Calmtown Co., Ltd. (hereinafter referred to as the "Company") values the privacy of users of the fitness community operating services provided under the Rxd brand and complies with applicable privacy laws. This Privacy Policy explains how personal information is used and protected across services including the Rxd Today app, Rxd Gym, online PT and coaching, activities, and wellness trips.

This service is not a medical or coaching service. The AI only analyzes, summarizes, and presents patterns in user information; it does not provide diagnosis, prescription, recommendation, or make decisions on behalf of users.

Article 1 (Personal Information Collected)

The Company may collect the following personal information for membership registration and service provision:

1. When signing up via Google Sign-In:

Required: Name, Email Address, Profile Picture
Optional: Date of Birth, Gender (if provided by the user in their Google profile)

2. When using injury and condition tracking:

Data entered by members in the course of using the service: body area of discomfort or pain, severity of discomfort, fatigue or condition status, memos, record date and time, etc.

3. When using body composition and InBody report features:

Health data entered by the member or extracted from an InBody report image: measurement date and time, weight, skeletal muscle mass, body fat mass, body fat percentage, BMI, basal metabolic rate, visceral fat level, segmental muscle data, report identifier, and values confirmed or edited by the user
Images uploaded for InBody report recognition, OCR/AI recognition results, recognition status, error messages, and identifiers for created body composition snapshots
Meal target adjustments and follow-up guidance generated using body composition data

This information may be considered sensitive health information under applicable privacy laws. The Company processes it only after obtaining consent separate from general personal information consent where required.

Article 2 (Purpose of Collecting and Using Personal Information)

The Company uses the collected personal information for the following purposes:

1. Member Management

• To verify the identity of users, prevent unauthorized use, confirm the user's intention to sign up

2. Service Provision

• To provide personalized services, deliver content, and offer tailored services

• To manage injury and condition records and to provide analysis, summary, and pattern presentation within the service

• To store, retrieve, edit, and delete body composition records; recognize InBody report images; adjust meal targets; and provide workout and nutrition management reference information

• To support gym operations, class bookings, chat, online coaching, and activity or wellness trip applications and operations

3. Marketing and Advertising

• To develop new services, provide information on events and promotional opportunities

Article 3 (Retention and Use Period of Personal Information)

The Company retains and uses personal information until the purpose of collection is achieved. Personal information is destroyed without delay once the purpose is achieved, except when retention is required by relevant laws.

1. Retention of Personal Information upon Membership Withdrawal: Destroyed without delay upon withdrawal

2. Retention as Required by Law:

Records on contracts or withdrawal of offers: 5 years (Act on Consumer Protection in Electronic Commerce)
Records on consumer complaints or dispute resolutions: 3 years (Act on Consumer Protection in Electronic Commerce)
Records on website visits: 3 months (Telecommunications Secret Protection Act)

Article 4 (Procedures and Methods of Destroying Personal Information)

The Company destroys personal information without delay once the purpose of its collection and use has been achieved. The procedures and methods are as follows:

1. Destruction Procedures:

Information entered by members for sign-up, etc., is transferred to a separate database (or a separate document in the case of paper) and stored for a certain period according to internal policies and other relevant laws before being destroyed.

2. Destruction Methods:

Personal information in electronic files is deleted using technical methods that prevent data recovery.
Printed personal information is destroyed by shredding or incineration.

Article 5 (Provision of Personal Information to Third Parties)

The Company does not provide personal information to external parties in principle. However, exceptions are made in the following cases:

When prior consent is obtained from the member
When required by law or for investigation purposes, in compliance with the prescribed procedures and methods

Article 6 (Consignment of Personal Information Processing)

The Company may consign personal information processing tasks to external specialized companies to enhance service quality. In such cases, the Company ensures that the consigned company processes personal information safely in compliance with the Personal Information Protection Act and supervises it accordingly.

If body composition or InBody report image recognition requires AI/OCR processing by a service provider or third-party service, the Company will disclose the transferred data, purpose, retention period, and relevant processing details in this Privacy Policy or in the service screen. The Company does not use health data for advertising targeting, sale to third parties, or data mining unrelated to user health management.

Article 7 (Members' Rights and How to Exercise Them)

Members can view or edit their registered personal information at any time and may request to withdraw their membership. To view, edit, or withdraw personal information, members can go to 'Change Personal Information' or 'Withdraw Membership,' verify their identity, and then directly access, correct, or withdraw.

Article 8 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

The Company may use 'cookies' to provide individualized, customized services to users. Cookies are small pieces of information sent by the server used to operate the website to the user's browser and stored on the user's hard disk.

1. Purpose of Using Cookies:

To analyze users' visiting and usage patterns of various services and websites, to provide optimized information

2. Cookie Settings and Rejection Methods:

Users have the option to accept or reject cookie installation. Therefore, users can set their web browser options to allow all cookies, prompt for consent each time a cookie is stored, or reject all cookies.

Setting Example (for Internet Explorer): Tools > Internet Options > Privacy

However, if the user rejects cookie installation, it may be difficult to use some services that require login.

Article 9 (Personal Information Protection Officer)

The Company appoints a personal information protection officer to oversee the processing of personal information, handle complaints, and provide relief for any damage related to personal information processing.

Personal Information Protection Officer: Kim KR
Contact: kimkr@rxd.today

Members can contact the personal information protection officer for all inquiries, complaints, and requests for relief related to personal information protection while using the service. The Company will respond to and handle the inquiries promptly.

Article 10 (Garmin Data Usage and Restrictions)

The Rxd Today app may integrate with Garmin Connect APIs to provide users with fitness and health-related insights. The Company processes data obtained via Garmin APIs in strict compliance with Garmin Connect Developer Program policies.

1. Purpose of use

Data obtained via Garmin APIs is used solely to provide core features within the Rxd Today app.

2. Processing environment

Garmin data is processed only within infrastructure controlled by the Company.

3. Restrictions on third-party disclosure and external processing

The Company does not share, transfer, or make Garmin data available to any third party. These restrictions include, but are not limited to:

External AI or machine learning service providers
Third-party analytics platforms
External data processing services

4. Restrictions on AI training and external APIs

Garmin data is never used to train external AI models or shared with external APIs. All processing of Garmin data is performed internally by Calmtown Co., Ltd. systems solely for the purpose of delivering user-requested functionality.

If any future changes to Garmin data usage are required, the Company will update this Privacy Policy and obtain any necessary approvals in accordance with Garmin Connect Developer Program requirements.

Article 11 (Use of AI Technologies and Third-Party AI Services)

The Company may use AI technologies to enhance user experience and provide personalized insights. To provide personalized workout feedback and intensity recommendations, the Company may use Google Gemini, a third-party AI service provided by Google LLC.

1. Data transmitted

Non-personally identifiable workout-related metrics, including exercise history, intensity levels, and joint load scores, that do not include Garmin data.

2. Data excluded

No personally identifiable information (name, email, device identifiers, or account ID) is transmitted. HealthKit raw data and Garmin-originated data are never shared with third-party AI services.

3. Purpose

Data is used solely for generating personalized responses (inference) within the app. It is not used to train or improve AI models.

4. AI processing related to Garmin data

Any AI processing related to Garmin data is conducted strictly within the Company's own infrastructure. Garmin data is not shared with or processed by external AI providers.

5. Data separation

Non-Garmin data may be processed using third-party AI services, but such usage is clearly separated and does not include Garmin-originated data. The Company maintains strict data separation policies to ensure compliance with third-party platform requirements.

6. Security

All data is transmitted via HTTPS (TLS encryption). Google's API data usage policy prohibits using API data for model training.

For more information on Google's data handling practices, refer to Google's Privacy Policy: https://policies.google.com/privacy

Article 12 (Use and Restrictions for Body Composition and InBody Data)

The Company uses body composition and InBody data entered or uploaded by members only to provide workout and nutrition management reference information. The Service is not a medical device and is not intended to diagnose, treat, mitigate, prevent, or prescribe for any disease or medical condition.

1. Data accuracy and user verification

OCR/AI recognition results may contain errors. Members should review and correct recognized values before saving them.

2. Deletion and withdrawal of consent

Members may request deletion of body composition records, account deletion, or withdrawal of consent for sensitive health data processing through in-app features or by contacting the personal information protection officer. Withdrawing consent may limit access to related features.

3. Advertising and marketing restrictions

The Company does not use body composition data, InBody data, HealthKit data, Garmin data, or other health information for advertising targeting, third-party sale, or marketing purposes unrelated to health management.

Article 13 (Changes to the Privacy Policy)

This Privacy Policy applies from the effective date. Any changes, additions, deletions, or corrections made according to laws and policies will be notified through the notice section at least 7 days before the changes take effect.

Announcement Date: May 31, 2026
Effective Date: May 31, 2026