Last Updated: July 8, 2026 This Privacy Policy explains how Kim Doyeon (the “Operator”) collects, uses, stores, and protects personal information in connection with the use of Timo (TiMO) (the “Service”). The Operator processes the minimum amount of personal information necessary to provide and improve the Service and complies with applicable laws and regulations, including the Personal Information Protection Act of the Republic of Korea. 1. Operator Information Operator: Kim Doyeon Location: [Operator Location], Republic of Korea Contact: [Customer Support Email] 2. Personal Information Collected The Operator collects the minimum amount of personal information necessary to provide and improve the Service. Account Information: Name, email address, encrypted password, email verification status, user ID, login tokens, and session information. Profile and Service Usage Information: Selected language, role, service settings, tasks, tags, estimated duration, memos, status, priority, actual time spent, timebox information, and service usage status information. AI Feature Processing Information: Task information, past performance records, selected language, and role information necessary to provide AI-based estimated duration recommendations. Activity and Analytics Information: IP address, access date and time, browser and device information, User Agent, Referrer, page URL, error and security logs, service usage statistics, and analytics information. Local Storage Information: The Service may use the browser’s localStorage to maintain login status and provide service settings. The Operator does not intentionally collect sensitive personal information that is not necessary for providing the Service, such as resident registration numbers, financial information, or health information. 3. Purpose of Use The Operator uses personal information for the following purposes: Providing and maintaining the Service Account authentication and login Data storage and synchronization Providing AI-based estimated duration recommendations Customer support and inquiry handling Security and prevention of unauthorized use Service improvement and statistical analysis, using de-identified or aggregated information where possible Compliance with laws and response to disputes 4. AI Features The Operator may process users’ input information and service usage information to the extent necessary to provide AI-based estimated duration recommendations. If an external AI service is used to provide AI features, only the minimum information necessary to perform the relevant function will be transmitted. The Operator does not provide user data for the purpose of training external AI models without the user’s explicit consent. 5. Third-Party Services and Entrustment of Processing The Operator may use trusted external services to provide the Service and processes personal information only to the extent necessary. The Service may currently use the following external services. Vercel: Hosting and service operation OpenAI: Provision of AI features [Authentication and Data Storage Service] [Email Delivery Service] The Operator does not sell personal information or provide it to third parties for advertising purposes without the user’s consent or a legal basis under applicable law. 6. Automatic Collection Technologies The Service may use cookies, localStorage, and analytics tools necessary for service operation to maintain login status, provide the Service, and perform analytics. Users may restrict or delete cookies and stored information through their browser settings. 7. Cross-Border Transfer If the Operator uses overseas service providers to provide the Service, personal information may be transferred outside the Republic of Korea. The recipient, destination country, purpose of transfer, and retention period will be provided according to the services actually used. 8. Security Measures The Operator implements reasonable technical and administrative measures to protect personal information, including access permission management, authentication procedures, access control, data encryption, and security log management. However, due to the nature of the internet environment, no system can guarantee complete security. 9. Retention Period and Destruction The Operator retains personal information for the period necessary to achieve the purposes described in this Privacy Policy. However, if retention is required under applicable laws and regulations, the Operator will retain the relevant personal information for the required period. Users may delete their accounts at any time. When an account deletion request is received, the Operator will delete personal information without delay, except for information that must be retained under applicable laws and regulations. 10. User Rights Users may request access to, correction of, deletion of, suspension of processing of, and withdrawal of consent for their personal information. Inquiries regarding personal information may be submitted to [Privacy Inquiry Email], and the Operator will take necessary measures in accordance with applicable laws and regulations. 11. Remedies for Infringement of Rights Users may seek consultation or remedies regarding personal information infringement through the following institutions: Privacy Infringement Report Center: 118 Personal Information Dispute Mediation Committee: 1833-6972 Supreme Prosecutors’ Office: 1301 Korean National Police Agency: 182 12. Changes to this Privacy Policy The Operator may revise this Privacy Policy in accordance with changes to laws, regulations, or the Service. If there are material changes, the Operator will provide prior notice through the Service, email, or other appropriate means. 13. Contact Personal Information Protection Officer: Kim Doyeon Email: [Privacy Inquiry Email] Phone: Email inquiries only Location: [Operator Location], Republic of Korea This Privacy Policy shall take effect on July 8, 2026.