MIRARTH Holdings, Inc. (hereinafter, the "Company") handles a variety of information assets, including information entrusted and provided by customers and all other related parties, and information retained by the Company, in the course of carrying out various businesses to realize the Company’s vision, “THINK HAPPINESS AND MAKE THE HAPPINESS.”

With the security of information assets as one of the Company’s most important management measures, the Company established an "Information Security Policy" for the Company to protect information assets from internal and external threats and attacks, to live up to the trust of customers, stakeholders and society, and to take appropriate organizational, human, physical, and technological measures.

1. Establishment of Information Security Management System

In order to properly manage and protect information assets, the Company established an operational management system that enables the implementation of necessary security measures based on security risk analysis.

2. Information Security Education and Training

The Company continuously provides necessary education and training to all employees and related parties of the Company to improve their information security literacy and to properly manage information assets.

3. Compliance with Laws and Regulations and Contractual Requirements

All employees and related parties of the Company are required to check and keep up-to-date on the laws, regulations and rules concerning information assets as well as requirements and obligations under security-related contracts with customers, and to comply with and not violate said laws, regulations and rules.

4. Responses to Violations and Accidents

In the event of a violation of laws and regulations, a breach of contract, or an accident occurring in connection with information security, all employees and related parties of the Company will try to prevent a recurrence by working quickly to restore the situation and minimize damage.

In addition, the Company will appropriately report the violation, breach or accident to the relevant internal and external parties and authorities, as the situation requires.

5. Continuous Improvement

The Company will continue to improve information security management through periodic evaluation and review of the above.

October 1, 2022