Article 1 (Purpose and Scope of Application)
TSBT Company Co.,Ltd. (hereinafter the "Company") values users' personal information and complies with applicable laws and regulations. This Privacy Policy (hereinafter this "Policy") provides information on the items of personal information collected by the Company in connection with the website www.lemoninspect.com (hereinafter the "Site") and the LemonInspect AI-based vehicle diagnosis and history report service (hereinafter the "Service"), the purposes of collection, use, retention and destruction, provision to third parties, and overseas transfers.
This Policy applies to all users worldwide and complies with the mandatory provisions of the following jurisdictions:
- Republic of Korea — Personal Information Protection Act (PIPA) and related laws and regulations
- United Arab Emirates (UAE) — Federal Decree-Law No. 45/2021 (UAE PDPL)
- Saudi Arabia — Personal Data Protection Law (PDPL, Royal Decree M/19) and SDAIA regulations
- European Economic Area (EEA) — General Data Protection Regulation (GDPR) *(where EEA residents use the Service)*
If the laws of the jurisdiction of residence grant rights greater than the rights specified in this Policy, such local laws shall prevail.
This Policy applies together with the following supplemental policies: Terms of Service, Disclaimer, Refund and Cancellation Policy, Cookie Policy.
Article 2 (Legal Basis for Processing Personal Information)
The Company processes personal information on the following legal bases:
- Performance of a contract: generation and provision of reports to provide the Service
- Consent: processing based on the user's explicit consent (submission of images, recorded data, etc.)
- Legal obligations: performance of obligations under tax laws, commercial laws, e-commerce laws, etc.
- Legitimate interests: service security, fraud prevention, service improvement
For EEA users, with respect to processing based on "legitimate interests," the Company maintains a documented legitimate interests assessment (LIA), and users may object to such processing at any time pursuant to Article 21 of the GDPR.
Article 3 (Items of Personal Information Collected)
3.1. Account Information (Provided Directly by Users)
| Item | Purpose of Collection | Required/Optional | Legal Basis |
|---|---|---|---|
| Email address | Account creation, authentication, purchase receipts, service notices | Required | Performance of contract / Consent (PIPA Article 15) |
| Password (hashed) | Account security | Required | Performance of contract |
| Name/nickname | Account identification | Required | Performance of contract |
| Phone number | Account recovery, customer support | Optional | Consent |
| Account type (individual/business) | Determination of applicable terms, verification of legal status | Required | Legitimate interests / Performance of contract |
| Company name and business registration number (business members) | Verification of business account, issuance of tax invoice | Conditionally required | Performance of contract / Legal obligation |
3.2. Vehicle Data (Provided by User or Derived)
| Item | Purpose of Collection | Required/Optional | Legal Basis |
|---|---|---|---|
| VIN | Vehicle identification, history inquiry, report generation | Required | Performance of contract |
| Vehicle photos/images | AI exterior condition diagnosis (Vision AI — Core C, when the applicable feature is provided) | Optional | Performance of contract / Consent |
| Voice recordings such as engine sounds | AI acoustic diagnosis (Sound Engine — Core B) | Optional | Performance of contract / Consent |
| OBD-II diagnostic data | Diagnostic trouble code (DTC) analysis, readiness monitor evaluation (when the applicable feature is provided) | Optional | Performance of contract / Consent |
| Vehicle specifications (manufacturer, model, model year, trim) | Report generation, repair cost estimation, safety rating inquiry | Required | Performance of contract |
⚠️ Notice regarding VIN: A vehicle identification number (VIN) is vehicle identification information and is not direct personal identification information. However, because it may identify a specific individual when combined with registration records, the Company manages VINs in a manner equivalent to personal information.
3.3. Transaction Information
| Item | Purpose of Collection | Required/Optional | Legal Basis |
|---|---|---|---|
| Purchase history | Service provision, customer support, analysis | Required | Performance of contract |
| Payment method (last 4 digits of card only) | Transaction identification, refund processing | Required | Performance of contract |
| Report version and access records | Report provision, 30-day reuse for the same VIN, re-viewing, management of eligibility for corrective access, dispute evidence | Required | Performance of contract / Legitimate interests |
| Credit transaction records | Credit top-up and deduction, management of unused credit validity period, prevention of duplicate billing, refund or credit restoration | Required | Performance of contract / Legal obligation |
| Tax invoice information | Business billing, tax compliance | Conditionally required | Legal obligation (Framework Act on National Taxes, Value-Added Tax Act) |
Note: Full payment card information (card number, CVV, expiration date) is not stored by the Company. All payment processing is performed by third-party payment gateway providers (PG providers) certified under PCI-DSS.
3.4. Automatically Collected Information
| Item | Purpose of Collection | Required/Optional | Legal Basis |
|---|---|---|---|
| IP address | Security, fraud prevention, consent logs, regional determination | Automatic | Legitimate interests |
| Browser type and version | Service compatibility, analysis | Automatic | Legitimate interests |
| Device type and operating system | Service optimization | Automatic | Legitimate interests |
| Pages visited and dwell time | Service improvement, analysis | Automatic | Legitimate interests / Consent (cookies) |
| Consent interaction logs | Legal compliance, dispute evidence | Automatic | Legal obligation / Legitimate interests |
| Timestamp (UTC) | Audit trail, consent records | Automatic | Legal obligation |
| Report reference date, viewing time, VIN request logs | Report version management, application of 30-day reuse policy, management of corrective access for undetermined items, prevention of unauthorized use | Automatic | Performance of contract / Legitimate interests |
Automatic collection devices such as cookies. The Company uses automatic collection devices such as cookies, local storage, and pixels. For details, please refer to the Cookie Policy.
3.5. Information Not Collected
The Company does not collect the following information:
- Statutory unique identifiers such as resident registration numbers, passport numbers, and driver's license numbers
- Biometric information (fingerprints, facial recognition)
- Health or medical information
- Financial account numbers (bank accounts, full credit card numbers)
- Precise location information other than approximate IP-based location
- Information of persons under the age of 18 (provided, however, that for members residing in Korea, minors under the Civil Act (under the age of 19) may sign up only if they have obtained consent from a legal representative, and for persons under the age of 14, explicit consent from a legal representative is mandatory pursuant to Article 22 of the Personal Information Protection Act — see Article 11)
Article 4 (Purposes of Use of Personal Information)
| Purpose | Data Used |
|---|---|
| Service provision — generation of vehicle inspection assistance and history reports, granting access rights to existing report versions and managing re-viewing | Account, vehicle, transaction information |
| AI-based inspection assistance processing — execution of LemonInspect inspection assistance engine analysis | Vehicle information (audio, VIN, and images and OBD-II when the applicable features are provided) |
| Report version and corrective access management — application of the 30-day reuse policy for the same VIN, recording of report reference date, management of corrective access eligibility for undetermined items | Account, vehicle, transaction, technical information |
| Payment processing — purchase processing, issuance of receipts, refunds | Account, transaction information |
| Compliance with legal obligations — maintenance of consent records, response to legal requests, tax reporting | All |
| Dispute resolution — chargeback defense, provision of evidence for arbitration proceedings | Account, transaction, technical information |
| Service improvement — analysis of usage patterns, improvement of AI accuracy (de-identified/aggregated processing) | Technical, usage information |
| Communications — purchase confirmations, service updates, notices of policy changes | Account (email) |
| Security — fraud detection, prevention of unauthorized access | Technical, account information |
The Company does not use personal information for the following purposes:
- Selling personal information to third parties
- Advertising profiling or behavior-based targeting
- Automated decision-making with legal effect (AI-based inspection assistance analysis is for reference information only)
4.1. AI Model Training Data Policy
The Company may use de-identified and aggregated diagnostic data (after removing personal identification information, VIN, and location information) to improve AI model accuracy and develop new diagnostic features. However:
- Original images, voice recordings, and raw diagnostic data submitted by users are not directly used for AI model training without separate explicit opt-in consent
- If an opt-in program for contributing training data is introduced in the future, participation will be entirely voluntary and will not affect service provision or fees
- De-identified statistical patterns (e.g., "timing chain wear signals detected in X% of 2019 Genesis G80 vehicles") may be derived from aggregated data without personal attribution
Article 4-2 (Notification of Personal Information Breach)
In the event of a personal information breach that may pose a risk to users' rights and freedoms, the Company shall:
- Notify the relevant supervisory authorities (Korea Personal Information Protection Commission, EEA lead supervisory authority, UAE Data Office, etc.) within 72 hours from becoming aware of the breach in accordance with Article 34 of the Personal Information Protection Act, Articles 33-34 of the GDPR, and the UAE PDPL
- Notify affected users without delay via the account registration email
- Provide details of the nature of the breach, types of data affected, expected consequences, and measures taken to mitigate harm
Article 5 (Provision of Personal Information to Third Parties)
5.1. External AI and Infrastructure Services (Including Overseas Transfers)
To generate reports and operate the Service, the Company transmits data to the following overseas business operators:
| Recipient | Transmitted Data | Purpose | Country of Transfer | Time of Transfer |
|---|---|---|---|---|
| Google LLC (Gemini Pro Vision API) | Vehicle images/photos | AI visual condition analysis (Core C, when the applicable feature is provided) | United States, etc. (Google Cloud) | When a report generation request is made for the applicable feature |
| Google LLC (Gemini API) | Vehicle diagnostic summary text prompts | Multimodal reasoning, generation of report narratives | United States, etc. (Google Cloud) | When a report generation request is made |
| OpenAI, Inc. | Vehicle diagnostic data, text prompts | LLM-based analysis and narrative generation (GPT series) | United States (Microsoft Azure) | When a report generation request is made |
| Anthropic, PBC | Vehicle diagnostic data, text prompts | LLM-based analysis and narrative generation (Claude series) | United States (AWS) | When a report generation request is made |
| Amazon Web Services, Inc. (AWS) | Account information, VIN, vehicle data, report outputs, consent logs (all items) | Cloud database, authentication, storage (service backend) | United States (us-east / ap-northeast, etc.) | Throughout the entire period of membership registration and Service use |
| Cloudflare, Inc. | Web traffic, IP address, User-Agent, cookies, request metadata | CDN, DDoS protection, DNS, WAF (Site hosting gateway) | Global anycast network (United States, EU, Asia, etc.) | Automatically upon accessing the Site |
⚠️ Notice on overseas transfers (Article 28-8 of the Personal Information Protection Act / Article 46 of the GDPR):
The transfers to overseas business operators listed in the table above are essential for the provision of the Service (performance of a contract), and the Company secures appropriate safeguards by entering into standard contractual clauses (SCC) or data processing agreements (DPA) with each recipient. These transfers are based on appropriate safeguards (such as SCC) under Article 28-8(1) of the Personal Information Protection Act of the Republic of Korea, and for EEA users, on appropriate safeguards under Article 46 of the GDPR. The Company clearly notifies users of these overseas transfers on the membership registration screen.
Consequences if transfer is not possible. Because these overseas transfers constitute the technical foundation of the Service (cloud DB, CDN, AI inference), membership registration and report generation are technically impossible without the transfers. The relevant countries may not provide the same level of personal information protection as the Republic of Korea.
5.1A. User Data Segregation
Images, voice recordings, and other diagnostic data submitted by a user are used only to generate that user's report. Where multiple users request reports for the same VIN:
- Media (photos, audio) submitted by each user is processed separately and is not included in, displayed in, or made accessible through another user's report
- Public data (VIN history, recall records, safety ratings) originates from public third-party sources rather than user submissions and therefore may be included in multiple reports for the same VIN
5.2. Public Data Source Inquiries
The following public and government data sources are queried for report compilation. In these inquiries, users' personal information is not transmitted, and only VIN and vehicle identification information are used:
- NHTSA (National Highway Traffic Safety Administration, United States) — recalls, consumer complaints, safety ratings
- Ministry of Land, Infrastructure and Transport / Korea Automobile Testing & Research Institute (KATRI) — Korea recall records
- Euro NCAP — European safety ratings
- IIHS (Insurance Institute for Highway Safety, United States) — crash test ratings
- KNCAP (Korea New Car Assessment Program) — Korea crash test ratings
- KIDI (Korea Insurance Development Institute) — insurance loss ratings
5.3. Infrastructure Service Providers
| Provider | Purpose | Accessed Data |
|---|---|---|
| Cloudflare, Inc. (United States, global anycast) | Site gateway — CDN / DDoS protection / DNS / WAF | Web traffic, IP address, User-Agent, cookies, request metadata |
| Amazon Web Services, Inc. (AWS) (United States) | Cloud database / authentication / object storage / serverless computing | Account, VIN, vehicle data, report outputs, consent logs (encrypted at rest and in transit) |
| Supabase, Inc. (United States, AWS hosting) | Relational database / authentication / real-time API | Account information, report metadata, authentication tokens |
| Vercel, Inc. (United States) | Frontend hosting / edge network / CI/CD | Web traffic, IP address, User-Agent, request logs |
| Google LLC (United States, etc.) | AI inference — Gemini API (when Core C visual feature is provided / report narrative generation) | Vehicle images (when the applicable feature is provided), diagnostic summary prompts |
| OpenAI, Inc. (United States) | AI inference — GPT series (analysis and narrative generation) | Vehicle diagnostic data, text prompts |
| Anthropic, PBC (United States) | AI inference — Claude series (analysis and narrative generation) | Vehicle diagnostic data, text prompts |
| PayPal, Inc. (United States) | Payment processing — overseas (PCI-DSS certified) | Payment data only (card number and CVV not stored) |
| PortOne Co., Ltd. (Republic of Korea) | Payment processing — domestic PG integration (PCI-DSS certified) | Payment data only (card number and CVV not stored) |
| Google LLC (Google Workspace) (United States) | Sending transaction and authentication emails (purchase receipts, refund notices, consent renewals, membership registration authentication) | Email address, name (sent from [email protected]) |
5.4. Legal Disclosure
The Company may disclose personal information in the following cases:
- Where required by a court order, subpoena, or legal process
- Arbitration proceedings (International Arbitration Rules of the Korean Commercial Arbitration Board)
- Requests from government agencies with lawful authority
- Where necessary to protect the Company's legal rights or the safety of users
Article 6 (Retention and Destruction of Personal Information)
| Information Type | Retention Period | Basis |
|---|---|---|
| Account information | Account maintenance period + 3 years after withdrawal | Commercial Act; dispute resolution |
| Vehicle data (VIN, images, audio) | 1 year after report generation | Service improvement; dispute resolution |
| Transaction records | 5 years | Tax law compliance (Framework Act on National Taxes, Value-Added Tax Act) |
| Consent logs (IP, timestamp, terms version) | 5 years or until the end of the relevant dispute | Legal obligation; chargeback defense |
| Technical/usage information | 1 year (then de-identified) | Legitimate interests |
| Generated reports (analysis results excluding original media) | The period during which members may view reports is, from the date access rights are granted for each plan, 6 months (180 days) for Single Report and 1 year (365 days) for Multi-Check Pack and Dealer Starter Pack; the Company internally retains reports for 3 years from the report generation date for dispute response purposes and then destroys them | Performance of contract; dispute resolution |
| Report access and version records | 5 years or until the end of the relevant dispute | Performance of contract; dispute resolution; chargeback defense |
| Confirmation of notice on report reuse/reference date | 5 years or until the end of the relevant dispute | Evidence that the user was notified of the report reference date and 30-day reuse policy |
| Confirmation of notice on corrective access for undetermined items | 5 years or until the end of the relevant dispute | Evidence of notice that undetermined items may remain undetermined and corrective access is limited |
Distinction between viewing period and internal retention. The period during which a member may view a report and download the PDF (from the date access rights are granted for each plan, 6 months (180 days) for Single Report and 1 year (365 days) for Multi-Check Pack and Dealer Starter Pack) is separate from the period during which the Company internally retains the report (3 years from generation date, for dispute response purposes). In other words, even after the member's viewing period expires, the Company internally retains the report (analysis results excluding original media) for dispute and chargeback response.
Relationship with original media. Original media submitted by users (images and audio) is destroyed when 1 year has elapsed after report generation, and thereafter the report is retained as a static output containing only analysis results without the original media. Report access and version records (5 years) are metadata for dispute evidence and do not include original media.
Destruction methods:
- Electronic files: deleted by technical methods that make restoration impossible
- Printouts: shredded or incinerated
Article 7 (User Rights)
7.1. Basic Rights (All Users)
| Right | Details |
|---|---|
| Request access | Request a copy of one's personal information held by the Company |
| Request correction | Request correction of inaccurate or incomplete information |
| Request deletion | Request deletion of personal information (excluding information subject to legal retention obligations) |
| Request suspension of processing | Request suspension of processing of personal information |
| Withdraw consent | Withdraw consent previously provided (without affecting the lawfulness of processing prior to withdrawal) |
| Object | Object to processing based on legitimate interests |
| Refuse automated decisions and request explanation | Pursuant to Article 37-2 of the Personal Information Protection Act (amendment effective in 2024), where a decision made by a fully automated system (including artificial intelligence) has a significant impact on a member's rights or obligations, the right to refuse such decision or request an explanation of the criteria and grounds for such decision. Note: The Company's AI diagnosis (including Trust Score) is provided only as reference information and does not constitute an automated decision with legal effect, but members may exercise this right. |
| File complaint | File a complaint with the personal information supervisory authority in the jurisdiction of residence |
7.2. Method of Exercising Rights and Response Period
Contact: [email protected]
The Company will respond or process within the following periods from the date of receipt of the request (depending on applicable law):
| Applicable Law | Response Period |
|---|---|
| Korea Personal Information Protection Act (PIPA) | Within 10 days (access, correction, deletion) |
| European GDPR | Within 30 days (extendable by 1 month) |
| UAE PDPL | Within 30 days |
The Company may conduct an identity verification procedure.
7.3. Additional Rights of Overseas Users
7.3.1. EEA Users (GDPR)
- Data portability: the right to receive data in a structured, machine-readable format
- Right to restriction: the right to restrict processing in certain circumstances
- Right to refuse automated decision-making: the right not to be subject to purely automated decision-making that has legal effect (the Company's AI-based inspection assistance analysis is reference information and has no legal effect)
- Right to file a complaint with a supervisory authority: complaints may be filed with the data protection supervisory authority (DPA) in the country of residence
7.3.2. UAE Users (UAE PDPL)
- All rights specified in Federal Decree-Law No. 45/2021
- Right to consent to overseas transfers (see Article 8)
- Complaints may be filed with the UAE Data Office
Article 8 (Overseas Transfers)
8.1. Transfer Status
| Recipient | Country of Transfer | Data Transferred | Purpose | Safeguards |
|---|---|---|---|---|
| Google LLC | United States | Vehicle images (when the applicable feature is provided), diagnostic prompts | AI analysis (Gemini API) | Google DPA; SCC |
| Google LLC (Google Workspace) | United States | Email address, name | Sending transaction and authentication emails | Google DPA; SCC |
| OpenAI, Inc. | United States | Vehicle diagnostic data, text prompts | AI analysis (GPT series) | OpenAI DPA; SCC |
| Anthropic, PBC | United States | Vehicle diagnostic data, text prompts | AI analysis (Claude series) | Anthropic DPA; SCC |
| Amazon Web Services, Inc. (AWS) | United States | All items of account, VIN, vehicle data, reports, consent logs | Cloud DB / authentication / storage | AWS DPA; SCC |
| Supabase, Inc. | United States (AWS hosting) | Account information, report metadata, authentication tokens | DB / authentication / real-time API | Supabase DPA; SCC |
| Vercel, Inc. | United States | Web traffic, IP, User-Agent, request logs | Frontend hosting / edge network | Vercel DPA; SCC |
| Cloudflare, Inc. | Global anycast (United States, EU, Asia) | Web traffic, IP, User-Agent, cookies, request metadata | CDN / DDoS protection / DNS / WAF | Cloudflare DPA; SCC |
| PayPal, Inc. | United States | Payment data | Overseas payment processing | PayPal DPA; SCC |
8.2. Consent
The overseas transfers to the countries listed in the table in 8.1 above are essential for the provision of the Service, and the Company secures appropriate safeguards through standard contractual clauses (SCC) and data processing agreements (DPA) (Article 28-8 of the Personal Information Protection Act / Article 46 of the GDPR). The Company notifies users of these transfers at membership registration, and users are informed that the relevant countries may not provide the same level of personal information protection as their country of residence.
Consent may be withdrawn by contacting [email protected]. However, because these transfers constitute the technical foundation of the Service (DB, CDN, AI), additional use of the Service will be restricted upon withdrawal of consent, and reports already generated will not be affected.
Article 9 (Management of Consent Records)
The Company maintains records of consent interactions to protect the Company and users:
| Record Item | Purpose |
|---|---|
| Account type selection (individual/business) | Determination of applicable legal framework |
| Consent to Terms of Service (version + timestamp) | Evidence of contract formation |
| Confirmation of Disclaimer (version + timestamp) | Evidence of limitation of liability |
| Confirmation of Refund Policy (version + timestamp) | Evidence for chargeback defense |
| Confirmation of notice on report reuse/reference date (if displayed) | Evidence that the user was notified of the report reference date and 30-day reuse policy |
| Confirmation of notice on corrective access for undetermined items (if displayed) | Evidence of notice that undetermined items may remain undetermined and corrective access is limited |
| Consent to overseas transfer (timestamp) | GDPR/UAE PDPL compliance |
| IP address at time of consent | Regional confirmation, fraud prevention |
| User-Agent string | Device identification, integrity of consent records |
Consent records are retained for 5 years or until the end of the relevant dispute.
Article 10 (Measures to Ensure Security)
The Company implements the following technical and administrative measures to protect personal information:
- Encryption in transit: TLS 1.2 or higher
- Encryption at rest: AES-256
- Access control: role-based access control, principle of least privilege
- Authentication: secure password hashing (bcrypt/Argon2)
- Monitoring: intrusion detection, access logs, anomaly detection
- Vendor security: requiring third-party processors to meet equivalent security standards
No system can guarantee 100% security, and although the Company takes commercially reasonable measures, it does not guarantee the absolute security of data.
Article 11 (Personal Information of Minors)
11.1. Global principle. The Service is not directed to individuals under the age of 18. The Company does not knowingly collect personal information of minors without the consent of the data subject or legal representative.
11.2. Korea under age 14 — legal representative consent mandatory. Pursuant to Article 22 of the Personal Information Protection Act, explicit consent from a legal representative is mandatory to process personal information of children under the age of 14 residing in Korea, and information collected without consent will be destroyed immediately.
11.3. Korea age 14 or older and under 19. In the case of minors under the Korean Civil Act (under the age of 19), this membership registration or payment is possible only if consent from a legal representative has been obtained, and a contract concluded without consent may be canceled by the person or the legal representative (see Article 4.1 of the Terms of Service).
11.4. Reporting and deletion requests. If you become aware that a minor has provided personal information to the Company in violation of this Policy, please contact [email protected] and the Company will destroy the relevant information without delay.
Article 12 (Chief Privacy Officer)
Pursuant to Article 31 of the Personal Information Protection Act, the Company designates and discloses its Chief Privacy Officer (CPO) as follows:
- Name: Choo Kyo-han
- Position: Chief Executive Officer
- Affiliation: TSBT Company Co.,Ltd.
- Email: [email protected]
- Mailing address: Room B105-E280, 196 World Cup-ro, Mapo-gu, Seoul, Republic of Korea (Seongsan-dong, Daemyung Vicien City Officetel)
Users may contact the Chief Privacy Officer regarding all personal information protection-related inquiries, complaint handling, damage relief, etc. arising while using the Company's services. The Company will respond to and handle users' inquiries without delay.
Article 13 (Changes to This Policy)
The Company may change this Policy from time to time. If there are material changes:
- The changed Policy will be posted on the Site and the "Last Modified" date will be updated
- Prior notice will be provided to the registered email at least 7 days in advance
- Continued use of the Service after the effective date will be deemed consent to the changed Policy
Article 14 (Remedies for Infringement of Rights and Interests)
If you need to report or consult regarding a personal information infringement, you may contact the following organizations:
- Personal Information Infringement Report Center (Korea Internet & Security Agency): 118 / privacy.kisa.or.kr
- Personal Information Dispute Mediation Committee: 1833-6972 / kopico.go.kr
- Cyber Investigation Department, Supreme Prosecutors' Office: 1301 / spo.go.kr
- Cyber Investigation Bureau, National Police Agency: 182 / ecrm.cyber.go.kr
- Personal Information Protection Commission (PIPC): pipc.go.kr
Overseas users may file complaints with the data protection supervisory authority in their country of residence (EEA: local DPA, UAE: UAE Data Office, Saudi Arabia: SDAIA).
Article 15 (Language Priority)
This Policy is originally prepared in Korean, and versions translated into English and other languages are provided for members' convenience. In the event of any difference in interpretation between the original and a translation, the Korean original shall prevail. However, this shall not apply to the extent that the laws of the member's jurisdiction of residence require local-language notation as a mandatory provision.
Article 16 (Contact)
Email: [email protected]
*This Privacy Policy takes effect from 2026-05-29.*
