Picks Privacy Policy

momick (Business Registration No. 313-08-05038) (hereinafter "the Company") values the personal information of users of its mobile application Picks (hereinafter "the Service") and complies with applicable privacy and data protection laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, the "CCPA"), the Children's Online Privacy Protection Act ("COPPA"), and the Federal Trade Commission Act, as well as other applicable U.S. state privacy laws. The Company establishes and discloses this Privacy Policy to protect users' personal information and to handle related concerns promptly and smoothly.

Article 1 (Items of Personal Information Collected)

The Company collects and uses the following personal information for membership registration, identity verification, and service provision.

1. Items collected at registration and during profile setup
  A. Required
    - Social account identifier (the linkage identifier, such as the member number, from the provider chosen by the user among Kakao, Apple, Google, and Naver)
    - Email address (email verification)
    - Mobile phone number (SMS verification) and the country code confirmed during verification
    - Nickname
    - Date of birth

  B. Optional
    - Gender
    - Job group
    - MBTI
    - Categories of interest (up to 3)
    - Profile image
  * Job group, MBTI, categories of interest, and profile image can be entered or changed in profile settings after registration, and not entering them does not restrict use of the Service.

2. Items generated or collected during use of the Service
    - Questions, choices, votes (answers), posts, comments, and likes created by the member
    - Reports filed and blocking records
    - De-identified demographic values recorded at the time of voting for statistics (aggregate snapshots such as age group, gender, job group, and MBTI)
    - Account status, sanction history, and last login time
    - Records of service notifications received and sent
    - The withdrawal reason entered by the user when withdrawing membership
    - Whether and when the user consented (and the version consented to) for the Terms of Service, Privacy Policy, minimum-age confirmation, and marketing communications

3. Items collected automatically during use of the Service
    - Device push token and the operating system (iOS/Android) identifier used to send push notifications
    - Device language and region settings
    - Service usage records, access times, access IP information, device information, and similar data

Article 2 (Methods of Collection)

The Company collects personal information through the following methods.
  1. Direct entry by the user during registration and use of the Service
  2. Receipt from social login providers (Kakao, Apple, Google, Naver) based on the user's consent. In this case, depending on the provider and the scope of the user's consent, the social account identifier, email, name or nickname, gender, and date of birth may be provided.
  3. Automatic generation and collection during use of the Service

The Company does not sell your personal information, and does not share it for cross-context behavioral advertising.

Article 3 (Purposes of Processing)

The Company processes personal information for the following purposes and takes necessary measures, such as obtaining prior consent, if the purpose changes.
  1. Verifying intent to register, identifying and authenticating users, and maintaining and managing membership
  2. Confirming eligibility to use the Service, including whether the user meets the minimum age (13 years old in the United States)
  3. Providing and operating the Service, including questions, voting, and community features
  4. Producing and providing voting result statistics by gender, age group, job group, MBTI, and similar attributes
  5. Maintaining a safe service environment, including preventing misuse and providing report, sanction, and blocking features
  6. Sending service-related notifications, such as announcements and comment alerts
  7. Providing advertising information such as events and benefits, only to users who have consented to receive marketing communications
  8. Handling inquiries and complaints regarding use of the Service

Article 4 (Retention and Use Period)

1. As a rule, the Company destroys personal information upon membership withdrawal. However, when a user requests withdrawal, it is not processed immediately; a grace period of 7 days applies. If the user logs in again during the grace period, the withdrawal request is automatically canceled and the account is restored.

2. After the grace period (7 days), the Company destroys personal information that can identify the user, such as email, mobile phone number, nickname, date of birth, gender, job group, and MBTI, and deletes any profile image uploaded by the member.

3. Notwithstanding the above, the following information is retained for the purposes and periods set out below.
    - Identifiers to prevent fraudulent registration or re-registration: the de-identified (hashed) value of the mobile phone number is retained for 14 days after withdrawal is completed and then deleted, and the de-identified (hashed) value of the email may be retained separately to prevent fraudulent re-registration. These values are stored in an irreversible form rather than as the original personal information.
    - Withdrawal reason statistics: retained in a non-identifiable form for statistical purposes to improve the Service.
    - Consent records: the fact of consent to the Terms, Privacy Policy, and similar documents is retained to prepare for disputes and to comply with applicable laws.

4. Questions, posts, and comments created by a member may not be deleted after withdrawal in order to maintain other users' experience and the continuity of service operations. In that case, the author information is de-identified so that the individual can no longer be identified.

5. Service usage records, access logs, and access IP information are retained for up to 3 months for security and abuse-prevention purposes, and for longer where retention is required by applicable law.

Article 5 (Dormant Accounts of Long-Term Inactive Members)

The Company may convert the account of a member who has not accessed the Service for 90 days into a dormant state. Before such conversion, the Company notifies the user in advance through the notification methods registered by the user. A dormant account is restored to active status when the user logs in again.

Article 6 (Provision to Third Parties)

The Company does not provide users' personal information to outside parties beyond the scope disclosed in this Policy. The following are exceptions.
  1. Where the user has consented in advance to provision to a third party
  2. Where there is a special provision in applicable laws, or where a law enforcement or governmental agency requests it in accordance with the procedures and methods prescribed by law

Article 7 (Service Providers / Consignment of Processing)

To provide the Service smoothly, the Company engages the following service providers to process personal information on its behalf, and requires by contract that personal information be managed safely.

  - Amazon Web Services, Inc. (AWS): cloud infrastructure operation; storage of images (profile, post, and question images); sending of SMS and email for identity verification (storage region: Seoul, Republic of Korea)
  - Google LLC (Firebase Cloud Messaging): delivery of mobile push notification messages

If the content of the consigned tasks or the service provider changes, the Company will disclose it through this Privacy Policy.

Article 8 (International Data Transfers)

The Company operates the Service from the Republic of Korea. Accordingly, the personal information of users in the United States is transferred to, processed, and stored on servers located in the Republic of Korea (Amazon Web Services, Seoul region), and, for the delivery of push notifications, may be processed through Google LLC's infrastructure located in the United States. By using the Service, you understand that your personal information will be transferred to and processed in these countries, whose data protection laws may differ from those of your jurisdiction. The Company takes reasonable measures to protect your information in connection with such transfers, as described in this Policy. You may refuse the transfer associated with push notifications by turning off push notifications in your device or app settings; in that case, push notifications cannot be received.

Article 9 (Procedure and Method of Destruction)

1. Destruction procedure: The Company destroys personal information without delay once the retention period has elapsed or the purpose of processing has been achieved.
2. Destruction method: Personal information stored as electronic files is permanently deleted using technical methods that make it impossible to recover or reproduce.

Article 10 (Your Privacy Rights and How to Exercise Them)

1. Subject to applicable law, you have the right to:
    - Know and access the categories and specific pieces of personal information the Company has collected about you, the sources, the purposes, and the categories of third parties to which it is disclosed;
    - Delete personal information the Company has collected from you, subject to legal exceptions;
    - Correct inaccurate personal information;
    - Opt out of the sale or sharing of personal information. The Company does not sell your personal information and does not share it for cross-context behavioral advertising; and
    - Not receive discriminatory treatment for exercising these rights.

2. Some items (for example, date of birth and gender) may be restricted from change after registration due to the accuracy of statistics and the nature of the Service.

3. You may exercise these rights through in-app features or by contacting the Company at support.picks@gmail.com, and the Company will respond within the time required by applicable law. You may use an authorized agent to submit a request; the Company may require verification of your identity and the agent's authority.

4. The Company will not deny goods or services, charge different prices, or provide a different level of quality because you exercised your privacy rights, except as permitted by law.

Article 11 (Automated Decisions)

To maintain a sound service environment, the Company may automatically hide (blind) content when reports against it accumulate beyond a certain number of times. Users may request an explanation of, or object to, such automated processing through Customer Support, and the Company will take necessary measures in accordance with applicable laws.

Article 12 (Children's Privacy)

The Service is not directed to, and is not intended for use by, children under the age of 13. The Company does not knowingly collect personal information from children under 13, and obtains confirmation from users that they are 13 or older at registration, in accordance with the Children's Online Privacy Protection Act (COPPA). If the Company learns that it has collected personal information from a child under 13, it will restrict use of the account and delete the related information. A parent or guardian who believes the Company may have collected such information may contact support.picks@gmail.com.

Article 13 (Measures to Secure the Safety of Personal Information)

The Company takes the following measures for the safe processing of personal information.
  1. Encrypted storage of key personal information such as email, mobile phone number, nickname, date of birth, and gender
  2. Irreversible hashing of items that require search or duplicate checks
  3. Minimization and management of access privileges, and application of transport-layer encryption (HTTPS)
  4. Technical safeguards such as authentication token management and blocking of abnormal access

Article 14 (App Permissions and Opt-Out of Automatically Collected Information)

1. The Company uses the following device permissions to provide the Service, and permissions are requested when the relevant feature is used.
    - Photo library: changing the profile image and attaching images to posts or questions
    - Notifications (Push): receiving service notifications such as comment alerts and announcements
  Users may allow or deny these permissions and push notifications at any time in their device settings. However, denying certain permissions may limit the use of related features.
2. Receiving marketing communications is optional, and even users who have consented may decline at any time through the in-app settings or device settings.

Article 15 (Contact)

The Company is responsible for the processing of personal information and handles users' inquiries, complaints, and requests related to personal information.

  Contact
  - Email: support.picks@gmail.com

You may submit requests to access, delete, correct, or stop the processing of your personal information through the contact above, and the Company will respond without delay in accordance with applicable laws.

Article 16 (How to File a Complaint)

If you believe your privacy rights have been violated, you may contact the Company first at support.picks@gmail.com. You may also file a complaint with the following authorities.
  - U.S. Federal Trade Commission (FTC): reportfraud.ftc.gov / 1-877-382-4357 (1-877-FTC-HELP)
  - California residents - California Privacy Protection Agency (CPPA): cppa.ca.gov
  - California residents - Office of the Attorney General: oag.ca.gov/privacy
  - Residents of other states may contact their state Attorney General's office.

Article 17 (Changes to This Privacy Policy)

This Privacy Policy may be amended in accordance with changes in applicable laws or service policies. If the Company amends this Policy, it will announce the changes before they take effect through in-app notices or consent procedures.

Addendum
This Privacy Policy is effective as of June 21, 2026.