1. Introduction

Welcome to Hopae Inc. ("Hopae”, “we," "our," or "us"). We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection regulations.

This policy is designed to help you understand what information we collect, why we collect it, and how you can exercise your rights regarding your personal data.

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

2. Data Controller

Hopae is the Data Controller and responsible for your personal data.

3. Personal Data We Collect

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:

• Identity Data: First name, last name

• Contact Data: Email address

• Professional Data: Company name, job role/title

• Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website

• Usage Data: Information about how you use our website

• Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences

4. How We Collect Your Personal Data

Data You Provide to Us

We collect personal data from you when you voluntarily provide such information, such as when you register for access to the services (for example, your name and mailing address), use certain services, contact us with inquiries, or respond to one of our surveys.

Data Collected by Automatic Means

When you interact with Hopae through the Site or Services, we receive and store certain information automatically, including via web server logs and cookies. We use several types of cookies:

• Strictly Necessary Cookies – These are essential to enable core site functionality, such as security, network management, and accessibility. You may disable these cookies by changing your browser settings, but doing so may affect how the Site functions.

• Analytics and Performance Cookies – These cookies help us analyze how you use our Site, enabling us to monitor and improve performance and user experience.

• Marketing Cookies – These cookies track user interactions and may be used to deliver relevant marketing or advertising content.

• Third-Party Cookies – These cookies are placed by third-party services that appear on our website, such as embedded videos or social media content.

Please refer to our Cookie Policy for more information on the cookies we use, including their lifespans and specific purposes.

5. How We Use Your Personal Data

We may use your personal data for the following purposes:

Website Performance & Analytics

To monitor and analyze trends, usage, and activities in connection with our Website. This includes information collected via analytics and performance cookies. We process your personal data on the basis of your consent. You can manage your cookie preferences at any time by adjusting your browser settings or contacting us directly.

For Marketing Purposes

To provide you with information about our services, special offers, or other marketing communications, when you have given your consent. This includes data we collect using marketing cookies. You can opt out of marketing at any time by clicking the “unsubscribe” link in our marketing emails or by contacting us directly.

For Communication Purposes

To communicate with you about product demos, sales inquiries, and other relevant commercial information at your request. We may also use your personal data to respond to your questions, comments, or requests through our Website’s contact forms. We process your data based on our legitimate interest in providing timely and relevant responses to your communications and inquiries.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected.

For marketing communications, we will retain your personal data until you opt-out or unsubscribe from receiving such communications. Once you have withdrawn your consent or opted out, we will promptly cease using your data for marketing purposes.

Once data is no longer required, we will securely delete or anonymize it.

7. Data Sharing and Third Parties

We may share your personal data with the following third parties:

• We use a third-party service provider to manage our marketing CRM, which processes your data on our behalf.

• We use Amazon Web Services (AWS) as our cloud infrastructure provider, which acts as a data processor for storing and processing your personal data.

Where we share your personal data with third party service providers, we ensure they have robust data protection measures in place and that any sub-processing relationship complies with the GDPR.

If we are required to transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses or adequacy decisions. These contractual tools ensure that your personal data receives an adequate level of protection when transferred internationally.

We will never sell or rent personal data to third parties.

8. Your Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

1. Right to Access (Article 15) – Request information on whether and how Hopae processes your personal data, and obtain a copy if we do.

2. Right to Rectification (Article 16) – Correct inaccuracies in your data.

3. Right to Erasure (Article 17) – Request deletion of your data, subject to legal or contractual limitations.

4. Right to Restrict Processing (Article 18) – Ask us to limit certain processing under specific circumstances.

5. Right to Data Portability (Article 20) – Obtain your personal data in a structured, commonly used format and transfer it to a third party, if technically feasible.

6. Right to Object (Article 21) – Object to processing based on legitimate interests.

9. How to Exercise Your Rights

To exercise any of your rights or to ask questions about how we process your personal data, please contact us using the details provided in the Contact Information section. We aim to respond to all legitimate requests within one month, in accordance with GDPR requirements.

10. Security Measures

Hopae employs robust security controls to protect your personal data:

• Encryption of data in transit (TLS/SSL) and at rest (where applicable)

• Access controls to ensure only authorized personnel have access to personal data

• Network security including firewalls and regular vulnerability assessments

• Security policies and training for staff to handle personal data responsibly

• Incident response plan to identify and address data breaches promptly

Despite our best efforts, no security measure is entirely infallible. However, we regularly review and update our protections to minimize risks.

11. U.S. State Privacy Rights (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, etc.)

Certain U.S. states, including California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA), have enacted privacy laws that provide residents with specific data rights. If you reside in a state with such laws, you may have the following rights:

• Right to Know (Access to Information): You can request information about the personal data we have collected about you, including categories of data, purposes of collection, third parties with whom we’ve shared it, and specific pieces of data (where applicable).

• Right to Correct: Some states grant you the right to request correction of inaccurate personal data.

• Right to Delete: You can request the deletion of personal data we have collected from you, subject to legal and operational limitations.

• Right to Opt-Out of Targeted Advertising & Data Sharing: Certain states provide you with the right to opt out of targeted advertising, profiling, and data sharing with third parties for commercial purposes. Hopae does not sell personal data; however, if applicable state laws allow you to opt out of certain data processing, you may do so.

• Right to Data Portability: Some state laws allow you to request a copy of your personal data in a commonly used format.

• Right to Non-Discrimination: We will not discriminate against you for exercising your rights under applicable state laws.

To exercise your rights, please contact us using the details provided in Section 12 (Contact Information). We will verify your identity before processing your request, as required by law.

If you are a California resident, additional details regarding your CCPA/CPRA-specific rights remain applicable as outlined above.

12. Contact Information

For inquiries, questions, or requests concerning this Privacy Policy, you may reach us at:

• Hopae Inc.

• Address: 166 Geary St. 15th Floor, San Francisco, CA 94108, United States

• Data Protection Officer (DPO): Eric Kim

• Email: dpo@hopae.com

• Phone: +82-70-8098-4532

You also have the right to lodge a complaint with your local supervisory authority if you believe we have not addressed your data protection concerns appropriately.

13. Changes to This Privacy Policy

We may update this policy to reflect changes in our business, services, or legal obligations. Any significant modifications will be posted with a revised Last Updated date. We encourage you to review this policy periodically to remain informed about our data practices.