2.1 Information You Provide to Us

• Account Information: Email address, username, password, profile picture
• Profile Information: Name, date of birth, gender, location, biography
• Contact Information: Phone number, mailing address
• Payment Information: Credit card details, bank account information, virtual account details, cryptocurrency wallet addresses, mobile payment information
• Social Media Information: Connected social media accounts and profiles
• Identity Verification: Government-issued ID, KYC/AML documentation

2.2 Web3 and Blockchain Information

• Wallet Information: Cryptocurrency wallet addresses (MetaMask, etc.)
• NFT Data: Owned NFTs, transaction history, metadata
• Blockchain Transaction Data: Transaction hashes, amounts, timestamps
• Token Information: Token balances, trading activity
• Smart Contract Interactions: Contract addresses, function calls
• Temporary Wallet Management: For user convenience only, we provide temporary encrypted storage of wallet credentials created through our platform:
  • Encryption: AES-256 encryption applied before storage
  • Duration: Maximum 30 days OR until backup completion, whichever is earlier
  • Automatic Deletion: All encrypted credentials are permanently deleted within 24 hours of backup confirmation or after 30 days
  • No Recovery: We cannot and will not recover private keys after deletion
  • User Responsibility: YOU MUST BACKUP YOUR PRIVATE KEYS IMMEDIATELY. Failure to backup will result in permanent loss of access to your assets.

2.3 Artist and Fan Activity Information

• Artist Preferences: Followed artists, favorite content
• Fan Activity: Likes, comments, shares, support history
• Valuation Data: Artist valuation contributions and predictions
• Community Activity: Posts, comments, votes, polls
• Event Participation: Raffles, quests, contests, live events

2.4 Automatically Collected Information

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, time spent, click patterns
• Cookies and Tracking: Session cookies, analytics cookies
• Location Data: General location based on IP address
• Performance Data: App performance, crash reports

We use your personal information for the following purposes:

• Service Provision: To provide and maintain our Services, including account creation and management
• Web3 Functionality: To enable blockchain transactions, NFT operations, and wallet connections. For wallets created through our platform, we provide temporary encrypted storage (AES-256, max 30 days) for user convenience only. We do not provide custodial services and actively encourage immediate backup and self-custody. All credentials are permanently deleted within 24 hours of backup confirmation or after 30 days.
• Artist-Fan Connections: To facilitate connections between artists and fans, including personalized content
• Community Features: To enable community participation, voting, and social interactions
• Payment Processing: To process payments through various methods (cards, virtual accounts, cryptocurrency), handle transactions, verify payments, and manage digital asset purchases
• Security and Fraud Prevention: To protect against fraud, abuse, and security threats
• Analytics and Improvement: To analyze usage patterns and improve our Services
• Communications: To send important updates, notifications, and marketing communications
• Legal Compliance: To comply with legal obligations, including KYC/AML requirements
• Customer Support: To provide customer service and technical support

We may share your personal information in the following circumstances:

4.1 Service Providers and Data Processing Consignment

We may consign the processing of your personal information to third-party service providers. Below is a list of our primary service providers and their processing purposes:

We ensure that all service providers comply with applicable privacy laws and maintain appropriate security measures. We enter into data processing agreements with these providers to protect your personal information.

4.2 Blockchain and Public Information

• Blockchain transactions are publicly visible on the blockchain
• NFT ownership and trading history may be publicly accessible
• Smart contract interactions are recorded on public blockchains

4.3 Legal Requirements

• To comply with legal obligations and regulatory requirements
• To respond to legal requests and court orders
• To protect our rights, property, and safety
• To prevent fraud and enforce our terms of service

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

You have the following rights regarding your personal information:

• Access: Request access to your personal information we hold
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request transfer of your information to another service
• Objection: Object to processing based on legitimate interests
• Restriction: Request restriction of processing
• Withdraw Consent: Withdraw consent for processing

To exercise these rights, please contact us at contact@starglow.io. We will respond to your request within 30 days.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

• Encryption of data in transit and at rest
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Access controls and employee training
• Secure development practices

However, no method of transmission over the Internet is 100% secure. We cannot guarantee the absolute security of your information.

Your personal information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

• Adequacy decisions by relevant authorities
• Standard contractual clauses
• Binding corporate rules
• Other legally recognized transfer mechanisms

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

• Account information: Until account deletion plus 7 years for legal compliance
• Transaction records: 7 years for financial and tax purposes
• Marketing data: Until you opt-out plus 2 years
• Analytics data: Anonymized after 2 years
• Wallet Credentials:
  • Temporary encrypted storage: Maximum 30 days from creation
  • Deletion upon backup: Permanently deleted within 24 hours after backup confirmation
  • Automatic expiration: Auto-deleted after 30 days regardless of backup status
  • NO LONG-TERM STORAGE - We do not maintain any backup copies or recovery mechanisms

We use cookies and similar tracking technologies to enhance your experience on our Services:

• Essential Cookies: Necessary for basic functionality
• Performance Cookies: Help us analyze usage and improve performance
• Functional Cookies: Enable enhanced features and personalization
• Marketing Cookies: Used for advertising and marketing purposes

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Services.

10.1 Age Requirements

Our Services are not intended for children under the age of 14. We do not knowingly collect personal information from children under 14 without proper parental or legal guardian consent.

10.2 Parental Consent (Ages 14-18)

In accordance with Korean law, users between the ages of 14 and 18 must obtain consent from their parent or legal guardian before:

• Creating an account on our Services
• Providing personal information to our Services
• Making purchases or financial transactions
• Engaging in blockchain transactions involving real value

10.3 Parental Rights

Parents or legal guardians of users under 18 have the right to:

• Access their child's personal information
• Request correction or deletion of such information
• Withdraw consent for data processing at any time
• Request account termination on behalf of their child

10.4 Reporting Violations

If you believe we have collected information from a child under 14 without proper consent, or if you are a parent/guardian wishing to exercise your rights, please contact us immediately at privacy@starglow.io.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.

Your continued use of our Services after the effective date of the updated policy constitutes acceptance of the changes.

In accordance with the Personal Information Protection Act of the Republic of Korea, we have designated the following Privacy Officer responsible for handling privacy-related matters:

• Name: Wayd
• Title: Team Leaader
• Email: wayd@starglow.io

The Privacy Officer is responsible for managing personal information protection and handling privacy-related complaints and inquiries.

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

• Email: contact@starglow.io
• Website: starglow.io
• Telegram: @starglow_official_chat