[EN] Privacy Policy Pump Stat App (hereinafter referred to as the “App”) establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act of Korea to protect the personal information of data subjects and to handle related grievances quickly and smoothly. ⸻ Article 1 (Purpose of Processing Personal Information) The App processes personal information for the following purposes. Processed personal information will not be used for any purpose other than the following, and in the event of a change in the purpose of use, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be taken. 1. Membership Registration and Management • To confirm the intention to register, to identify and authenticate users for providing data synchronization, to maintain and manage membership status, and to prevent misuse of services. • To process personal information for the purposes of notifications, announcements, and grievance handling. 2. Provision of Goods or Services • To provide services, contents, and personalized services. • User-generated posts will not be provided to third parties. 3. Grievance Handling (Feedback) • To verify the identity of the complainant, check details of complaints, contact and notify for fact-finding, and provide results of processing. • User-submitted feedback will not be provided to third parties, nor will it be used for statistical purposes. 4. Data Processing and Statistics • User play data may be used in anonymized or pseudonymized form for data analysis and the compilation of statistics. • For example, individual play data may be used to compile statistics on the actual difficulty levels of charts (maps). • Anonymized or pseudonymized play data may be provided to third parties such as academic research institutions for the purposes of statistics compilation and scientific research (including academic research). See Article 3 for details. • The resulting statistics (e.g., chart difficulty distributions, score/grade distributions) may be publicly disclosed within the App. 5. User-Generated Content (Contributions, etc.) • May be used anonymously for compiling statistics such as average difficulty. • User-generated posts will not be provided to third parties. 6. Subscription Payment Processing • To verify subscription product payments, manage subscription status, retrieve payment history, process refunds, and prevent fraudulent payments. 7. Service Stability and Error Diagnosis • To process crash analytics information for the purpose of diagnosing and analyzing app crashes and errors, improving service quality, and ensuring stability. ⸻ Article 2 (Processing and Retention Period of Personal Information) The App processes and retains personal information within the period of retention and use consented to by the data subject at the time of collection, or as prescribed by law. The processing and retention periods for each category are as follows: 1. Membership Registration and Management • Until withdrawal 2. Provision of Goods or Services • Until withdrawal 3. Game Accounts (Pump It Up, maimai, CHUNITHM, etc.) • ID: Until withdrawal • Password and login session information: Immediately discarded upon authentication, not stored in the database 4. Processing of Play Data • Until service termination 5. User-Generated Content (Contributions, Feedback, etc.) • Until service termination 6. Subscription Payment Information • Until the retention period required by applicable law after subscription cancellation and expiration (5 years for payment and supply records under the Act on Consumer Protection in Electronic Commerce, etc.) 7. Crash Analytics Information • Until the retention period set by the crash analytics service provider (Google) (approximately 90 days for Firebase Crashlytics) ⸻ Article 3 (Provision of Personal Information to Third Parties) The App provides personal information to the following third parties: 1. Google Play (Google LLC) • Purpose: Subscription payment processing, payment verification, subscription status confirmation, refund processing • Items Provided: Payment platform identifier (Google Play purchase token), transaction ID, subscription product type • Retention Period: In accordance with Google's Privacy Policy 2. Apple App Store (Apple Inc.) • Purpose: Subscription payment processing, payment verification, subscription status confirmation, refund processing • Items Provided: Payment platform identifier (App Store transaction ID), transaction ID, subscription product type • Retention Period: In accordance with Apple's Privacy Policy 3. Academic Research Institutions (academic research based on game play data) • Recipients: Researchers at domestic universities and research institutions, including the Yonsei University HCI Lab and the DGIST (Daegu Gyeongbuk Institute of Science and Technology) laboratory • Purpose: Statistics compilation and scientific research using game play data (e.g., academic research such as training and evaluating reinforcement learning models) • Items Provided: Anonymized or pseudonymized play data (excluding information that can identify a specific individual) • Legal Basis: Article 28-2 (Processing of Pseudonymized Information) of the Personal Information Protection Act. Pseudonymized information may be provided without the data subject's consent for purposes such as statistics compilation and scientific research. • Retention Period: Until the research purpose is achieved 4. Google LLC (Firebase Crashlytics) • Purpose: Diagnosing and analyzing app crashes and errors, improving service stability • Items Provided: Crash logs (stack traces), device information (device model, OS version), app version, Crashlytics installation identifier (a resettable, non-identifying identifier) • Retention Period: In accordance with Google (Firebase) policy (approximately 90 days for Firebase Crashlytics) • Overseas Transfer: The above information may be processed and stored at Google's data centers located overseas (e.g., the United States). ※ Information that has been fully anonymized so that a specific individual can no longer be identified does not constitute personal information under the Personal Information Protection Act; it is disclosed above for transparency. ※ The App does not directly collect or store sensitive payment method information such as credit card numbers or bank account numbers. All payments are processed through Google Play or Apple App Store. ⸻ Article 5 (Rights and Obligations of Data Subjects and Methods of Exercise) 1. Data subjects may exercise their rights to request access, correction, deletion, and suspension of processing of their personal information at any time with respect to the App. 2. Such rights may be exercised through email or Discord in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the App will promptly take action. 3. Rights may also be exercised through a legal representative or delegated agent. In this case, a power of attorney in accordance with Form No. 11 of the “Notice on Methods of Processing Personal Information (No. 2020-7)” must be submitted. 4. Requests for access and suspension of processing may be restricted pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act. 5. Requests for correction and deletion cannot be accepted if the personal information is designated as subject to collection by another law. 6. When requests are made regarding access, correction, deletion, or suspension of processing, the App verifies whether the requesting party is the data subject or a legitimate representative. ⸻ Article 6 (Items of Personal Information Processed) The App processes the following personal information items: 1. Membership Registration and Management • Required: ID, password, nickname, email • Optional: Game site ID, game site password 2. Provision of Goods or Services • Required: ID, password, nickname, email • Optional: Game site ID, game site password, play data, contributions 3. Game Data (Pump It Up, maimai, CHUNITHM, etc.) • Note: Collection of game data is entirely optional and occurs only when the user has saved the relevant game account information. If account information is not saved, no game data is collected. • Optional: Per-game game ID (the account identifier for each game, such as the Pump It Up site ID and the SEGA ID for maimai/CHUNITHM), game site password or SNS login session information, play data, contributions, card serial (e.g., Aime card serial) 4. Automatically Collected Information • IP address, MAC address, service usage records • Crash analytics (app error diagnosis): crash logs (stack traces), device information (device model, OS version), app version, Crashlytics installation identifier 5. User-Generated Content (Posts, Contributions, Feedback, etc.) • Optional: Author, post content 6. Subscription Payment • Required: Payment platform identifier (Google Play purchase token or App Store transaction ID), subscription status, transaction ID, subscription product type • Optional: Subscription expiration date, payment renewal date, refund status ⸻ Article 7 (Destruction of Personal Information) When personal information becomes unnecessary due to the expiration of the retention period or achievement of processing purposes, the App will promptly destroy such personal information. 1. Destruction Procedure • The App selects personal information for destruction when the reason arises and destroys it with the approval of the Personal Information Protection Officer. 2. Destruction Method • Electronic files are permanently deleted to prevent recovery. • Paper records are shredded or incinerated. ⸻ Article 8 (Measures to Ensure the Security of Personal Information) The App takes the following measures to ensure the security of personal information: 1. Administrative Measures: Regular server management 2. Technical Measures: Encrypted communication via HTTPS, one-way/two-way encryption, access control 3. Physical Measures: Access control for server rooms and storage areas ⸻ Article 9 (Matters Concerning the Installation, Operation, and Refusal of Automatic Collection Devices) The App does not use cookies. ⸻ Article 10 (Personal Information Protection Officer) 1. The App designates a Personal Information Protection Officer to be responsible for overall personal information processing and to handle complaints and remedies. ▶ Personal Information Protection Officer • Name: Taewon Kim • Position: Individual • Contact: goldenmine05@naver.com, Discord: goldenmine05 2. Data subjects may contact the Personal Information Protection Officer regarding all inquiries, complaints, or remedies related to personal information while using the App. The App will respond without delay. ⸻ Article 11 (Processing of Pseudonymized Information) ▶ Purpose of Processing Pseudonymized Information • Statistics compilation, scientific research (including academic research), and statistical provision ▶ Retention Period • Until service termination or until the research purpose is achieved ▶ Items of Pseudonymized Information • Play data (Pump It Up, maimai, CHUNITHM, etc.), play data of withdrawn users ▶ Provision of Pseudonymized Information to Third Parties • Pursuant to Article 28-2 of the Personal Information Protection Act, pseudonymized information may be provided to academic research institutions for the purposes of statistics compilation and scientific research. (See Article 3) ▶ Safety Measures (in accordance with Article 28-4 of the Personal Information Protection Act) • Removal of user-identifying information from play data and other measures to prevent re-identification ⸻ Article 14 (Request for Access to Personal Information) Data subjects may request access to their personal information under Article 35 of the Personal Information Protection Act to the following department. The App will ensure requests are processed promptly. ▶ Personal Information Protection Officer • Name: Taewon Kim • Position: Individual • Contact: goldenmine05@naver.com, Discord: goldenmine05 ⸻ Article 15 (Remedies for Infringement of Rights) Data subjects may apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency’s Personal Information Infringement Report Center, etc., in order to seek remedies for personal information infringement. 1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr) 2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr) 3. Supreme Prosecutors’ Office: 1301 (www.spo.go.kr) 4. National Police Agency: 182 (cyberbureau.police.go.kr) In accordance with Articles 35, 36, and 37 of the Personal Information Protection Act, any person whose rights or interests have been infringed due to a public institution’s disposition or omission may file an administrative appeal under the Administrative Appeals Act. ※ For details on administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr). ⸻ Article 17 (Changes to the Privacy Policy) 1. This Privacy Policy (v3) is effective as of May 24, 2026. 2. Previous Privacy Policies can be found in the versions below. (Each version is available in the App or via the /policy endpoints.) • v2: Effective August 20, 2025 (/policy/privacy/v2, /policy/privacy_en/v2) • v1: Effective January 29, 2024 (/policy/privacy/v1, /policy/privacy_en/v1)