Privacy Policy

Effective Date: February 9, 2026

Treest (hereinafter referred to as the “Company”) establishes and discloses this Privacy Policy as follows in order to protect users’ personal information and promptly handle related grievances in accordance with the Personal Information Protection Act.

Article 1 (Items of Personal Information Collected and Collection Methods)

1. Collected Items

Anonymous Users

• Collected Items: Device unique identifier (anonymous UID)
• Purpose of Collection: Service usage and learning data storage

Cloud Account (Google, etc.) Linked Members

• Collected Items: Email address, cloud account unique identifier (UID)
• Purpose of Collection: Member identification, cloud synchronization

Service Usage Records

• Collected Items: Learning history, review schedule, difficulty evaluation, learning progress
• Purpose of Collection: Providing personalized learning services

2. Collection Methods

• Automatically generated upon first launch of the service (anonymous account)
• Direct user consent through Google, etc. account linking
• Automatically generated during service usage

Article 2 (Purpose of Processing Personal Information)

The Company processes collected personal information for the following purposes:

1. Service provision: English writing practice, review schedule management, learning progress management
2. Member management: Member identification, identity verification, account linking
3. Cloud synchronization: Synchronization of learning data across devices for Google-linked members
4. Service improvement: Statistical analysis of service usage and quality enhancement

Article 3 (Retention and Use Period of Personal Information)

1. The Company destroys the relevant information without delay once the purpose of collection and use of personal information is achieved.

2. Specific retention periods are as follows:

   • Anonymous user data: Until app deletion or account deletion
   • Google-linked member data: Until member withdrawal (account deletion)
   • Learning history data: Until user initialization request or account deletion
3. If retention is required under relevant laws, the information will be retained for the period stipulated by those laws.

Article 4 (Provision of Personal Information to Third Parties)

The Company processes users’ personal information only within the purposes specified in Article 1 and does not provide it to third parties without prior user consent.
However, the following cases are exceptions:

1. When the user has given prior consent
2. When required by law or requested by investigative agencies in accordance with legally prescribed procedures and methods for investigative purposes

Article 5 (Entrustment of Personal Information Processing)

The Company entrusts personal information processing tasks as follows:

• Entrusted Company: Google LLC (Firebase)
• Entrusted Tasks: Authentication service operation, cloud data storage
• Retention Period: Until the end of the entrustment contract

Article 6 (User Rights and How to Exercise Them)

Users may exercise the following rights:

1. Learning Data Initialization: Users can directly initialize learning history and review history in the service settings.
2. Account Deletion: Users can request account deletion within the service, and all personal information and learning data will be immediately destroyed upon deletion.
3. Logout: Users can unlink Google and switch to anonymous status. In this case, a new anonymous account is created, and data from the previous Google account can be restored upon re-login.
4. Request for Access, Correction, or Deletion of Personal Information: Requests can be made through the contact information below.

Article 7 (Destruction of Personal Information)

1. The Company destroys personal information without delay when the retention period expires or the processing purpose is achieved.

2. Destruction procedures and methods are as follows:

   • Electronic files: Permanently deleted so that records cannot be recovered
   • Other records: Shredded or incinerated

Article 8 (Measures to Ensure the Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

1. SSL/TLS encryption applied during data transmission
2. Data access control through Firebase security rules
3. UID-based access control so that only the user’s own data can be accessed

Article 9 (Automatically Collected Information)

The following information is automatically stored on the device during service use. This information is not transmitted to the server and is used only on the device:

• Learning settings (correct answer display method)
• Audio gender settings

Article 10 (Protection of Children’s Personal Information)

The Company obtains consent from legal guardians when collecting personal information of children under 14 years of age.
Legal guardians of children under 14 may request access, correction, or deletion of the child’s personal information.

Article 11 (Personal Information Protection Officer)

The Company designates a Personal Information Protection Officer to oversee personal information processing, handle user complaints, and provide remedies for damages as follows:

• Company Name: Treest
• Email: support@treestcorp.com

Article 12 (Remedies for Infringement of Rights and Interests)

Users may inquire about remedies for personal information infringement with the following institutions:

• Personal Information Dispute Mediation Committee: 1833-6972
• Personal Information Infringement Reporting Center: 118
• Supreme Prosecutors’ Office Cyber Investigation Division: 1301
• National Police Agency Cyber Safety Bureau: 182

Article 13 (Changes to the Privacy Policy)

This Privacy Policy may be added to, deleted from, or modified in accordance with changes in laws, policies, or security technologies. When changes are made, users will be notified at least 7 days in advance through in-service notices, stating the effective date.

Supplementary Provisions

This Privacy Policy takes effect from February 9, 2026.