This “KOKONUT Terms of Service” (hereinafter referred to as the “Terms”) governs the rights and obligations of users who become members (hereinafter referred to as “Members”) of the KOKONUT service (hereinafter “KOKONUT”), provided by the company (hereinafter the “Company”), as well as the rights and obligations of KOKONUT, the conditions and procedures for service use, and other relevant matters.
Please ensure you are familiar with these terms when signing up to avoid any inconvenience.

Article 1 [Purpose of the Terms]
These Terms stipulate the conditions and procedures for using the app services and related services provided by KOKONUT, the rights, obligations, and responsibilities of Members and the Company, and other necessary matters.

Article 2 [Posting and Amendment of the Terms]
1. The Company posts these Terms on its website or app in a way that allows applicants (hereinafter “Applicants”) to easily view them during the registration process. The Terms take effect upon approval of membership.
2. The Company may revise these Terms as needed, within the scope not violating relevant laws such as the Act on the Regulation of Terms and Conditions and the Act on Promotion of Information and Communications Network Utilization and Information Protection. In such cases, the Company shall notify members at least 7 days in advance via the method mentioned in Paragraph 1, stating the changes, effective date, and reasons for revision.
3. If a Member does not explicitly express refusal by the effective date after the Company has notified about the revised Terms, the Member shall be deemed to have agreed to the revised Terms. However, the Member may explicitly express refusal and terminate the service agreement before the effective date.

Article 3 [Membership and Service Agreement]
1. An Applicant becomes a Member by agreeing to the Terms, registering a unique account and UID (user ID), password, email address, and personal information (name, date of birth, address, contact details, etc.), and receiving approval from the Company.

Article 4 [Precautions When Using the Service]
1. If a user logs in by entering credentials matching those approved by the Company, all actions taken during the session are considered to be made with the Member’s genuine intent and are recorded in the system.
2. The Company grants Members only the right to use the service under specified conditions. This right, any obligations or claims with the Company, or contractual status cannot be transferred, lent, gifted, or used as collateral to others. The Company bears no responsibility for damages arising from such actions.
3. Although the Company strives to provide services 24/7, temporary interruptions may occur due to maintenance, telecommunications issues, or other reasonable causes. In such cases, prior notice will be given. In unavoidable cases, notice will follow once the service is restored.
4. If a Member causes damage to the Company through illegal acts, the Company may claim legal compensation.
5. Due to contract termination or changes with partner companies or new service launches, the content of the service may change or end.
6. Recently, crimes such as smishing and pharming involving cryptocurrencies have increased. While the Company prioritizes security, many incidents are due to Members’ careless management of login information, Wi-Fi hacking, or personal data leaks via cloud services. Members are strongly encouraged to follow the Company’s security policies.

View status of third-party personal data provision
Destruction of personal data
How and when is the collected personal data destroyed?
Personal data is destroyed without delay after the purpose of collection is fulfilled.
However, data that must be retained under relevant laws is stored for the legally required period before destruction. Separately stored data will not be used for other purposes unless legally permitted.
Electronic files are permanently deleted using technical methods, and printed materials are shredded or incinerated.
Long-term inactive users’ data is managed as follows:
• “Inactive users” are those who have not used the service for 1 year.
• Their data is separated into a secure DB.
• Inactive users may request reactivation of their accounts.

Other information
User rights are protected as follows:
1. Users may view and edit their personal information at any time.
• Company App: Menu > My Page
2. Users may withdraw consent or request account termination at any time.
3. The Company does not collect personal data from children under 14. However, legal guardians may exercise rights under the law (access, correction, deletion, processing suspension, etc.).
4. During requests for correction or suspension, personal data will not be used or shared until the changes are complete. If already shared, the recipient will be notified.
5. Requests regarding access, correction, suspension, consent withdrawal, or contract termination may be made via the customer center by the user or legal guardian, and the Company will respond promptly.
6. Users are responsible for keeping their personal data up to date. Issues arising from incorrect entries are the user's responsibility.
7. Using someone else’s personal information to register or access the service may lead to disqualification and legal consequences.
8. Users are responsible for securing their personal info, passwords, and authentication credentials and must not transfer or lend them to others.
To protect users’ personal information, the Company makes the following efforts:
User information is encrypted.
The Company uses encrypted communication channels and stores sensitive data like passwords in encrypted form.
The Company strives to protect against hacking and viruses.
Systems are installed in restricted access zones and monitored 24/7. Antivirus programs are updated regularly, and new security technologies are researched and applied.
Access to personal data is minimized.
Access control standards are established for data systems and employees handling personal data, with regular audits.
Employees are trained regularly.
All staff receive ongoing training on data protection and security.
A dedicated data protection team is operated.
The Company appoints the following person responsible for data protection and to handle user inquiries and complaints.

Personal Data Protection Officer
• Officer: Joseph Kim
• Contact: kokonut.arts@gmail.com

Additional Policies
Any additions, deletions, or changes will be announced at least 7 days before enforcement through notices in the app. Important changes affecting user rights or obligations will be announced at least 30 days in advance.

Effective Date of Privacy Policy: July 1, 2025

KOKONUT (hereinafter referred to as the "Company") values customers' personal information and has the following privacy policy. The Company complies with the “Act on Promotion of Information and Communications Network Utilization and Information Protection” and informs customers of how their information is used and what measures are taken for protection.

1. Items of Personal Information Collected and Collection Methods
The Company collects personal information for membership registration, service provision, and customer support. It may also request personal information for surveys, statistical analysis, or prize delivery. Sensitive information (e.g., race, beliefs, origin, political opinions, criminal records) is not collected unless necessary, and in such cases, prior consent is obtained. The collected information is only used for the stated purposes.
Collected personal information includes:
1) Required items
- Individual members: Name, email address, mobile number, nationality
2) Collection methods
- Website, App

2. Purpose of Collecting and Using Personal Information
The Company collects personal information for the following purposes:
1. Marketing and Advertising
- Development and customization of new services, demographic-based service and ad targeting,
analysis of usage patterns and statistics, promotional event communications

3. Consent to Collection of Personal Information
The Company obtains user consent for collecting personal information during the registration process by including a consent step for Terms and Privacy Policy. Checking the [Agree to Terms and Policy] box indicates consent.

4. Provision and Sharing of Personal Information
To provide better services, the Company may share information with Genggem (genggem.com), Genggem Shop (genggem.com/shop), Genggem App, and affiliated stores. Shared information includes personal identifiers (name, contact info, email), and is used only for service and marketing purposes.
The Company will not use or disclose information beyond the stated purposes without prior consent, except in the following cases:
1. If the user has given prior consent
2. If required by law or for investigations in accordance with legal procedures

5. Retention and Use Period of Personal Information
The Company retains and uses members’ personal information while they use the service. In the case of contract termination, information may be stored for 1 year to prevent abuse, disputes, or support investigations.
Where required by law, information will be stored only for the specified periods and used solely for those purposes:
a. Internal policy:
- Reason: Dispute prevention and investigation cooperation
- Period: 1 year
b. Legal requirements:
1. Records related to customer complaints/disputes
- Reason: Consumer Protection Act
- Period: 3 years
2. Visit history
- Reason: Information and Communications Network Act
- Period: 3 months

6. Disposal of Personal Information
The Company promptly destroys personal data after the purpose of use has been fulfilled or the retention period has expired.
Inactive users (no activity for 1 year) have their data separated and securely stored until deleted. Such data is never used for any other purposes.
Data is destroyed using methods that ensure it cannot be restored:
1. Procedure
Data is stored for a period as required, then destroyed based on internal policy and legal requirements.
2. Method
Printed data: Shredded or incinerated
Electronic files: Deleted using technical methods to prevent recovery

7. Cookies and Automatic Data Collection
Cookies are small data files sent from servers to users’ browsers and stored on their computers. The Company uses cookies to analyze usage patterns and provide personalized services.
Users can manage cookie preferences through browser settings, including allowing all, being notified, or rejecting all cookies. Note that rejecting cookies may limit service availability.

8. Technical and Managerial Protection Measures
Users’ data is protected by passwords. Only users know their passwords, which are required for data changes. Do not share your password. Log out and close the browser after use, especially on shared/public computers. The Company is not responsible for personal data leaks caused by user negligence or internet issues.
The Company’s protection measures include:
1. Firewalls and security systems
2. SSL encryption for data transmission
3. Restricted access to data for authorized personnel only
4. Regular staff training
5. Access logs of systems maintained and monitored
6. Safeguards during data printing or copying

9. Personal Information Manager
If you have feedback regarding the policy, email us and we will respond promptly.
Manager: Yongshik Bae
E-mail: contact@nproject.com
For complaints or counseling, contact the following organizations:
1. Personal Information Dispute Mediation Committee: 02-2100-2499 (https://www.kopico.go.kr/)
2. Privacy Infringement Report Center: 118 (http://privacy.kisa.or.kr)
3. Supreme Prosecutors’ Office Cyber Investigation: 02-3480-3571 (http://www.spo.go.kr/)
4. National Police Agency Cyber Bureau: 1566-0112 (http://www.netan.go.kr)

10. Customer Service
For inquiries, contact our support via email:
Business Hours: Weekdays 10:00–19:00 (Closed on weekends and public holidays)
E-mail: contact@nproject.com

11. Supplementary Provisions
This policy replaces the previous privacy policy.
Changes to the policy will be announced on the site at least 7 days in advance.

Effective Date of Privacy Policy: july 1, 2025