Effective Date: July 17, 2025

CoinPickle (hereinafter referred to as the “Company”) establishes and discloses this Privacy Policy in accordance with the Personal Information Protection Act and other relevant laws to protect users’ personal information safely and to process it lawfully.

1. Purpose of Collection and Use of Personal Information

The Company processes collected personal information for the following purposes: • Membership Management: Identity verification, user identification, and prevention of fraudulent use in connection with membership services • Provision of Community Services: Operation of community functions such as posts, comments, likes, etc. • Service Improvement and Usage Analysis: Enhancement of user experience, content quality, traffic analysis, feature improvements, and website/app usage behavior analysis for both members and non-members • Security and Detection of Abnormal Activities: Prevention and response to security incidents such as unauthorized logins or hacking • Personalized Content Recommendations: Providing customized UI/UX based on user behavior patterns (not for advertising purposes) • Data Backup and System Stability: For the purpose of recovery and response in the event of system failure • Legal Dispute Response: Fact verification and evidence collection in the event of complaints or disputes • Marketing and Promotional Communications: Sending marketing messages such as emails, SMS, KakaoTalk alerts, or app push notifications related to events, new services, and benefits • Membership Tier Assessment and Experience Point Management: To assess membership tiers by analyzing service usage history and activity records, and to apply operational policies such as providing tier-specific benefits and imposing restrictions on GEM point usage.

2. Items of Personal Information Collected and Methods of Collection

① Items Collected Upon Membership Registration • Email, password, name (or nickname), contact number • (Optional) If the user consents to marketing: email, mobile phone number, app push token, etc. ② Items Automatically Collected During Service Use • IP address, date and time of access • Service Usage Records: Includes activity records such as visited pages, clicks, scroll positions, time spent, GEM point accrual and usage history, USDT conversion history, virtual trading transaction history, profit rates and rankings, experience point grant and deduction records, and membership tier change history. • Browser information, operating system (OS), and device information • User identifiers such as cookies or UUIDs ③ For Non-Members Even without registration, the Company may collect the following via cookies or UUIDs: device identifiers, IP address, date and time of access, browsing history, click and scroll behavior, and GEM-related access records. ④ Collection Methods • Information entered by users during registration • Automatically collected during website or app use via cookies, log analysis tools, client-side scripts, etc. * The Company verifies user age through date of birth entered during registration. If false information is provided, the responsibility lies solely with the user.

3. Retention and Use Period of Personal Information

The Company promptly destroys personal information once the purpose of collection and use has been fulfilled. However, information may be retained for a specified period in the following cases: (You may provide a table of categories and retention periods here if needed.)

4. Provision of Personal Information to Third Parties

The Company does not provide users’ personal information to external parties. However, exceptions may apply when required by law or with the user’s explicit consent.

5. Outsourcing of Personal Information Processing

The Company does not currently outsource the processing of personal information. If such outsourcing occurs in the future, the Company will notify users by updating this policy with details regarding the contractor, purpose of processing, and protection measures.

6. Procedures and Methods for Destruction of Personal Information

• Destruction Procedures: Collected personal information is transferred to a separate database after the purpose of use is achieved and is retained for a certain period in accordance with internal policies and relevant laws, then permanently deleted. • Destruction Methods: Electronic files are deleted in a manner that prevents recovery, and printed documents are shredded or incinerated.

7. Rights of Users and Legal Guardians, and How to Exercise Them

• Users may request to view, correct, delete, or suspend the processing of their personal information. • Such requests may be made via the customer center, email, or inquiry functions within the Service. • The Company does not operate real-name verification through identity verification services (such as mobile carriers or i-PIN) but checks age based on the birthdate entered during registration. • In accordance with Article 22-2 of the Personal Information Protection Act, the Company does not collect personal information from children under the age of 14 without the consent of a legal guardian. This Service is intended only for users aged 14 or older. • In the case of children under 14, their legal guardians may exercise relevant rights on their behalf. • The Company shall not be held liable for any issues arising from a user’s intentional or negligent submission of false information.

8. Use of Automatic Personal Information Collection Tools and Opt-Out Options

The Company operates automatic collection tools such as cookies and UUIDs through its website and app. • Information Collected: Unique identifiers (UUID or cookies), IP address, access time, visited pages, clicks, scroll activity, time spent on pages, etc. • Purpose of Collection: Traffic analysis, UX improvement, personalized feature delivery, and service security and stability • Opt-Out Method: Users may refuse or delete cookies through browser settings. (For example, in Chrome: Settings > Privacy and Security > Cookies and other site data) ※ Please note that refusal to accept cookies may result in limitations when using certain services.

8-1. How to Consent to or Withdraw from Marketing Communications

The Company may send marketing messages via email, SMS, KakaoTalk notifications, and app push notifications only when the user has given prior consent. Users may withdraw their consent at any time through My Page, the customer center, or by using the unsubscribe link included in every message. Once consent is withdrawn, the Company will immediately stop sending marketing messages. All marketing messages include instructions on how to unsubscribe or opt out.

9. Personal Information Protection Officer and Contact Information

To protect users’ personal information and handle related inquiries or complaints, the Company has designated the following department and individual as responsible: • Personal Information Protection Officer: Jungkook Kwon • Department in Charge: Service Team • Phone Number: +82-70-8667-1250 • Email: support@bluegem.me If you have concerns regarding the handling of personal information, you may also contact the following public agencies: • Personal Information Infringement Report Center: https://privacy.kisa.or.kr / 118 • Personal Information Dispute Mediation Committee: https://www.kopico.go.kr • Supreme Prosecutors’ Office Cyber Crime Investigation Unit: https://www.spo.go.kr / 1301 • Cyber Bureau, National Police Agency: https://cyberbureau.police.go.kr / 182

10. Amendment and Notification of the Privacy Policy

This Privacy Policy may be amended to reflect changes in relevant laws or service updates. In such cases, the revised policy will be announced through a notice within the Service at least 7 days prior to the effective date. However, if the changes significantly affect users’ rights, the Company will provide notice at least 30 days in advance. • Notice Date: July 10, 2025 • Effective Date: July 17, 2025