The Company collects personal information for the following purposes:

1. Account Management and Verification
• Verification of identity, prevention of fraudulent activities, providing member services, managing user accounts, and implementing and upholding platform policies.
2. Service Provision
• Delivering services, including app functionalities such as voice and text chat, content sharing, and managing communication tools.
3. Marketing and Advertising
• Sending promotions, personalized recommendations, and advertising through data analytics based on user behavior, as well as sharing aggregated, anonymized data with third-party partners.
4. Service Development and AI Training
• Using personal data, including communication data (messages, voice chat, and relevant metadata from interactions), for AI learning, machine learning, fraud detection, content moderation, compliance monitoring, and automated recommendations.
5. Security and Fraud Prevention
• Monitoring and analyzing user activity for security enhancement, fraud prevention, abuse detection, compliance with platform policies, and ensuring a safe user environment.
6. Legal and Compliance Requirements
• Fulfilling legal obligations, responding to regulatory inquiries, and protecting the company against legal claims.

The Company retains user data for as long as necessary to provide services, comply with legal obligations, enhance security, and improve platform functionality. Where legally required or permitted, the Company may retain certain data beyond the stated retention period for fraud prevention, security enhancement, legal compliance, or business continuity purposes. Data retention periods may vary based on operational, regulatory, and legal requirements.

• Account and Profile Information
  User account-related information is retained as long as the account remains active. Upon account deletion, some data may be retained for fraud prevention, security enforcement, and regulatory compliance.
• Payment and Transaction Records
  Payment-related data is retained as required by financial and tax regulations to fulfill audit and reporting obligations.
• Communication Data (Voice, Text, and Metadata)
  Communication logs may be retained for service optimization, security monitoring, fraud detection, content moderation, and AI model training. Any data used for AI model improvements is fully anonymized and no longer linked to any individual user.
• Security and Fraud Prevention
  The Company may retain access logs, IP addresses, device information, and location data for security monitoring, fraud detection, and compliance with applicable laws.
• Regulatory and Legal Compliance
  Records related to customer complaints, support tickets, arbitration proceedings, legal claims, dispute resolution, and compliance investigations may be retained as required by law or industry best practices. Certain legal records may be preserved beyond account deletion if necessary for ongoing audits, investigations, or regulatory reporting.
• Policy Violations and Legal Disputes
  If a user is involved in reported misconduct, violations of community guidelines, or legal disputes, the Company may retain relevant data as long as necessary for investigations, regulatory compliance, and legal defense.

Data Deletion Requests
User requests for data deletion will be reviewed in accordance with legal, operational, and security requirements. Some data may be retained if required for:

• Compliance with financial, tax, and regulatory laws
• Fraud detection, abuse prevention, and security monitoring
• Legal defense and dispute resolution

The Company may retain certain data beyond the retention period where necessary for fraud prevention, security enforcement, regulatory compliance, or other legitimate business interests. The Company reserves the right to reject deletion requests in cases where: (1) the data is required to fulfill legal, tax, or compliance obligations, (2) deletion is technically unfeasible without affecting system integrity, or (3) the data is necessary to protect the Company’s rights, enforce agreements, or resolve disputes.

The Company may share personal data with third-party service providers to ensure seamless delivery of services. These include:

• Amazon Web Services, Google Cloud Platform, Microsoft Azure, OpenAI, MongoDB Atlas – Cloud computing, data storage, database management, AI model training, and SaaS-based service infrastructure. These platforms are used for hosting, processing, and securing application data, including structured and unstructured data, AI-driven computations, and large-scale storage solutions.
• Google, Apple, Kakao Corp. – User verification, sign-in authentication, and in-app purchases.
• Twilio – Text and voice call services, including call recordings, voice data transmission, data storage, and user verification. Twilio serves as the primary infrastructure provider for storing call recordings, logs, metadata, and other communication– related data in compliance with applicable laws.
• Payoneer, Inc. – Monetary payout services related to in-app rewards or activities.
• MaxMind, Inc. – IP-based user verification, fraud prevention, and security risk management.
• Google Workspace, Microsoft 365 – General business operations, including internal communications, document management, and operational support.

These third parties are bound by agreements to protect personal data in compliance with applicable privacy regulations. All data is processed and stored by the Company in compliance with applicable laws and its Privacy Policy.

Users have the right to:

1. Access and Rectification
• Users may access their personal data and request corrections if any information is inaccurate.
• The Company reserves the right to deny access requests if they infringe on the privacy of others, conflict with security or legal obligations, or are deemed unreasonable.
2. Deletion
• Users may request the deletion of their personal data, subject to applicable legal, security, and operational requirements.
• Certain data cannot be deleted if required for:
• Compliance with financial, tax, and regulatory laws
• Fraud detection, security monitoring, and abuse prevention
• Legal defense, dispute resolution, or investigations
• Protecting the legitimate business interests of the Company, including service integrity and compliance monitoring
3. Data Portability
• Users may request the transfer of their data to another service provider where technically feasible.
• The Company is not responsible for compatibility issues with third-party services.

Limitations and Retention of Requests

• The Company reserves the right to deny requests that are excessive, unreasonable, technically unfeasible, or interfere with ongoing investigations or legal proceedings.
• Repeated, vexatious, or fraudulent requests may result in the restriction of further inquiries from the user.

Users may exercise these rights by contacting our support team at support@hugapp.com. Requests will be processed in accordance with applicable laws and platform policies.

The Company may transfer personal data across international borders to provide services, including to countries that may not have the same data protection laws as the user’s country of residence. The Company ensures that all data transfers comply with applicable legal requirements, such as the GDPR’s Standard Contractual Clauses.

In regions with data localization laws, such as Russia, China, and other jurisdictions with similar regulations, the Company will comply with local requirements, including storing certain categories of personal data within the applicable jurisdiction. However, the Company reserves the right to transfer data across borders where permitted by law and necessary for business continuity, fraud prevention, regulatory compliance, and service optimization.

To the extent permitted by applicable law, the Company shall not be liable for any indirect, incidental, consequential, special, punitive, or exemplary damages, including but not limited to lost revenue, lost profits, business interruptions, reputational harm, loss of data, or other intangible losses, even if such damages were foreseeable or the Company was advised of their possibility. If such limitations are not permitted by law, this provision shall not apply to the extent of such prohibition.

1. The Company’s total liability for any claims, including but not limited to data breaches, privacy violations, service disruptions, or third-party failures, shall not exceed the amount permitted by applicable law, regardless of the legal theory under which the claim is brought.
2. The Company provides its services on an “as is” and “as available” basis without warranties, express or implied, including but not limited to merchantability, fitness for a particular purpose, title, or non-infringement. The Company does not guarantee uninterrupted, error-free, or fully secure operation of the services.
3. The Company is not liable for damages resulting from user-generated content, interactions with third parties, unauthorized account access, service interruptions, security breaches, software bugs, or changes in Company policies.
4. The Company is not responsible for failures, interruptions, or damages caused by third-party service providers, including but not limited to cloud hosting, payment processors, telecommunications networks, and software vendors. The Company is not liable for damages resulting from cyberattacks, data breaches, hacking incidents, denial-of-service attacks, or other security threats beyond its reasonable control, as well as acts of government, regulatory restrictions, changes in law, natural disasters, pandemics, labor strikes, or other force majeure events.
5. The Company does not guarantee continuous, uninterrupted, or error-free service and reserves the right to modify, suspend, or discontinue any part of the service at its sole discretion without prior notice. Users acknowledge that service interruptions, updates, feature removals, or policy changes do not entitle them to compensation, refunds, or damages.
6. Users agree to bring any claims individually and waive the right to participate in any class action, consolidated, or representative proceeding. Where permitted by law, the Company’s total aggregate liability for multiple claims arising from a single event shall not exceed the amount allowed under applicable law.
7. The Company shall not be liable for any damages arising from user-generated content, interactions between users, unauthorized account access, or misuse of the Services by users. Users are solely responsible for their own conduct and any consequences arising from their use of the Services. The Company disclaims all warranties, express or implied, including but not limited to merchantability, fitness for a particular purpose, and non-infringement.

By using the service, users acknowledge and accept these limitations.

Users agree to indemnify and hold the Company harmless from any claims, damages, liabilities, or expenses, including legal fees, arising from their misuse of the services, violation of this Privacy Policy, or infringement of third-party rights.

To the extent permitted by applicable law, all disputes arising from this Privacy Policy or the processing of personal data shall be resolved through binding individual arbitration.

1. Disputes shall be resolved through arbitration administered by a recognized arbitration institution, including but not limited to:
• The Korean Commercial Arbitration Board (KCAB) in Seoul, South Korea
• The American Arbitration Association (AAA)
• The London Court of International Arbitration (LCIA)
• Any other arbitration institution mutually agreed upon by both parties or designated by applicable law.
2. If arbitration is unenforceable, impractical, or otherwise inapplicable in a specific jurisdiction, disputes shall be resolved through individual legal proceedings before a court of competent jurisdiction.
3. To the extent permitted by law, users agree that disputes shall be resolved individually and not as part of any class or representative action.
4. To the extent permitted by law, both parties waive their right to a jury trial in any legal proceeding related to this Privacy Policy.
5. Arbitration proceedings shall be governed by the laws of the Republic of Korea unless the user resides in a jurisdiction where arbitration clauses are restricted by law, in which case the applicable local law shall apply. If arbitration is not applicable or enforceable, disputes shall be resolved in the courts of the user’s place of residence or another jurisdiction as determined by applicable law.
6. Notwithstanding the foregoing, the Company reserves the right to seek injunctive relief or damages in a court of competent jurisdiction where the user is located, or in the jurisdiction where the Company is registered, for claims related to intellectual property infringement, unauthorized use of the Services, fraudulent activities, or breaches of contractual obligations.

• By using the Service, users acknowledge and consent to the processing of their communication data (such as text, voice data, and other audio interactions) for AI learning, fraud detection, and service improvements, in accordance with applicable laws.
• Even after a user deletes their account, data that has already been processed into AI models may continue to be used in an anonymized and non-reversible format, without linking back to the individual.
• By using the Service, users acknowledge that AI-driven features, including recommendations, automated moderation, and content filtering, operate based on probabilistic models and may not always be accurate. The Company does not guarantee the accuracy, reliability, or fairness of AI-generated outputs. The Company shall not be liable for any direct, indirect, incidental, or consequential damages arising from the use of AI-powered functionalities, including but not limited to false positives/negatives in content moderation, incorrect recommendations, or unintended automated responses.

• The Company reserves the right to anonymize and aggregate user data for business intelligence, analytics, service optimization, and the creation of new business services.
• This data may be shared with trusted third-party partners for market research, service enhancement, and advertising effectiveness analysis.
• By using the Service, Users consent to such processing and acknowledge that anonymized data may be used for analytical and business purposes without further notice or compensation.

• The Company reserves the right to anonymize and aggregate user data for business intelligence, analytics, and the creation of new business services. This data may be shared with trusted third-party partners for market research and targeted advertising. Users can opt out of third-party marketing but agree to the use of anonymized data for business purposes.
• The Company uses automated data analytics and advertising algorithms to provide personalized content and recommendations. Users acknowledge that such systems may not always generate accurate, relevant, or unbiased results. The Company shall not be liable for any perceived inaccuracies, biases, or omissions in its advertising, marketing, or recommendation systems, and users waive any claims related thereto.

In the event of a merger, acquisition, or corporate restructuring, user data may be transferred to the new entity. The acquiring entity shall ensure that transferred data is protected at a level equivalent to this Privacy Policy or provide users with notice of any material changes.

The Company may disclose personal data to tax professionals, auditors, banks, payment processors, financial service providers, tax authorities, regulatory agencies overseeing financial, tax, and compliance matters, law enforcement agencies, financial crime units, anti-money laundering (AML) enforcement bodies, relevant government agencies, and public institutions administering government funding, economic development programs, and business support initiatives.

These disclosures may include, but are not limited to, financial and transactional data, compliance-related records, and other information necessary to fulfill contractual obligations, regulatory compliance, fraud prevention, and risk management.

Such disclosures may be made as required or permitted by applicable laws, regulatory requirements, or industry best practices.

The Company uses cookies, tracking pixels, and other similar technologies to enhance user experience, improve service performance, and conduct targeted advertising. These technologies help analyze user behavior, optimize service functionality, and measure advertising effectiveness.

Users may manage their cookie preferences through browser settings. However, disabling cookies may impact the functionality of certain services. Some cookies are essential for security, fraud prevention, service performance optimization, advertising compliance, and account authentication purposes and cannot be disabled. In some jurisdictions, users may have the right to opt out of certain types of tracking, and the Company will comply with applicable regulations, including GDPR, CCPA, and similar laws.

The Company reserves the right to update or modify this Privacy Policy at its sole discretion, without prior user approval, unless required by applicable laws. Updates may be communicated through appropriate channels, such as in-app notifications, emails, or website notices.

Continued use of the service following any updates constitutes acceptance of the revised policy. Users are responsible for reviewing this Privacy Policy periodically to stay informed about any changes.

This Privacy Policy was last updated on February 18, 2025.