Article 1 (Personal Information Collected)

The Service collects the following personal information: Required Information: • Email address: For login and identity verification • Name: For display within the Service Automatically Collected Information: • IP address, browser information, access time • Service usage records When integrating with AWS: • AWS Account ID: For usage tracking and preventing duplicate connections • AWS IAM Role ARN: For AWS resource access • External ID: IAM Role security identifier • AWS Region information: Service delivery region • S3 Bucket Name: For email template image storage (optional)

Article 2 (Purpose of Collection)

Collected personal information is used for the following purposes: 1. Registration and Management: Identity verification, account management 2. Service Delivery: AWS SES integration, email sending, statistics provision 3. Customer Support: Inquiry response, feedback processing 4. Service Improvement: Usage statistics analysis, quality enhancement 5. Security: Fraud prevention, abnormal activity detection

Article 3 (Retention Period)

Personal information is destroyed without delay once the collection purpose is achieved: • User information: Immediately destroyed upon account deletion • AWS Account ID: Retained for 30 days after account deletion to prevent abuse and duplicate registrations, then destroyed • Service usage records: Destroyed within 30 days after account deletion • Payment information: Retained for 5 years per applicable laws, then destroyed However, information may be retained for the required period if mandated by law: • E-Commerce Act: Contract and withdrawal records for 5 years • Telecommunications Privacy Act: Access records for 3 months

Article 4 (Third-Party Disclosure)

The Service does not provide users' personal information to third parties in principle. However, exceptions apply in the following cases: 1. When users have given prior consent 2. When requested by law enforcement under applicable laws 3. When necessary for service provision (e.g., payment processing) Users will be notified and consent will be obtained before any third-party disclosure.

Article 5 (Processing Delegation)

The Service delegates personal information processing as follows for smooth service operation: • Supabase: User data storage and authentication • Paddle: Payment processing (Merchant of Record handling payments and tax compliance) Delegated companies process personal information only within the scope of the delegation purpose, and the Service manages and supervises them to ensure secure processing.

Article 6 (User Rights)

Users may exercise the following rights: 1. Request to view personal information 2. Request to correct personal information 3. Request to delete personal information 4. Request to suspend personal information processing Rights can be exercised through the settings menu within the Service or by contacting customer support. Personal information is deleted upon account withdrawal. However, AWS Account ID is retained for 30 days to prevent abuse before being destroyed.

Article 7 (Security Measures)

The Service implements the following measures to protect personal information: Technical Measures: • Encrypted data transmission (HTTPS/TLS) • Encrypted password storage • Access control management • Security vulnerability checks Administrative Measures: • Minimization of personnel handling personal information • Personal information protection training • Internal management plan establishment

Article 8 (Cookie Usage)

The Service uses cookies for the following purposes: 1. Login session maintenance 2. User preference storage (language, theme, etc.) 3. Service usage analysis Cookies can be rejected through browser settings, but some services may be restricted.

Article 9 (Privacy Officer)

For privacy-related inquiries, please contact: • Email: support@sesmgr.com For reports or consultations regarding privacy violations: • Korea Internet & Security Agency (KISA): privacy.kisa.or.kr • Personal Information Dispute Mediation Committee: www.kopico.go.kr

Article 10 (Policy Changes)

When this Privacy Policy is changed, users will be notified through in-service announcements or email. The revised policy will take effect 7 days after the announcement. However, for changes that significantly affect user rights, notice will be given 30 days in advance.