Krowork Privacy Policy

Last Updated: April 30, 2026
Effective Date: April 30, 2026

Welcome to Krowork!

Krowork (referred to as "we" or "Krowork") is provided by Krowork Tech Pte. Ltd. and its affiliates (hereinafter collectively referred to as "we" or "Krowork"). We deeply understand the importance of personal information to you. To this end, we continuously provide adequate and secure protection for your personal information in accordance with the latest laws and regulations and by referencing industry best practices.

We will collect, use, store, transfer, and protect users' personal information in accordance with the relevant provisions of this Privacy Policy. Through this Privacy Policy, we hope to introduce to you how we process personal information. Therefore, we recommend that you carefully read and understand the entire content of this Privacy Policy, especially the terms marked in bold/underline/italic font, which require your focused attention.

If you do not agree with this Privacy Policy, we cannot provide you with the complete services, and you should immediately stop using the Platform and related services. When you choose to use the Platform and related services, it will be deemed that you accept and acknowledge that we will process your relevant information in accordance with this Privacy Policy.

---

This Privacy Policy will help you understand the following:

• 1. Application Instructions
• 2. How We Collect and Use Your Personal Information
• 3. How We Use Cookies and Similar Technologies
• 4. Cooperation Partners Involved in Data Use and the Transfer and Public Disclosure of Your Personal Information
• 5. How We Protect and Store Your Personal Information
• 6. Your Rights and How to Exercise Them
• 7. Protection of Minors
• 8. How This Privacy Policy Is Updated
• 9. How to Contact Us

---

1. Application Instructions

1. Your Personal Information

The personal information you actively provide when registering, logging into, and using (hereinafter collectively referred to as "using") Krowork and its related products, services, and solutions (hereinafter collectively referred to as the "Services"), as well as the personal information we collect through automated means during your use of the Platform and related products and services, constitutes the "personal information" under this Privacy Policy.

Please pay special attention that if information cannot identify your personal identity, either alone or in combination with other information, and is unrelated to you, it does not constitute your personal information in the legal sense. When your information can identify your personal identity, either alone or in combination with other information, or when we combine data that cannot be associated with any specific personal information with other personal information of yours, during the combined use period, such information will be treated and protected as your personal information in accordance with this Privacy Policy. It should be clarified that personal information does not include information that has undergone anonymization processing.

2. Scope of Application

(1) This Privacy Policy applies to the Services and solutions provided by the Platform, as well as other services or solutions that the Platform may subsequently introduce within the scope of its service offerings.

(2) This Privacy Policy does not apply to products or services provided to you through the Platform by third parties that have separate privacy policies and are not incorporated into this Privacy Policy ("Third-Party Services"). Your use of these Third-Party Services (including any information, including personal information, that you provide to these third parties) will be governed by the terms of service and privacy policies of those third parties (rather than this Privacy Policy). You may submit relevant requests, complaints, and reports through the mechanisms established by those third parties for personal information subject requests and complaints. Please carefully read the third parties' terms. Please properly protect your personal information and only provide it to third parties when necessary.

3. Note

Krowork runs on your computer. Your data on the terminal remains on your computer. Without your consent, we will not store the data on your computer (including files) on our servers.

---

2. How We Collect and Use Your Personal Information

During your use of Krowork, we will collect your personal information based on the principles of lawfulness, fairness, and necessity. The information we collect or that you provide will be used for:

1. Platform Account Registration and Login

(1) To use the Platform Services, you need to log in with a registered Platform account. When you register an account on the Platform, you can create an account using your mobile phone number, setting a username, and a password. We will verify the validity of your identity by sending an SMS verification code. Collecting this information is to help you complete the registration and login process.

(2) If you use an account from another platform (hereinafter referred to as a "Third-Party Account") to log in to the Krowork Platform, or link/bind a Third-Party Account with your Krowork account, you authorize Krowork to obtain relevant registration information from your Third-Party Account, such as Alipay or WeChat account information (including but not limited to account ID, name, profile picture, bound mobile phone number, etc.). If you log in through a Third-Party Account or use Krowork Services by means like account linking, you agree to synchronize and authorize your existing Third-Party Account information to Krowork, so that you can quickly log in to and use the relevant Platform Services.

2. Certification, Purchase, and Activation of Platform Services

(1) Before you purchase or activate any service provided by the Platform, we will authenticate you and verify your user identity, which may involve collecting relevant sensitive personal information. The Platform will use the above information to verify your user identity, and to provide you with payment and promotional services, send business notifications, sign contracts, issue invoices, or conduct business communications with you. If the information you provide contains the personal information of third parties, you promise and guarantee that you have obtained the authorization and permission of the relevant rights holders before providing such information to us.

3. Information Collected During Your Use of Products or Services

3.1 AI Content Generation Service

The Artificial Intelligence ("AI") content generation service relies on the content you input, including text information, audio information, image information, video information, preset instructions, and folder information when you converse with Krowork. We will encrypt and upload this information to the server and generate and return content to you based on generative AI technology. To facilitate your ability to view and manage the information at any time, we will record your AI interaction history with Krowork and the topics formed based on such information, and display them to you on the client side.

3.2 Agent Service

We utilize AI technology, based on text commands, code snippets, target files, local folder paths, and system operation authorizations you input, to assign tasks to the Krowork Agent. The Agent will complete the tasks for you and deliver the results through output content, such as desktop applications. We will analyze the above information to better complete your tasks.

3.3 Network and Service Security

To ensure the normal operation and operational security of the website and services, protect you or other users or the public's legal rights from loss, prevent network attacks and intrusion risks, and more accurately identify violations of laws, regulations, or Krowork-related agreements and service rules, we will collect necessary information to maintain the safe and stable operation of our products or services. Please understand that this information is essential for us to provide services and ensure the normal operation and network security of our services.

To provide you with a better experience and ensure your usage security, we may record network log information, as well as the frequency of use of the Platform and related services, crash data, usage status, and related performance data information.

3.4 Customer Support or Assistance

When you encounter problems during your use of the product, you can request support or assistance from our operations and customer service teams. To ensure the security of your personal information, we may ask you to provide necessary personal information to verify your user identity. To facilitate contacting you, helping you resolve issues as quickly as possible, or recording the resolution plan and results of relevant issues, we may save our communication/call records and other related content with you, such as other information you provide to prove related facts.

3.5 Functions Provided to You Based on System Permissions

During your use of the Services, to facilitate your user experience, we may request access to system permissions to collect and use your personal information. Even if you grant authorization for these system permissions, Krowork will not collect your information when the relevant functions or services are not running. You can choose not to grant these permissions, which will not affect your use of the basic functions of Krowork, but you may be unable to enjoy the additional user experience brought by the supplementary features.

• When you use the AI Agent function, we will request your authorization to obtain file system access permissions, to read local files based on the directories you actively authorize, to provide context for the AI.
• We will request your authorization to obtain automatic update permissions. After you enable the automatic update permission, the application will check for and download updates in the background, and automatically install them when you exit, to fix issues and provide new features.

You can view the activation status of the above permissions item by item on the "Settings" page of your operating system and manage the activation or deactivation of these permissions. Please note that after you choose to disable a permission, we will no longer continue to collect and use relevant personal information based on that corresponding permission, but it will not affect the collection and use of information that was already conducted based on your prior authorization.

4. Product and Service Optimization

Under the premise of secure encryption processing and strict de-identification, we will use the collected information for purposes such as statistical analysis, model optimization, etc., to improve and enhance our services, and provide product or technical service support for user marketing decisions.

Please understand that as our business develops, we may adjust the products or services we provide. If the purposes, methods, or scope of processing personal information under the adjusted or changed products or services change, we will notify you again and seek your consent in accordance with the requirements of relevant laws and regulations.

If we use information for other purposes not specified in this Policy, or use information collected for a specific purpose for other purposes, we will seek your consent in advance.

5. Exceptions

Please understand that in the following circumstances, according to laws, regulations, and relevant national standards, we do not need to obtain your prior authorized consent to collect and use your personal information:

(1) Where it is related to our performance of obligations stipulated by laws and regulations;

(2) Where it is directly related to national security or national defense security;

(3) Where it is directly related to public safety, public health, or significant public interests;

(4) Where it is directly related to criminal investigation, prosecution, trial, and execution of judgments;

(5) Where it is necessary to safeguard your or others' major legitimate rights and interests, such as life and property, but it is difficult to obtain your authorized consent;

(6) Personal information that you voluntarily disclose to the public;

(7) Where it is necessary for signing and performing a contract at the request of the personal information subject;

(8) Where personal information is collected from legally and publicly disclosed information, such as legal news reports, government information disclosure, and other channels;

(9) Where it is necessary for maintaining the safe and stable operation of the software and related services, for example, discovering and handling faults of the software and related services;

(10) Where it is necessary for carrying out lawful news reporting;

(11) Where it is necessary for academic research institutions to conduct statistics or academic research for the public interest, and when providing the results of academic research or descriptions, the personal information contained in the results is de-identified or anonymized;

(12) Other circumstances stipulated by laws and regulations.

---

3. Use of Cookies and Similar Technologies

Cookies and similar technologies are common and widely used technologies on the internet. When you use the Platform, we may use relevant technologies to send one or more Cookies or anonymous identifiers to your device to help us improve service efficiency, enhance login and response speed.

You can reject or manage Cookies through your browser settings. However, please be aware that if you disable Cookies, you may not be able to enjoy the optimal service experience, and the availability of certain features may be affected. We promise that we will not use the personal information collected through Cookies or similar technologies for any purpose other than those described in this Privacy Policy.

---

4. How We Share, Transfer, and Publicly Disclose Your Personal Information

1. Cooperation Partners Involved in Data Use

Our cooperation with partners will follow the principles of lawfulness, fairness, minimum necessity, and security prudence. Principle of lawfulness: data use activities involved in cooperation must have a lawful purpose and comply with the statutory legal basis. If the partner's use of information no longer conforms to the principle of lawfulness, they shall cease using your personal information or do so only after obtaining the corresponding legal basis. Principle of fairness and minimum necessity: data use must have a fair purpose and be limited to the minimum necessary to achieve that purpose. Principle of security prudence: We will prudently assess the purposes for which the partners use the data, conduct comprehensive evaluations of the security capabilities of these partners, and require them to comply with cooperation legal agreements. We will conduct strict security monitoring of the software development kits (SDK) and application programming interfaces (API) used by partners to obtain information, in order to protect data security.

(1) Entrusted Processing

For scenarios where the processing of user personal information is entrusted, we will sign relevant processing agreements with the entrusted partners in accordance with legal provisions and supervise their activities involving the use of user personal information.

(2) Joint Processing

When we engage in in-depth cooperation with partners to jointly provide you with complete products and services, we may jointly process your user personal information. In such scenarios, we will sign relevant agreements with the partners in accordance with legal provisions and agree on respective rights and obligations to ensure compliance with relevant legal provisions and the protection of data security during the use of relevant user personal information.

(3) Circumstances of Entrusted or Joint Processing

If specific functions or scenarios involve services provided by our affiliates or third parties, the scope of partners includes our affiliates and third parties.

2. Cooperation Scenarios

2.1 Realizing Functions and Services

When you use functions provided by our partners within Krowork, or when software service providers, smart device providers, system service providers provide services jointly with us, we may use the information necessary to achieve the business purpose with them.

2.2 Realizing Security and Statistical Analysis

(1) Ensuring Usage Security: We attach great importance to the security of products, services, and accounts. To protect the account and property security of you and other users, and to prevent our legitimate rights and interests from unlawful infringement, our partners may use necessary device, account, and log information.

(2) Analyzing Product Status: To analyze the stability of products and services, partners providing analysis services may need to use service status (crash, force close records), device identification information, overall application installation and usage status, and other information.

(3) Academic and Scientific Research: To enhance research capabilities in related fields and promote technological development, we may, under the premise of ensuring data security and legitimate purpose, use de-identified or anonymized data with partner scientific research institutes, universities, and other institutions.

3. Transfer of User Personal Information

We will not transfer your personal information to any company, organization, or individual, except in the following circumstances:

(1) Transfer with Explicit Consent: After obtaining your explicit consent, we will transfer your personal information to other parties;

(2) In the event of a merger, restructuring, acquisition, or bankruptcy liquidation of Krowork, or other circumstances involving merger, acquisition, or bankruptcy liquidation, if the transfer of personal information is involved, we will require the company or organization acquiring your personal information to continue to be bound by this Privacy Policy. Otherwise, we will require that company, organization, and individual to seek your authorization and consent again.

4. Public Disclosure of User Personal Information

We will not publicly disclose your information unless in accordance with national laws and regulations or with your consent. When we publicly disclose your personal information, we will adopt security protection measures that meet industry standards. For example, to protect the personal and property safety of Krowork users or the public from infringement, we may disclose information about your personal information in accordance with applicable laws or Krowork-related agreements and rules.

---

5. How We Protect and Store Your Personal Information

1. Protection Technologies and Measures for Personal Information

We attach great importance to the security of your information. We strive to take various reasonable physical, electronic, and managerial security measures to protect your personal information from unauthorized access, public disclosure, use, modification, damage, or loss. For example, we use encryption technology to enhance the security of personal information; we use trusted protection mechanisms to prevent personal information from malicious attacks; we deploy access control mechanisms to ensure that only authorized personnel can access personal information.

We will establish a dedicated information security department, information security management systems, and processes to ensure the security of your information. We adopt strict data usage and access policies to ensure that only authorized personnel can access your information, and conduct security audits on data and technology in due course according to the company's internal management regulations.

We will establish emergency plans. In the event of a security incident such as a personal information leak, we will promptly inform you in accordance with legal and regulatory requirements: the basic situation and potential impact of the security incident, the measures we have taken or will take, suggestions you can adopt to prevent and mitigate risks, remedial measures for you, etc. We will promptly notify you of the incident situation by email, letter, phone call, push notification, etc. If it is difficult to notify each personal information subject individually, we will publish a public announcement in a reasonable and effective manner. At the same time, we will actively report the handling of personal information security incidents to the regulatory authorities in accordance with their requirements.

2. Storage of Personal Information

(1) Storage Location

In accordance with laws and regulations, we will store the user personal information collected and generated during the operation of this website and related services within the territory of Singapore.

(2) Storage Period

Generally, we will retain your personal information only for the minimum period necessary to achieve the purposes stated in this Privacy Policy, unless there is a mandatory retention requirement by law. The criteria for determining the aforementioned period include:

1. Completing the transaction purpose related to you, maintaining corresponding transaction and business records, and responding to your possible inquiries or complaints;

2. Ensuring the security and quality of the services we provide to you;

3. Whether you agree to a longer retention period;

4. Whether there are other special requirements or agreements regarding the retention period.

After your personal information exceeds the retention period, we will delete it or make it anonymized according to applicable legal requirements.

If we terminate the service or operations, we will notify you at least thirty days in advance, and after terminating the service or operations, we will delete or anonymize your personal information, and immediately cease collecting your personal information after the termination of services or operations.

---

6. Your Rights and How to Exercise Them

We highly value the management of user personal information and legally protect your rights to access, copy, correct, supplement, delete, withdraw authorized consent, cancel your account, file complaints and reports, etc., so that you have the ability to safeguard your privacy and information security.

1. Your Rights in the Processing of User Personal Information

After completing account registration, login, and necessary identity verification, you have the right to contact us at support@krowork.com to access, change, copy, supplement, and delete your personal information (such as mobile phone number, email address, etc.).

Under normal circumstances, you can access, change, copy, supplement, and delete your personal information. For security and identity verification considerations, you may not be able to independently correct certain initial registration information submitted at the time of registration (such as corporate certification information); if you genuinely need to correct such information, please contact us at support@krowork.com. We will review the issue as soon as possible and respond promptly after a dedicated person verifies your user identity.

In the following circumstances, you can request us to delete your personal information:

(1) If our processing of personal information violates laws and regulations;

(2) If we collected or used your personal information without obtaining your consent;

(3) If our processing of personal information violates the agreement with you;

(4) If you no longer use our products or services, or if you have canceled your account;

(5) If we no longer provide you with products or services.

If we decide to respond to your deletion request, we will also simultaneously notify the entities that obtained your personal information from us, requiring them to promptly delete it, unless otherwise stipulated by laws and regulations, or these entities have obtained your independent authorization.

2. Managing and Withdrawing Your Authorization and Consent

You can contact us at support@krowork.com to withdraw your authorization and consent. After withdrawing authorization, we will no longer collect information related to those permissions. Please understand that each business function requires some basic personal information to be completed. When you withdraw your consent or authorization, we can no longer provide you with the services corresponding to the withdrawn consent or authorization, and we will no longer process your corresponding personal information. However, your decision to withdraw consent or authorization will not affect the personal information processing previously carried out based on your authorization.

3. Canceling Your Account

You can apply to cancel your account by calling our customer service hotline or contacting our staff. We will process this promptly upon receiving your application. Before canceling your account, we will verify your personal identity, security status, etc. You understand and agree that account cancellation is an irreversible action. After you cancel your account, we will delete the relevant information about you or perform anonymization processing. For personal information that must be retained due to legal and regulatory requirements, we promise not to use such information in daily business activities.

4. Right to Be Informed of Service Termination

If the Platform terminates services or operations, we will promptly stop collecting your personal information, notify you of the termination at least thirty 30 days in advance through individual notices or public announcements, and delete or anonymize the held personal information after the termination of services or operations.

5. Complaints and Reports

You can file complaints or reports according to our published procedures. If you believe your information rights may have been infringed, or if you discover leads regarding infringement of your information rights, you can contact us by submitting relevant information and proof of rights to support@krowork.com. We will promptly provide feedback on your complaint or report after verification.

---

7. Protection of Minors

Krowork is primarily intended for adults (over 18 years of age), enterprises, and relevant organizations.

If you are a minor under the age of 14, you should not create any accounts or use the Platform and its services. If we discover that we have collected your personal information without obtaining verifiable parental consent in advance, we will endeavor to delete the relevant personal information as soon as possible.

---

8. How This Policy Is Updated

To provide you with better services, the Platform and related services will be updated and changed from time to time. We will revise this Privacy Policy as appropriate. Such revisions constitute a part of this Privacy Policy and have the same effect as this Privacy Policy. However, without your explicit consent, we will not diminish the rights you are entitled to under the currently effective Privacy Policy.

After this Privacy Policy is updated, we will publish the updated version on the Platform, or remind you of the updated content through announcements or other appropriate means before the updated terms take effect, so that you can be aware of the latest version of this Privacy Policy in a timely manner. If you continue to use the Platform and related services, it will be deemed that you agree to accept all contents of the revised Privacy Policy.

For significant changes, we will also provide more prominent notices (including but not limited to email, SMS, system messages, or special prompts on browsing pages, etc.) to explain the specific changes to this Privacy Policy. Significant changes referred to in this Privacy Policy include but are not limited to:

(1) Significant changes in our service model. Such as changes in the purposes of processing user personal information, types of user personal information processed, methods of using user personal information, etc.;

(2) Significant changes in our ownership structure, organizational structure, etc. Such as changes caused by business adjustments, bankruptcy and mergers, etc.;

(3) Changes in the main recipients to whom user personal information is transferred, transferred, or publicly disclosed;

(4) Significant changes in your rights regarding participation in personal information processing and the methods for exercising such rights;

(5) Changes in our contact methods and complaint channels.

---

9. How to Contact Us

If you have any questions, opinions, or suggestions regarding the content of this Privacy Policy, you can contact us by sending an email to: support@krowork.com.

We will review the involved issues as soon as possible and respond promptly after verifying your identity. Under normal circumstances, we will respond to your request within fifteen (15) working days (the "Response Period"). However, you understand and agree that, depending on the complexity of your request, the aforementioned Response Period may be extended to thirty (30) days, but we will notify you in writing of the reason for the delay before the expiration of the Response Period.

---

10. Country / Region Specific Terms

In the event of a conflict between the provisions of Country / Region Specific Terms that are relevant to your jurisdiction from which you access or use the Services, and the rest of this Policy, the relevant jurisdiction's Country / Region Specific Terms will supersede and prevail to the extent of such conflict.

California (United States)

If you are a California resident, the following additional privacy disclosures under the California Consumer Privacy Act of 2018 ("CCPA") and other California laws may be applicable to you and allow you to exercise your rights regarding your personal data.

1. Introduction

If the CCPA is applicable, you have the right to know and understand how we collect, use, disclose, and share your Data, to access your Data, to request that we delete specific Data, to exercise your rights to opt-out, and also not be discriminated against when exercising your privacy rights granted under the CCPA.

2. Your Rights and Choices

Right to Know and Data Portability

The CCPA provides California residents specific rights to know about our collection and use of their personal data over the past twelve (12) months (the "right to know"). Once we receive your request and confirm your identity, we will disclose to you:

• The categories of personal data we collected about you.
• The categories of sources for the personal data we collected about you.
• Our business or commercial purpose for collecting or selling (if applicable) that personal data.
• The categories of third parties with whom we share that personal data.
• If we sold or disclosed (if applicable) your personal data for a business purpose, we will provide two separate lists that:
  • identify the personal data categories that each category of recipient purchased in connection with sales of your personal data; and
  • identify the personal data categories that each category of recipient obtained in connection with disclosures of your personal data for a business purpose.
• The specific pieces of personal data we collected about you (also called a data portability request).

Right to Delete

The CCPA provides California residents specific rights to delete their personal data that we collected from them and retained, subject to certain exceptions (the "right to delete"). We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

• Provide the Services or any service that you requested from us, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug the Services to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of such information may likely render impossible or seriously impair progress of the research, if you had provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation.

Once we receive your request and confirm your identity, we will delete or deidentify personal data and direct our service providers to take similar action, unless subject to one of these exceptions above.

How to Exercise the Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request by using the contact information provided in "Contact Information" of this Policy.

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal data.

You may only submit a request to know twice within a 12-month period. Your request to know or delete must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative, which may include: your identification information, a signed permission authorizing the representative to submit the request on your behalf, and any other information permitted or recommended by the CCPA and applicable regulations.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you.

We will only use personal data provided in the request to verify the requestor's identity or authority to make the request.

Response Timing and Format regarding Requests to Know or Delete

We will confirm receipt of your request within fifteen (15) business days of receiving it and provide information on how we will likely handle the request. If you do not receive confirmation within the fifteen (15) business days timeframe, please contact us via the contact details displayed in the "Contact Information" section.

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. We may deliver our written response by email.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal data that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded, or as otherwise permitted by the CCPA. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Data Sales Opt-Out Rights

Under the CCPA, consumers have the right to direct us to not sell their personal data at any time (the "right to opt-out"). We do not sell your personal data of consumers unless we obtain consent for the sale. Consumers who opt-in to personal data sales may opt-out of future sales at any time.

To exercise your right to opt-out provided under CCPA, you (or your authorized representative) may submit a request to us by using the contact information provided in "Contact Information" of this Policy.

We will only use personal data provided in an opt-out request to review and comply with the request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

Other California Privacy Rights

• Shine the Light Law Disclosure.

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of the Services that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email by using the contact information provided in "Contact Information" of this Policy.

• "Do Not Track" Disclosure.

We do not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser "Do Not Track" settings and/or signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal identifiable information about an individual consumer's online activities over time and across third-party websites or online services.

When you use the Services, certain third parties may use automatic information collection technologies to collect information about you or your device. The information they collect may be associated with your personal data or they may collect information, including personal data, about your online activities over time and across different websites and other online services websites. We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

• Eraser Law Disclosure for Minor Users. If you are a user under the age of 18, California Business and Professions Code Section 22581 allows you to request and obtain removal of content or information you have publicly posted. You can send a request to remove any content or information you posted on the Services by using the contact information provided in "Contact Information" of this Policy. Please notice that the removal does not ensure complete or comprehensive removal of your posted content or information in certain circumstances, for example, the content has been shared by you or other users to any third-party platforms.

Brazil

If you are using our Services in Brazil, the following additional terms apply:

Exercise of data protection rights. Brazilian law provides certain rights to individuals with regard to their personal data. Thus, we seek to ensure transparency and access controls in order to allow users to benefit from the mentioned rights.

We will respond and/or fulfill your requests for the exercise of your rights below, according to the applicable law and when applicable, to the Brazilian General Data Protection Law - LGPD:

a. confirmation of whether your data are being processed; b. access to your data; c. correction of incomplete, inaccurate or outdated data; d. anonymization, blocking or erasure of data; e. portability of personal data to a third party; f. object to the processing of personal data; g. information of public and private entities with which we shared data; h. information about the possibility to refuse providing personal data and the respective consequences, when applicable; i. withdrawal of your consent.

Verifying your identity. To protect your data and ensure its security, we may request information and/or documentation to verify your identity before responding to data requests. All submitted information will be used solely for verifying your identity, processing your request, and providing a response.

Limitations to your rights. We may be unable to fulfill certain data requests for legitimate reasons, such as protecting trade secrets, intellectual property, or complying with legal obligations. We will explain any limitations on your rights and the reasons why we cannot fulfill your request.

Limitations to your rights. In certain situations, we may have legitimate reasons not to comply with some of your requests. For instance, we may choose not to disclose certain information to you when a disclosure could adversely impact our business whenever there is a risk of violation to our trade secrets or intellectual property rights. In addition, we may refrain from complying with a request for erasure when the maintenance of your data is required for complying with legal or regulatory obligations or when such maintenance is required to protect our rights and interests in case a dispute arises. Whenever this is the case and we are unable to comply with a request you make, we will let you know the reasons why we cannot fulfill your request.

In case of doubt about your privacy, your rights or how to exercise them, please contact us at the contact details set out in the section "Contact Information". If you have any questions about the processing of your personal data, we would like to clarify them.

International Transfer of Data. We may transfer your personal data globally within our business group and to third-party service providers located in other countries. We use internationally recognized data transfer mechanisms compliant with applicable data protection laws and regulations.

Whenever we transfer your personal data to third parties located in other countries, we will ensure that these companies comply with applicable data protection laws and we will take all measures that are reasonably necessary to ensure the existence of adequate safeguards to protect your personal data and to ensure that are processed safely.

Parental and Guardian Consent. If required by Brazilian data protection laws, (i) if you are over the age of 16 but under the age of 18, you can only use and register for an account with the assistance of your parent or legal guardian and you declare and represent that you had such assistance to use the Services and to agree to the Policy; (ii) if you are over the age of 13 but under the age of 16, you can only use and register for an account with the representation of your parent or legal guardian, and you must obtain the consent from your parent or legal guardian to the use of the Services and acceptance of this Privacy Policy.

DPO. If you wish to contact the Data Protection Officer, please contact us at: support@krowork.com

Turkey

If you are using our Services in Turkey, the following additional terms apply:

Data Controller Representative. You may contact our data controller representative at support@krowork.com to handle questions and complaints in connection with the processing of your personal data if you are in Turkey.

Legal basis for the processing your personal data. We rely on the following legal basis while processing your personal data in accordance with Article 5 of the Law No. 6698 on Protection of Personal Data:

• processing is explicitly laid down or dictated by laws
• processing of your personal data is necessary provided that it is directly related to the conclusion or fulfillment of the contract between us
• processing is mandatory for us to be able to comply with our legal obligations
• the relevant data is made available to the public by yourself
• processing is mandatory for the establishment, exercise or protection of a right
• processing is mandatory for our legitimate interests, provided that it does not violate your fundamental rights and freedoms
• your explicit consent (Please note that we rely on this legal basis only when we require your consent for the processing and we do not rely on this legal basis if and when we rely on one of the other legal grounds above)

Your rights. According to Article 11 of the Data Protection Law, you have the following rights with respect to your personal data:

• the right to learn whether we process your personal data,
• the right to request information with regard to such processing, if we process your personal data,
• the right to learn the purposes of the processing and whether they are used for such purpose or not;
• the right to know the third parties within or outside the country, to whom we transfer your personal data,
• the right to request correction of incomplete or inaccurate personal data,
• the right to request deletion or destruction of your personal data under the conditions set forth in Article 7 of the Data Protection Law,
• the right to request that we notify the third parties, to whom we transferred your personal data, about the correction, deletion and/or destruction of your personal data per your request within the scope of the foregoing two items,
• the right to object to the negative results about you that are due to the analysis of your personal data processed solely by automated means,
• the right to claim indemnification for damages incurred due to illegal processing of your personal data.

You may exercise your rights listed above by contact us at: support@krowork.com

The requests found in your application will be resolved as soon as possible according to the nature of your request and within thirty days at the latest free of charge. However, if your request incurs additional cost to our company, then you may be charged over the tariff fee determined by the Turkish Personal Data Protection Board.

Vietnam

If you are using our Services in Vietnam, the following additional terms apply:

Age, Parental and Guardian Consent. To use our Services, you must be at least 16 years old or not under guardianship. If you are younger than 16 or under guardianship: you need your parent(s) or legal guardian(s) permission; and your parent(s) or legal guardian(s) are responsible for:

(i) your activities while using our Services; (ii) your compliance with this Policy; and (iii) ensuring your use of the Services doesn't violate any child protection laws.

If you do not have consent from your parent(s) or legal guardian(s) and your parent(s) or legal guardian(s) is not willing to create the account under their name, you must cease using the Services.

Philippines

This section details your data privacy rights under Philippine law, as recognized by the National Privacy Commission (NPC).

Your Rights. You have the right to access, correct, delete, or object to the processing of your personal data. You also have the right to data portability and to file complaints with the NPC. Identity verification may be required before fulfilling your data requests.

Mexico

If you use our services in Mexico, the following additional terms apply.

We process your data for necessary purposes as described in the main Policy, and for secondary purposes. We use both human and automated means to process your data.

We may share your personal data with a third party for purposes other than processing on our behalf. We will obtain your consent to such disclosure as required by applicable laws.

By providing us with your personal data and using our Platform, you agree to transfers that require your consent. You can always revoke your consent and exercise your rights as outlined below.

Your Right. You have the rights of access, rectification, cancellation, opposition, revocation of consent, limitation of use and disclosure of your data. You may exercise your rights by sending your request to support@krowork.com.

To learn about the applicable requirements and the procedure for exercising your rights, please contact us at the above email address. If you are under 18 years of age, you may exercise your rights through a parent or guardian. Requests for your rights will be resolved as soon as possible according to the nature of your request.

Singapore

Data Protection Officer. If you wish to access your Data, correct any Data in our possession, withdraw your consent for the collection, use, or disclosure of your Data, or if you have any queries or feedback on this Policy, please contact our Data Protection Officer in the following manner: support@krowork.com.

International transfer of Data.* If you live in Singapore or if we collect or store your Data in Singapore, before transferring any of your Data outside of Singapore, we will take appropriate steps to ensure that the recipient is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to that under the Personal Data Protection Act 2012 of Singapore.

Access and correction. If you wish to make (a) an access request for access to a copy your Data or information about the ways in which we use or disclose your Data, or (b) a correction request to correct or update any of your Data which we hold about you, you may submit your request to our Data Protection Officer at the contact details above. We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under applicable laws).

South Korea

If you are using our Services (the "Services") in South Korea, the following additional terms apply. In the event of any conflict between the provisions below and the general provisions above, the provisions below shall prevail.

1. Personal Information We Collect and Process

Access to the Services is restricted to individuals aged 14 and older in South Korea.

2. Retention and Processing Periods for Each Category of Personal Information

1. The Company retains your personal information until the termination of your account subscription and service agreement, and for any additional period required under applicable Korean laws and regulations, including but not limited to Paragraph 2 below.

2. In the following cases, the information shall be retained until the expiration of the statutory retention periods:

(i) Records related to contracts or withdrawal of offers: 5 years

(ii) Records related to payment and supply of goods: 5 years

(iii) Records related to consumer complaints or dispute resolution: 3 years

(iv) Records related to advertisements and labeling: 6 months

(v) Computer communications and internet log data, and access location tracking data: 3 months

(vi) Books and evidentiary documents related to all transactions prescribed under the tax laws: 5 years

3. Procedures and Methods for the Destruction of Personal Information

We shall promptly destroy personal information without delay when the retention period has expired or when the purpose of processing has been achieved, and the personal information is no longer necessary.

If you withdraw your membership or request the deletion of your personal information, the Company will, upon verification, promptly destroy the relevant personal information in a manner that makes it irrecoverable. However, this shall not apply to cases where retention is required for a certain period under applicable Korean laws and regulations.

4. Matters regarding Overseas Collection and Overseas Transfer of personal information

The Company collects and processes personal information in Singapore, Malaysia for the purpose of providing the services.

If the Company transfers personal information overseas, such overseas transfer will be made only on the grounds permitted under the Personal Information Protection Act of Korea and relevant subordinate legislation, including but not limited to Articles 28-8(1)(1) and 28-8(1)(3) the Personal Information Protection Act of Korea. Please note that if you refuse the overseas transfer, you will not be able to use the service.

If you do not want your personal information to be transferred overseas, you may request membership withdrawal by using the contact information provided in "Contact Information" of this Policy or by [My Space] - [Click on the head portrait] - [Account Deletion] in Krowork AI APP.

Japan

If you are using our Services in Japan, the following additional terms apply. In the event of any conflict between the provisions below and the general provisions above, the provisions below shall prevail.

1. The provision of Data to third parties in foreign countries

As described in the section "International Data Transfer", we may share your Data with our group entities in countries or regions located outside of the country where you reside. The countries or regions where the recipient entities are located are as follows: Singapore, Malaysia.

Information on the personal information protection system in each of the above countries and regions is available here. We will ensure, by way of appropriate contractual guarantees which are compliance with applicable laws and regulations, that all such entities with which we share your Data maintain appropriate security measures to protect your Data from unauthorized access or processing and to implement all measures to meet the eight principles of the OECD Privacy Guidelines.

2. Processing of Data in foreign countries

Your Data may be stored in or accessed from countries or regions outside Japan such as Singapore and Malaysia. In such cases, we will require companies involved in such storage or access to implement appropriate security management through entrustment agreements or similar arrangements and will take necessary measures to ensure proper protection of your Data. If you would like to know more details, please contact us using the contact information in the section "Contact Information".

3. Cookies and similar technologies

As described in our separate Cookie Policy, we use cookies and similar technologies for multiple purposes.

Detailed information regarding the types of cookies used, the information collected through such cookies, their purposes, and the relevant recipients are provided in the Cookie Policy and the Cookie Partner List.