LIVEorDIE Privacy Policy

RISELIX (hereinafter "the Company") strictly complies with the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection of the Republic of Korea, and establishes and discloses the following Privacy Policy to protect the personal information of users and to promptly address related concerns. 1. The Company collects personal information based on the voluntary consent of users. 2. The Company does not use collected personal information for purposes other than those stated. 3. The Company protects personal information except when required by law through legitimate requests from government authorities.

1. This service is available only to users aged 14 or older. 2. The Company does not collect personal information from children under the age of 14. 3. If it is determined that a child under 14 has provided personal information, the Company will immediately delete such information and close the account. 4. If you become aware that personal information of a child under 14 has been collected, please report it to contact@riselix.com.

[Required Items] • Account creation — Email address, unique user ID • Service usage — Focus session records, challenge progress, strategy selection history, usage logs • Automatically collected — Device information (OS version, device model), app version, access logs, IP address [Optional Items] • Profile settings — Nickname, focus topic, personal goals • Social login — Name, profile image (provided by Google/Apple) [Payment-Related Items] • Paid service usage — Subscription status, purchase history, transaction ID ※ Payment information (credit card numbers, bank account details, etc.) is processed directly by Apple App Store or Google Play Store. The Company does not collect or store such information. [Methods of Collection] • In-app registration and login • Automatically generated and collected during service usage • Direct input by users • Social login (Google, Apple) • Payment processing through Apple App Store / Google Play Store

The Company uses collected personal information for the following purposes: • Service provision — Focus timer, challenge system, statistics features • Account management — User identification, login processing, account recovery • Service improvement — Usage pattern analysis, service quality enhancement, new service development • Customer support — Inquiry handling, notice delivery • Prevention of fraudulent use — Detection and prevention of unauthorized use • Payment processing — Paid service provision, subscription management, purchase history verification • Legal compliance — Retention of transaction records as required by the Electronic Commerce Act

[Principle] The Company promptly destroys personal information once the purpose of collection and use has been fulfilled. [Retention Periods] • Account information — Until account deletion (service provision) • Focus records — Until account deletion (service provision) • Fraudulent use records — 1 year after account deletion (fraud prevention) • Access logs — 3 months (Protection of Communications Secrets Act) • Payment/transaction records — 5 years (Electronic Commerce Act) • Subscription history — 5 years (Electronic Commerce Act) • Consumer dispute records — 3 years (Electronic Commerce Act) [Processing Upon Account Deletion] Personal information is immediately destroyed upon account deletion. However, information that must be retained under applicable laws (such as payment records) will be stored separately for the required period and then destroyed.

The Company does not, in principle, provide users' personal information to third parties. However, exceptions are made in the following cases: 1. When the user has given prior consent 2. When required by law 3. When necessary for service provision and the user has been informed in advance

The Company entrusts personal information processing to the following parties for service provision: • Google LLC (Firebase) — User authentication, data storage and synchronization (until account deletion) • Apple Inc. — In-app payment processing, social login (iOS) (per store policy) • Google LLC — In-app payment processing, social login (Android) (per store policy) • RevenueCat, Inc. — Subscription status management, transaction ID processing, in-app payment verification (until end of service usage or entrustment contract) • Google LLC (Gemini AI) — AI-based focus pattern analysis and insight provision (until end of service usage or entrustment contract)

The Company transfers users' personal information overseas as follows for service provision: • Google LLC (Firebase) → United States — User authentication, data storage and synchronization (in compliance with Google Privacy Policy) • Apple Inc. → United States — In-app payment processing, social login (in compliance with Apple Privacy Policy) • Google LLC → United States — In-app payment processing, social login (in compliance with Google Privacy Policy) • RevenueCat, Inc. → United States — Subscription status management, in-app payment verification (in compliance with RevenueCat Privacy Policy) • Google LLC (Gemini AI) → United States — AI-based focus pattern analysis and insight provision (in compliance with Google Privacy Policy) ※ The privacy policies of each company can be found on their respective websites.

Users may exercise the following rights: [Rights] • Right to access — Request to view one's personal information • Right to rectification — Request to correct inaccurate personal information • Right to deletion — Request to delete personal information • Right to suspend processing — Request to suspend processing of personal information [How to Exercise] • In-app: Settings > Account > Personal Information Management • Email: contact@riselix.com [Processing Period] The Company will notify users of the results within 10 days of receiving the request. [Subscription and Payment] • Subscription cancellation: Process directly through Apple App Store or Google Play Store subscription management • Payment history: Available through each store's purchase history [User Obligations] Users are responsible for managing their account information securely and must not transfer or lend their accounts to others.

[Destruction Procedure] Personal information whose purpose of collection and use has been achieved is transferred to a separate database and destroyed after a certain period according to internal policy. [Destruction Method] • Electronic files: Permanently deleted using irrecoverable methods • Paper documents: Shredded or incinerated [Retention Under Law] Information that must be retained under applicable laws such as the Electronic Commerce Act will be securely stored for the required period and then destroyed.

The Company takes the following measures to ensure the security of personal information: • Administrative measures — Establishment of internal management plans, regular employee training • Technical measures — Encryption of personal information, access control management, antivirus software installation, intrusion prevention system operation • Physical measures — Access control to server rooms and data storage facilities, minimum personnel restrictions

1. The Company does not send advertising information without the explicit prior consent of users. 2. Advertising information is not sent between 9:00 PM and 8:00 AM. 3. Advertising information clearly indicates how to opt out of receiving such messages.

1. This app is not a web-based service and does not use cookies. 2. Advertising identifiers may be refused by users through their mobile device settings.

The Company designates a Personal Information Protection Officer who oversees all matters related to personal information processing: • Name: Inhwan Kim • Position: CEO • Email: contact@riselix.com

1. This Privacy Policy is effective from the date of enforcement. 2. When changes are made due to laws or policies, the Company will notify users at least 7 days prior to the effective date through in-app notices. 3. For significant changes (30-day prior notice), individual notification will be provided via email or push notification.

If you need to report or consult regarding personal information infringement, please contact the following organizations: • Personal Information Infringement Report Center — 118 / privacy.kisa.or.kr • Personal Information Dispute Mediation Committee — 1833-6972 / kopico.go.kr • Supreme Prosecutors' Office Cybercrime Investigation Division — 1301 / spo.go.kr • National Police Agency Cyber Bureau — 182 / cyberbureau.police.go.kr