Privacy Policy

MZS Studio (hereinafter referred to as the "Company") processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures such as obtaining separate consent will be implemented in accordance with Article 18 of the 「Personal Information Protection Act」. A. Service Provision - Provision of website creation services, drafting and sending of contracts, identity verification, fee settlement according to service provision B. Customer Inquiry Response - Confirmation of inquiries, contact/notification for fact-finding, notification of processing results C. Marketing and Advertising Utilization (Upon optional consent) - Information on new services, provision of event and advertising information D. AI-based Estimate and Recommendation Service - Calculation of customized estimates and recommendation of services through analysis of user requirements

The Company processes the following personal information items. A. Service Usage and Inquiry Reception - Required items: Name, Email address - Optional items: Contact number, Company name/Brand name, Budget range B. Information automatically created and collected during the process of using Internet services - IP address, cookies, MAC address, service usage records, visit records, bad usage records, etc. C. Behavioral Information - Website visit and usage patterns, user behavior such as clicks/scrolls, advertising identifiers

① The Company processes and retains personal information within the personal information retention/usage period according to laws and regulations or the personal information retention/usage period agreed upon when collecting personal information from the data subject. ② The processing and retention period for each personal information is as follows. A. Related to Service Provision - Retention period: Until the service usage contract or membership withdrawal - However, in the case of the following reasons, until the termination of the relevant reason · Records on contract or withdrawal of subscription, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.) · Records on payment and supply of goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.) · Records on consumer complaints or dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce, etc.) · Records on display/advertising: 6 months (Act on Consumer Protection in Electronic Commerce, etc.) · Books and evi-dentiary documents relating to all transactions prescribed by the Tax Act: 5 years (Framework Act on National Taxes) B. Website Visit Records - Retention period: 3 months (Protection of Communications Secrets Act)

① The Company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the purpose of processing. ② If the personal information must be preserved in accordance with other laws and regulations even though the personal information retention period agreed upon by the data subject has elapsed or the purpose of processing has been achieved, the personal information is moved to a separate database (DB) or the storage place is changed to preserve it. ③ The procedure and method for destroying personal information are as follows. A. Destruction procedure: The Company selects the personal information for which the reason for destruction occurred and destroys the personal information with the approval of the Company's Personal Information Protection Officer. B. Destruction method: Information in the form of electronic files uses a technical method that cannot reproduce the record. Personal information printed on paper is destroyed by shredding with a shredder or by incineration.

① The Company processes the personal information of the data subject only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only if it falls under Articles 17 and 18 of the 「Personal Information Protection Act」, such as the consent of the data subject and special provisions of the law. ② The Company does not currently provide personal information to third parties.

① The Company consigns personal information processing tasks as follows for smooth personal information processing. Trustee | Contents of consigned work Amazon Web Services, Inc. | Cloud server operation and data storage Cloudflare, Inc. | Website security and CDN service Channel Corp. (Channel Talk) | Customer consultation service ② When concluding a consignment contract, the Company specifies matters regarding responsibilities such as prohibition of personal information processing other than the purpose of performing consigned work, technical/managerial protection measures, restriction on re-consignment, management/supervision of the trustee, and compensation for damages in documents such as the contract in accordance with Article 26 of the 「Personal Information Protection Act」, and supervises whether the trustee processes personal information safely.

The Company transfers personal information overseas as follows to provide services. A. Amazon Web Services, Inc. - Recipient: Amazon Web Services, Inc. - Country to be transferred: USA - Transfer date and method: Transmission via network when using the service - Personal information items transferred: Service usage records, IP address, cookies - Purpose of use by the recipient: Cloud server operation and data storage - Retention and usage period by the recipient: Until the end of the service usage contract or the end of the consignment contract - Contact: aws-korea-privacy@amazon.com B. Cloudflare, Inc. - Recipient: Cloudflare, Inc. - Country to be transferred: USA - Transfer date and method: Transmission via network when using the service - Personal information items transferred: IP address, access logs - Purpose of use by the recipient: Website security and CDN service - Retention and usage period by the recipient: Until the end of the consignment contract - Contact: privacyquestions@cloudflare.com C. Google LLC (Google Analytics) - Recipient: Google LLC - Country to be transferred: USA - Transfer date and method: Transmission via network when using the service - Personal information items transferred: Cookies, access records, behavioral information - Purpose of use by the recipient: Website usage statistical analysis - Retention and usage period by the recipient: According to Google's Privacy Policy - Contact: https://support.google.com/policies/contact/general_privacy_form ※ The data subject may refuse the overseas transfer of personal information, and if refused, use of some services may be restricted.

The Company is taking the following measures to ensure the safety of personal information. A. Minimization and Training of Employees Handling Personal Information - We are implementing measures to manage personal information by designating employees who handle personal information and limiting them to the person in charge to minimize them. B. Restriction of Access to Personal Information - We are taking necessary measures to control access to personal information through granting, changing, and canceling access rights to the database system that processes personal information, and we are controlling unauthorized access from outside using an intrusion prevention system. C. Storage of Access Records and Prevention of Forgery - We keep and manage records of access to the personal information processing system for at least 1 year. D. Encryption of Personal Information - The user's personal information is stored and managed with the password encrypted, so only the user can know it, and important data uses separate security functions such as encrypting files and transmitted data or using a file lock function.

① The Company uses 'cookies' that store and retrieve usage information from time to time to provide individualized customized services to users. ② Cookies are a small amount of information sent by the server (http) used to operate the website to the user's computer browser and are also stored on the hard disk within the user's PC computer. A. Purpose of use of cookies: It is used to provide optimized information to users by understanding the visit and usage type, popular search terms, secure connection status, etc. for each service and website visited by the user. B. Installation, operation and rejection of cookies: You can refuse to store cookies through the option setting of the Tools > Internet Options > Privacy menu at the top of the web browser. - Chrome: Settings → Privacy and security → Cookies and other site data - Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data - Safari: Preferences → Privacy → Cookies and website data C. If you refuse to store cookies, you may experience difficulties in using customized services.

The Company allows third parties to collect and use user's behavioral information as follows. A. Google Analytics (Google LLC) - Behavioral information items collected: Website visit history, page views, duration of stay, inflow path, device information - Collection method: Cookies and JavaScript code - Collection purpose: Website usage statistical analysis and service improvement - Retention and usage period: According to Google's Privacy Policy - How to refuse: Install Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout) B. Meta Pixel (Meta Platforms, Inc.) - Behavioral information items collected: Website visit history, page views, conversion events, device information - Collection method: Cookies and pixel code - Collection purpose: Advertising effectiveness measurement and customized advertising provision - Retention and usage period: According to Meta's Privacy Policy - How to refuse: Disable in Facebook Ad Settings (https://www.facebook.com/settings?tab=ads) C. Microsoft Clarity (Microsoft Corporation) - Behavioral information items collected: Clicks, scrolls, mouse movements, page duration - Collection method: Cookies and JavaScript code - Collection purpose: User behavior analysis and UX improvement - Retention and usage period: According to Microsoft's Privacy Policy - How to refuse: Block in browser cookie settings D. Channel Talk (Channel Corp.) - Behavioral information items collected: Chat history, page visit history, device information - Collection method: Cookies and JavaScript code - Collection purpose: Customer consultation service provision and consultation quality improvement - Retention and usage period: According to Channel Talk's Privacy Policy - How to refuse: Withdraw consent for personal information collection in Channel Talk widget

① The data subject can exercise the rights related to personal information protection against the Company at any time. A. Request for access to personal information B. Request for correction if there are errors, etc. C. Request for deletion D. Request for suspension of processing E. Request for refusal and explanation of automated decisions ② The exercise of rights pursuant to Paragraph 1 may be made to the Company in writing, by e-mail, by facsimile transmission (FAX), etc. in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the 「Personal Information Protection Act」, and the Company will take action without delay. ③ The exercise of rights pursuant to Paragraph 1 may be done through an agent such as the legal representative of the data subject or a person who has been delegated. In this case, you must submit a power of attorney according to Form No. 11 of the "Notice on Personal Information Processing Methods". ④ Requests for access to personal information and suspension of processing may be restricted by Article 35 Paragraph 4 and Article 37 Paragraph 2 of the 「Personal Information Protection Act」. ⑤ Requests for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws and regulations. ⑥ The Company verifies whether the person who made the request, such as a request for access, a request for correction/deletion, or a request for suspension of processing according to the rights of the data subject, is the person himself/herself or a legitimate agent.

① The Company performs automated decisions as follows. A. AI-based Estimate Calculation: AI analyzes project requirements entered by the user to automatically calculate an estimated quote. B. Customized Service Recommendation: AI recommends suitable service packages according to the user's requirements and budget. ② The data subject can exercise the following rights regarding automated decisions. A. Refusal of automated decision: The right not to be subject to automated decisions B. Request for explanation: The right to request an explanation of the criteria and results of the automated decision C. Request for review: The right to request a review by the person in charge regarding the result of the automated decision ③ If you wish to exercise the above rights, please contact the Personal Information Protection Officer below. ※ Automated decisions are for reference only, and the final estimate and service contents are confirmed through consultation with the person in charge.

① The Company designates a Personal Information Protection Officer as follows to be responsibly in charge of tasks related to personal information processing and to handle complaints and remedy damages of data subjects related to personal information processing. ▶ Personal Information Protection Officer - Name: Yutaek Oh - Position: CEO - Email: invisibleworks.office@gmail.com ② The data subject may inquire about all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the Company's service (or business) to the Personal Information Protection Officer. The Company will answer and handle the data subject's inquiries without delay.

The data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the KISA Personal Information Infringement Report Center, etc. in order to receive relief due to personal information infringement. For other reports and consultations on personal information infringement, please contact the following organizations. A. Personal Information Dispute Mediation Committee: (No area code) 1833-6972 (www.kopico.go.kr) B. Personal Information Infringement Report Center: (No area code) 118 (privacy.kisa.or.kr) C. Supreme Prosecutors' Office: (No area code) 1301 (www.spo.go.kr) D. National Police Agency: (No area code) 182 (ecrm.cyber.go.kr) A person who has been infringed on rights or interests due to a disposition or omission made by the head of a public institution regarding a request under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction/Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the 「Personal Information Protection Act」 may file an administrative appeal as prescribed by the Administrative Appeals Act.

This Privacy Policy applies from January 27, 2026. - Effective Date: January 27, 2026 - Changes: Addition of overseas transfer, third-party behavioral information collection, and automated decision clauses - Previous Version: January 27, 2026 (Initial implementation)