Kyash Co., Ltd. (hereinafter referred to as "the Company") recognizes that implementing appropriate security measures for the information assets entrusted by customers and the information assets held by the Company is of utmost importance in order to continuously and stably provide high-quality services in the Kyash platform business. We understand the need to ensure information security in order to protect the interests of our users and have established the following Information Security Basic Policy, which all relevant parties are expected to fully recognize, understand, and comply with the laws, regulations, contracts, and information security requirements related to the Company's business.

Article 1 (Establishment of Information Security Management Structure)
The Company has appointed an Information Security Manager and established an Information Security Team to build an information security management structure.

Article 2 (Development of Internal Regulations)
The Company strives to ensure information security through the establishment and operation of internal regulations.

Article 3 (Establishment of Audit System)
The Company has established an internal audit department to create an audit system for information security. The internal audit department conducts regular audits related to information security.

Article 4 (Management of Outsourced Services)
When outsourcing business operations, the Company evaluates the eligibility of the outsourcing partner based on contractual agreements that satisfy information security requirements, taking into account the nature of the business and the type of information handled, and confirms that the outsourcing partner operates at a security level equal to or higher than the Company.

Article 5 (Protection of Personal and Confidential Information)
All individuals involved in the Company's business are required to handle personal information, card authentication information, user information, and other confidential information in strict accordance with applicable laws and regulations and internal regulations.

Article 6 (Compliance with Laws, Regulations, and Contracts)
The Company will continually understand and comply with the laws, regulations, contracts, and information security requirements applicable to its business, including promptly incorporating any new or revised requirements.

Article 7 (Continuous Improvement)
The Company regularly verifies the appropriateness of its information security management methods and strives for continuous improvement.