is necessary and retained only for the contract or statutory period. 3) International Transfers: If data is transferred overseas (e.g., to global cloud providers), we will inform users of the destination, timing/method, and retention period, and obtain consent where required. Transfers follow applicable laws and safeguards (e.g., GDPR SCCs). Article 5 (Retention and Destruction) We keep personal information only for as long as needed to fulfill the stated purposes or as required by law. When no longer needed, electronic data is irreversibly deleted and paper records are shredded/incinerated. If a user withdraws consent, we stop processing and destroy the data except where retention is legally required or strictly necessary to provide the service. Article 6 (Your Rights and How to Exercise Them) You may request access, correction, deletion, or suspension of processing; check uses and recipients; and withdraw consent at any time via in‑app settings or customer support. We will process requests promptly unless another law requires retention or the data is essential for service provision. Article 7 (Cookies and Similar Technologies) We may use cookies and similar technologies to collect device/connection info, usage patterns, and telemetry to personalize content, improve quality, and enhance security. You can reject cookies in device/browser settings; some features may be limited. If cookie data constitutes personal information, we will comply with applicable consent rules (e.g., GDPR/PECR). Article 8 (Security Measures and Incident Response) We apply encryption, access controls, firewalls/IDS, and monitoring; minimize authorized personnel; conduct regular training and audits; and supervise vendors. If a security incident occurs, we will take prompt protective measures and notify affected users as required by law. Article 9 (Policy Changes and Notice) We handle privacy complaints in good faith and respond within a reasonable period. If this Policy changes, we will post the effective date and notify in advance as stated above. Article 10 (Data Protection Officer and Contact) For privacy inquiries, requests to exercise rights, or complaints, contact: • Email: support@theguideforu.com We will respond within a reasonable period as required by applicable law. Users may also lodge a complaint with a data‑protection supervisory authority in their country of residence.