Privacy Policy

1) Information collected during registration and use of basic services - Name - WhatsApp contact - Instagram account information - Email address through Google OAuth authentication 2) Information generated and collected during use of service features - Store location information - Store menu information and other store settings - Website content (text, images, descriptions, links, etc.) - Service operation records (page creation and editing logs, etc.) - Device information (browser type, OS, access IP, cookie/storage information, etc.) 3) Information collected during use of paid services and subscriptions - Payment information provided by the payment processor (card company information, payment method, payment approval/failure history, etc.) ※ The Company does not directly store sensitive payment information (full card number, CVC, etc.). 4) Information that may be automatically collected during service use - Cookies - Local Storage and Session Storage data - Service access logs and error logs - Access country, language, and usage environment

The Company processes personal data based on the following legal grounds under applicable data protection laws, including the Brazilian LGPD (Article 7): 1) Consent - Use of cookies and similar technologies for analytics - Marketing communications and promotional content - Optional integration of third-party services 2) Performance of contract - Service provision, account creation and management - Payment and subscription processing - Customer support 3) Legal obligation - Retention of tax and accounting records - Compliance with regulatory requirements - Response to lawful requests from authorities 4) Legitimate interest - Service quality improvement and security maintenance - Fraud prevention and unauthorized use detection - System performance analysis and failure recovery Members may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

1) When a member withdraws - Unless there is a separate legal obligation, data is destroyed immediately. - Local storage data exists in the member's browser and cannot be deleted by the Company. 2) Items requiring retention by law - Payment and contract records: 5 years, Consumer complaints and dispute resolution: 3 years, Advertising records: 6 months - Access records (IP Log): 6 months - Payment logs (payment success/failure records): 5 years - Other country-specific regulations follow the respective national laws. 3) In case of disputes - Retained within the necessary scope until resolution

1) The Company retains user access records in accordance with applicable laws. 2) Access log items and retention period - Login/logout time: 6 months - IP address (hashed): 6 months - Device information (User-Agent): 6 months 3) Payment log items and retention period - Payment success/failure records: 5 years - Payment amount, product name, coupon information: 5 years 4) Personal data protection - IP addresses are processed with SHA-256 hash, making original recovery impossible - Log records are used only for legal compliance purposes - Access logs are automatically deleted after 6 months, payment logs after 5 years 5) Users may request their own access and payment logs at any time.

1) Members may cancel their account at any time through the "Account Settings" menu in the service. 2) Processing procedure upon cancellation - Immediately: Personal data masking, service use suspension, subscription cancellation - After 30 days: Complete deletion of all data (including site settings, menu, and images) 3) Data with legal retention obligations - Payment records: 5 years (E-Commerce Act) - Consumer complaint records: 3 years (E-Commerce Act) 4) Recovery after cancellation - Within 30 days: Recovery possible upon login - After 30 days: Complete deletion, recovery impossible

In principle, the Company does not provide users' personal data to third parties. However, data may be provided in the following cases: 1) When necessary for service provision - Map/location-based feature providers (API Provider) - Payment processors - External services that the member has optionally integrated (WhatsApp, Instagram, etc.) - Promotion code affiliate partners (only de-identified statistics such as payment date and amount are provided; personal data such as email is never included) 2) Provision by legal requirement - When there is a legitimate request from investigative agencies, courts, or regulatory agencies ※ The processing of personal data by third parties follows the privacy policy of the respective service.

1) The Company may use cookie and storage technologies to provide service features and maintain login sessions. 2) Cookie and local storage data are stored in the member's browser and can be directly deleted or blocked by the member. 3) When cookies are blocked, some features may not function properly. 4) Third-party services (API, social networks, authentication services, etc.) may create their own cookies, and the Company cannot control them. 5) The Company does not use cookies for advertising identification or profiling purposes. 6) Essential cookies (session management, authentication) are used without prior consent as they are necessary for the basic operation of the Service. 7) Analytics cookies (Google Tag Manager, Google Analytics, etc.) are activated only after obtaining the user's prior consent.

1) Destruction procedure - Personal data is destroyed without delay after the purpose of collection and use is achieved. - When there is a legal retention obligation, data is stored separately and destroyed immediately after the mandatory period ends. 2) Destruction method - Electronic files: Permanent deletion in an unrecoverable manner 3) Information the Company cannot delete - Member's browser local storage - Cache data generated by external services - Copies retained by search engines and third-party servers

Members may exercise the following rights within the scope permitted by applicable laws. - Request for access, correction, and deletion of personal data - Withdrawal of consent for collection, use, and provision - Account cancellation - Request for explanation of automated decisions How to exercise rights: - Email: simplewebbuild@gmail.com - Account settings page within the service Processing deadline: Within 15 days of receiving the request Response format: Email or JSON data download

The Company takes the following technical and administrative measures for personal data protection: - Encryption (transmission encryption) - Minimization of access privileges - Regular system security checks - Operation of backup and recovery systems - Operation of anomalous access detection systems However, due to the nature of the internet environment, perfect security cannot be guaranteed. Response procedures in the event of a personal data security incident: - LGPD: Notify ANPD within 3 business days of becoming aware (6 business days for small-scale agents) - GDPR: Notify supervisory authority within 72 hours of becoming aware - User notification: Notify users via email without delay if there is a risk to their rights and freedoms - Notification content: Nature of the breach, scope of impact, response measures, contact information

Due to cloud server locations or service operation characteristics, some data may be processed overseas. The Company applies LGPD Standard Contractual Clauses (SCC) or equivalent safeguards to ensure adequate protection of personal data during international transfers. Services involved in international data transfers: - Google Cloud Platform (United States) — server infrastructure and data storage - Vercel (United States) — web hosting and deployment - Stripe (United States) — payment processing - MercadoPago (Argentina/Brazil) — payment processing for Latin America

Inquiries related to personal data processing, requests for access, correction, or deletion, and violation reports may be submitted through the following channels: - Email: simplewebbuild@gmail.com - Customer support channel within the service Data Protection Officer (DPO): - Name: Seungju Pyo - Email: simplewebbuild@gmail.com - Available to respond in Portuguese Brazilian National Data Protection Authority (ANPD) contact: - Website: www.gov.br/anpd - Email: anpd@anpd.gov.br - Phone: +55 (61) 2025-8101 If you are dissatisfied with the DPO's response, you may file a complaint with ANPD.

The Company may amend this Privacy Policy in accordance with changes in applicable laws or service changes. Significant changes will be applied after prior notice.