Privacy Policy – A1GAMES

Effective Date: April 1, 2025
Company Name: A1Games Co., Ltd. (the “Company”)
Official Website: https://a1gamesstudio.com

A1Games Co., Ltd. (hereinafter referred to as the “Company”) is committed to protecting the personal information of its users and complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, and relevant guidelines established by regulatory authorities.

This Privacy Policy is intended to inform users how the Company collects, uses, and protects personal information provided by users.

The Privacy Policy may be updated from time to time due to changes in relevant laws, regulations, or internal policies. In the event of any revision, such changes will be notified through the Company’s official community website (https://a1gamesstudio.com).

1. Items of Personal Information Collected and Method of Collection

The Company collects essential information required to provide basic services such as user registration, customer support, and other services. Optional information may also be collected for enhanced service offerings.

The Company does not collect unique identification numbers (e.g., resident registration numbers, passport numbers) or sensitive information (e.g., health data).

(1) Items of Personal Information Collected

a. During account registration or via third-party platform linkage:
- Login email, nickname (user-selected)
b. During service use:
- Service usage records (e.g., gameplay time, login time), access logs (IP address, MAC address), device information (device model, OS version, device ID, advertising ID), payment information (amount, method), customer support records (inquiry content, inquiry time)
c. Through event participation or customer support, with user consent:
- Email address, identity verification details, purchase history, and any other information required for support

(2) Method of Collection

Through in-game login and registration

2. Purpose of Collecting and Using Personal Information

The Company collects and uses personal information for the following purposes:

(1) Service provision and fulfillment of contracts

Delivery of content, processing of purchases and payments, refunds

(2) User management

Identity verification, prevention of fraudulent use and unauthorized access, confirmation of user registration intent, age verification, obtaining legal guardian consent for users under 14 or under 18, customer support, recordkeeping for dispute resolution, and delivery of notices

(3) Marketing and analytics

Personalized services and advertising, new service development, promotional and event announcements, service usage analytics, and tailored content provision

Marketing and promotional messages (via email or push notifications) are sent only with the user’s explicit consent. Users may opt out at any time through game settings or customer support.

3. Provision and Sharing of Personal Information

The Company uses personal information only within the scope outlined in Section 2 and does not disclose or provide such information to third parties without prior consent, except in the following cases:

When the user has given prior consent
When the user violates service terms or policies
When necessary for billing and payment processing
When prior consent is impractical due to technical or financial reasons and the information is necessary for contract fulfillment
When provided in a format that does not allow identification of individuals
When required by law or requested by law enforcement following legal procedures

The Company may store personal information overseas using cloud services such as Amazon Web Services (AWS), PlayFab, or Google Firebase. In such cases, data is securely transferred in accordance with Article 28-8 of the Personal Information Protection Act.

Country of transfer: United States and others
Transferred items: All service usage data
Retention period: Until service termination or account deletion

The Company may outsource certain tasks (e.g., customer support, payment processing) to specialized service providers. In such cases, the Company supervises and manages them in accordance with the Personal Information Protection Act.

4. Retention and Use Period of Personal Information

In principle, the Company destroys personal information without delay once the purpose of collection and use has been fulfilled. (However, to prevent damage caused by account theft, the Company retains user information for 15 days following a withdrawal request.)

In accordance with applicable laws, certain information may be retained for the periods stated below:

Records on advertisements: 6 months (E-Commerce Consumer Protection Act)
Records on contracts and withdrawals: 5 years
Records on payment and goods supply: 5 years
Records on consumer complaints and dispute resolution: 3 years
Website visit logs: 3 months (Protection of Communications Secrets Act)

Additionally, pursuant to Article 39-6 of the Personal Information Protection Act, information of users who have not used the service for over one year will be separately stored and destroyed after 4 years.

5. Procedure and Method of Personal Information Destruction

The Company promptly destroys personal information once the purpose of collection and use has been achieved.

(1) Destruction Procedure
Information entered by the user (e.g., during account registration) is retained for 15 days after withdrawal and then deleted, in accordance with the internal policy and applicable laws.

(2) Destruction Method

Data in electronic form is permanently deleted using secure technical measures to prevent recovery.
Printed documents are shredded or incinerated.

6. Rights of Users and Legal Guardians and How to Exercise Them

Users and their legal guardians may, at any time, view, modify, or withdraw consent for the collection of personal information of themselves or of children under the age of 14. Please note that withdrawal of consent (i.e., account deletion) may result in the inability to use the service, and the personal information will be processed in accordance with relevant policies.

To access or modify personal information, users may go to “Edit Personal Information” or “Account Management.” To withdraw from the service, users may click on “Delete Account,” follow the identity verification process, and proceed with access, correction, or deletion.

If a user requests correction of any inaccuracies in their personal information, the Company shall not use or provide such information until the correction is completed. If inaccurate personal information has already been provided to a third party, the Company will promptly notify the third party of the correction.

Any personal information deleted at the request of a user or legal guardian will be processed in accordance with Article 4 (Retention and Use Period), and shall not be accessed or used for any other purposes.

If the Company has a legitimate reason to refuse a user’s request to access or correct personal information, the Company shall promptly notify the user of such refusal and provide a valid explanation.

7. Use of Cookies and the Right to Refuse

To provide personalized services, the Company uses “cookies,” which are small text files stored on a user’s mobile device or PC by the server used to operate the service. These cookies are stored on the user’s device and are read by the server during future visits to provide customized services.

Cookies may be used to link user profile information and enhance personalized services. Users have the option to accept or reject cookies through the settings on their device or browser. Users may also delete stored cookies. However, rejecting cookies may limit the availability of services that require login.

8. Measures for the Protection of Personal Information

The Company implements the following technical, administrative, and physical safeguards to prevent loss, theft, leakage, alteration, or damage of users’ personal information.

However, the Company is not responsible for any issues arising from a user’s negligence (e.g., device loss) or incidents occurring outside the Company’s control. Users are strongly advised to regularly change their passwords and take extra care when using public devices to prevent personal data leakage.

(1) Technical Measures

The Company stores personal information using encryption and secure file lock mechanisms. Access and modification of personal information are allowed only after identity verification.
Secure communication protocols are used to ensure safe transmission of data over networks.
Security software is installed and regularly updated to prevent hacking, computer viruses, and data breaches. Systems are located in physically and technically restricted areas under 24/7 monitoring and protection.
Personal data is regularly backed up to prevent data loss, and antivirus software is used to protect against malware.
Access to the personal information processing system is restricted, reviewed periodically, and managed via firewalls and intrusion detection systems.

(2) Administrative Measures

Access to personal information is restricted to the minimum number of authorized personnel, including:
- Staff handling marketing, events, customer support, and delivery
- Designated personal data protection officers
- Personnel whose roles unavoidably require access to personal data
Regular training and compliance checks are conducted for those who handle personal data.
A dedicated internal data protection team establishes and manages internal policies and procedures, conducts regular audits, and takes corrective measures promptly when necessary.

(3) Physical Measures

Access control: Physical access to systems containing personal information is restricted through access control procedures.
Document security: Hard copies and external storage devices containing personal information are stored in locked and secure locations.

9. Linked Websites

This Privacy Policy does not apply to third-party websites linked from the Company’s services. The Company does not control such external websites or their content, and is not responsible for their privacy policies or practices. Users should review the privacy policies of any linked websites to avoid potential losses or damages. The Company assumes no liability for any issues arising from visiting such external sites.

10. Inquiries Regarding Personal Information

The Company designates the following personnel as the Personal Information Protection Officer to handle user inquiries and complaints related to personal data.

Users may contact the responsible department below for any issues related to personal information while using the Company’s services. The Company will make every effort to respond promptly and accurately.

Personal Information Protection Department

Contact: Ryongku Kang
Email: a1games.cs@gmail.com

For additional assistance regarding privacy violations, you may contact the following agencies:

Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
Korea Internet & Security Agency (KISA): 02-550-9531~2 (eprivacy.or.kr)
Cyber Bureau of the National Police Agency: 182 (cyberbureau.police.go.kr)
Cyber Crime Investigation Division of the Supreme Prosecutors’ Office: 02-3480-2000 (spo.go.kr)

11. Duty of Notification

This Privacy Policy may be revised in accordance with changes to laws, regulations, or internal policies. Any additions, deletions, or modifications will be notified at least seven (7) days in advance through the Company’s official community site.