BIBIDI PTE LTD. (the "Company") establishes and discloses this Privacy Policy to guide users on the procedures and standards for processing personal information when using the "JISOO" service (the "Service"). The Company complies with any applicable laws and regulations to process personal information lawfully and manage it securely. Through this Privacy Policy, the Company informs users how their personal information is used and what measures are in place to protect it. The Company ensures that users can easily access this Privacy Policy within the "JISOO" service interface.

Personal Information to be Collected The Company processes users’ personal information for purposes necessary to provide the Service, based on a valid legal basis under applicable laws and regulations. The Company collects only the minimum necessary personal information required for service provision and contract fulfillment. The types of personal information collected for each purpose include: (1) For membership registration in the "JISOO" App: ● Email address, password, nickname, phone number (optional field) profile picture, date of birth, gender, country of residence, delivery address Notes for membership registration for users under 16 - To protect children’s personal information, the "JISOO" app does not allow users under the age of 16 to register. If an underage user is found to have provided false information to register, their account will be immediately deleted, and related data will be discarded. (2) For Customer Service Inquiries and Complaints: ● Inquiry content, email address, contact information, and additional details if necessary (3) For Event Participation: ● Name, address, contact information, shipping details, etc. (4) Additionally, the following data may be automatically collected during use of the Service: ● Service usage records (login history, content usage, activity history, purchase history, etc.), access logs, cookies, access IP information, device information (OS, OS version, device model, advertising ID (ADID/IDFA)), payment records, and location information (only where user consent is given). In addition, the Company collects personal information from users with their consent as set out below. (1) For marketing and promotional purposes (including the delivery of advertising and event information) ● Information collected during the membership registration and use of the Service, including Service usage records. Collection Methods ● Membership registration, service inquiries, event participation, surveys, etc. ● Automatic collection through information generation tools during use of the Service ● Provision from partners (e.g., through affiliate marketing) Device Access Permissions The "JISOO" app may request access permissions for the user's device with prior notice and consent. (1) Android ● Mandatory Access Permissions: ○ Storage: Used for uploading, downloading, and storing photos/videos (Only media file access is requested for Android 10(Q) or later.) ● Optional Access Permissions: ○ Camera: Used for taking and sending photos/videos, setting a profile picture, and using AR features ○ Microphone: Used for sending voice messages and video calls ○ Notifications: Used for receiving push notifications ○ Location Information: Used for location-based services (e.g., connecting with nearby fans, event guidance at specific locations) (2) iOS ● Optional Access Permissions: ○ Photos: Used for sending and storing photos/videos, setting a profile picture ○ Camera: Used for taking and sending photos/videos, setting a profile picture, and using AR features ○ Microphone: Used for sending voice messages and video calls ○ Notifications: Used for receiving push notifications ○ Location Information: Used for location-based services (e.g., connecting with nearby fans, event guidance at specific locations) Users can change their access permissions at any time via: ● Android: Phone Settings > Applications (Apps) > "JISOO" > Permissions ● iOS: Settings > Privacy > "JISOO"

The Company uses collected personal information for the following purposes: ● Service provision and management: Providing the Service and relevant content, managing members, processing payments, customer support, and improving service operations ● User identification and management: Identity verification, preventing duplicate registrations and fraudulent activities, handling inquiries and complaints, sending notifications, and managing accounts ● Service improvement and development: Developing new services, improving existing ones, offering personalized services, and analyzing service usage statistics ● Event administration: conducting and managing events, including delivering prizes to selected users ● Marketing and advertising: Providing event and promotional information(only with separate consent; refusal will not affect general service use), and offering personalized advertisements ● Compliance with laws and policies: Investigating and addressing violations of laws, terms of Service, and operation policy, and fulfilling legal obligations

Where required by law, the Company relies on the following legal bases to process personal information. ● Contractual Necessity: The Company needs to process users’ personal information in order to provide the Service, manage members and accounts, respond to questions and requests from users, provide customer support, and administer events for which users have applied to participate. ● Legitimate Interests: The Company processes users’ personal information, (i) for security and safety; (ii) to detect and prevent fraud; (iii) to protect and defend the rights or property of others, or the Company’s own rights and interests; (iv) to maintain, operate, and improve the Service, including keeping it updated and relevant; and (v) to respond to domestic and foreign law enforcement requests, court orders, and legal process. ● Compliance with Legal Obligations: The Company needs to process users’ personal information to comply with relevant laws and regulatory requirements. ● Consent: The Company relies on users’ consent to send marketing communications based on users’ interactions with the Service. Users may withdraw their consent at any time by following the instructions set out in this Privacy Policy (see “Article 12 Contact Information” section). ● Protecting Vital Interests: The Company may need to process users’ personal information in the event of an emergency involving an individual’s life or health.

The Company may share personal information with third parties in order to provide the Service to users. Otherwise, the Company does not disclose users' personal information to third parties beyond the scope of Article 3, except where there is a valid legal basis or a requirement under applicable laws or from competent authorities, following due legal procedures. ● Business partners: partners with whom the Company works to provide the Service, such as when a user links accounts or services with the Company’s business partners in order to receive new or improved features (e.g., Shopify Inc.). These business partners control and manage users’ personal information. ● Service providers: carefully selected companies that provide services for or on behalf of the Company, such as cloud platform providers that maintain data on the Company’s behalf. These providers are also committed to protecting users’ information. ● Other parties where required by law or as necessary to protect the Service: for example, it may be necessary under applicable law, legal process, or a court order issued by governmental authorities to disclose user information. Such authorities may also request user information from the Company for the purposes of law enforcement, national security, counter-terrorism, or other issues related to public security. ● Other parties in connection with corporate transactions: the Company may disclose user information to a third party as part of a merger, acquisition, or sale, or, in the event of bankruptcy, to other data controllers. ● Other parties with user consent or at the user’s direction: the Company may share information about users with third parties when users separately consent to or request such sharing. Users’ use of the Service involves the transfer of personal information to, and the storage and processing of such personal information in, other countries. Such countries include, without limitation, the Republic of Korea and Japan. All cross-border data transfers are carried out in accordance with legal requirements and are subject to appropriate safeguards to ensure that users’ personal information is processed safely and in a manner consistent with users’ reasonable expectations.

User data is retained until the earlier of Service termination or the detection of falsified information. In addition, personal information collected separately with the user’s consent for marketing purposes is retained until such consent is withdrawn, and personal information collected for event-related purposes is retained until the relevant event has ended, in each case unless a longer retention period is required under applicable laws and regulations.

Unnecessary personal information is deleted through secure processes, ensuring irrecoverability.

Users can view, modify, or delete their personal information anytime via the "JISOO" app settings. Account deletion results in data erasure, except where retention is legally required. To exercise rights, make an inquiry, or withdraw consent, users may contact the Company. See the “Article 12 Contact Information” section. In some cases, applicable law may prevent the Company from complying with a user’s request or may permit the Company to refuse such request. Users may designate, in writing or through a power of attorney, an authorized agent to make requests on the user's behalf. Before accepting such a request from an agent, the Company will require proof that the user has authorized the agent to act on the user’s behalf, and the Company may require the user to verify the user's identity directly. Further, to provide, correct, or delete specific pieces of personal information, the Company will need to verify the user's identity to the degree of certainty required by applicable laws and regulations. Residents in the European Economic Area and the United Kingdom, or the State of California should also refer to the “Country-Specific Privacy Rights” section below. To the extent of any inconsistency, that section will prevail over the above.

The Company implements technical and administrative measures to prevent personal information leaks, including encryption, access control, and regular security audits.

Cookies are used for optimized service experiences. Users can disable cookies through browser settings.

The Service may include links to external sites. The Company is not responsible for the processing of personal information by such external sites. Users are therefore advised to review the privacy policies of those sites.

● Contact Information: help@bibidi.io Users may lodge a complaint with the relevant supervisory authority if they consider that the Company’s processing of personal information infringes applicable law.

The Company reviews and updates this Privacy Policy regularly, at least once every 12 months, to ensure it accurately reflects any changes in the Company’s practices. [Addendum] These Terms shall take effect as of [2025]-[12]-[05].

The California Consumer Privacy Act (“CCPA”) requires the Company to provide users who reside in California with the additional notice below. For the purposes of this notice, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the CCPA. The Company collects and uses the categories of personal information as set out in the “Article 2 Collected Personal Information and Collection Methods” section and for the business purposes also set out in the “Article 3 Purpose of Collecting and Using Personal Information” section. If a user is a California resident, and the processing of personal information about the user is subject to the CCPA, the user has certain rights with respect to that information. In addition to the information set out in the “Article 8 User Rights and How to Exercise Them” section above, the user has the right to: ● Notice at Collection: At or before the time of collection, users have the right to receive notice of the Company’s practices, including the categories of personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. ● Right to Know: The right to request a copy of the personal information that the Company has collected about the user in the preceding 12 months, as well as additional information about the Company’s collection, use, disclosure, or sale of such personal information. ● Right to Opt-Out of Sale or Sharing: Users may have the right to opt out of the sale or sharing of personal information for cross-context behavioral advertising purposes. Please be aware that the Company does not sell or share personal information with any third parties for cross-context behavioral advertising purposes. Users have the right not to receive discriminatory treatment for the exercise of their CCPA privacy rights. Additionally, under California Civil Code section 1798.83 (“Shine the Light” law), California residents who have provided personal information to a business for personal, family, or household purposes may request information about whether the business has disclosed personal information to third parties for their direct marketing purposes. The Company does not disclose personal information to any third parties for their direct marketing purposes under this law. California residents under the age of 18 who are registered users of online sites, services, or applications may request removal of content or information they have publicly posted. Such requests do not guarantee complete or comprehensive removal of content where the law does not permit or require it. An authorized agent may submit an access or deletion request on the user’s behalf by sending a written authorization signed by the user. The Company may still require the user to verify identity and confirm that the authorized agent is permitted to submit the request.

If a user is in the European Economic Area (“EEA”) or the United Kingdom (“UK”), the following additional information applies in addition to the Privacy Policy above. In addition to the information set out in the “Article 8 User Rights and How to Exercise Them” section, the user has the right to: ● access personal information (the right to obtain confirmation as to whether the Company processes the user’s personal information and to obtain access to such personal information and related information), ● ask the Company to restrict the processing of the user’s personal information, ● data portability (the right to receive the user’s personal information in a structured, commonly used, and machine-readable format and to transmit it to another data controller), ● to object to the processing of personal information, ● rights related to automated decision-making, including profiling (the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the user or similarly significantly affects the user, and to request human intervention, to express the user’s point of view, and to contest the decision). [Addendum] These Terms shall take effect as of [2025]-[12]-[05].