GRANO Wallet Service – Terms of Service

Effective Date: 2026-03-09
These Terms of Service govern the rights, obligations, and responsibilities related to the use of “GRANO” (hereinafter “Service”), a blockchain-based hybrid wallet platform. By registering for or using the Service, you are deemed to have agreed to these Terms and related policies.

1. Purpose and Scope
These Terms apply to all aspects of the Service, including digital wallets, asset inquiry, deposits, withdrawals, swaps (purchases), staking, and other DeFi-related features. The Service currently operates under a hybrid wallet structure. The Non-Custodial model — in which users directly generate, encrypt, and store their own private keys and seed phrases on their own devices — is planned for sequential rollout following the completion of domestic and international regulatory review and technical preparation. The schedule and scope of support will be announced separately through official service notices.

2. Account Registration and Identity Verification (KYC)
Users must provide accurate and up-to-date information when creating an account. In order to comply with domestic and international Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations, the Service may request KYC (identity verification) as required by applicable law or based on the Service’s risk assessment. Failure to complete KYC, or the provision of false or fraudulent information, may result in restriction or suspension of access to the Service.

3. AML/CTF and Sanctions Compliance
The Service complies with the Virtual Asset User Protection Act, the Act on Reporting and Using Specified Financial Transaction Information, relevant supervisory guidelines, and international standards including FATF Recommendations. In the event that transactions involving sanctioned entities, high-risk jurisdictions, or sanctioned individuals are detected, or where suspicious transactions are identified, the Service may impose transaction restrictions and fulfill applicable reporting obligations.

4. User Assets, Wallet Backup, and Management
This section is a critical provision directly related to the protection of user assets. Please read carefully.
4-1. Current Wallet Structure
The Service currently operates under a hybrid wallet structure, with security policies in place to protect user assets. The Non-Custodial feature — enabling users to directly manage their own private keys and seed phrases — is planned for future support upon fulfillment of regulatory requirements and completion of technical preparation. Users will be notified through separate announcements and updated Terms when this feature becomes available.
4-2. Wallet Backup (Applicable Upon Future Non-Custodial Support)
Once the Non-Custodial feature is activated, users must immediately back up their seed phrase (recovery phrase) and private key to an offline medium upon wallet creation. If backup information is lost or disclosed to a third party, asset recovery will be technically impossible, and the Foundation will not provide any recovery assistance. Storing backup information in online environments such as cloud storage, screenshots, or email is strictly discouraged, as it may lead to asset theft through hacking or phishing.
4-3. Password (Wallet Encryption Key)
The password used in the Service is not merely a login credential — it is the unique encryption key used to decrypt the encrypted wallet key stored on the user’s device. GRANO Foundation does not store users’ passwords on its servers, and in the event of a password loss, recovery, reset, or decryption on behalf of the user is not possible by any means. The Foundation bears no responsibility whatsoever for inability to access the wallet or loss of assets resulting from a lost password.
4-4. Transaction Responsibility
Users bear full rights and responsibility for all transactions (deposits, withdrawals, swaps, staking) occurring within their wallets. Network fees such as gas fees are borne by the user, and fees may fluctuate due to external factors such as network congestion.

5. Scope of Service and Regulatory Response
The Service may be partially or fully suspended or modified due to network maintenance, security issues, legal compliance requirements, or technical reasons.
Certain features — including swaps, staking, DeFi integrations, and the Non-Custodial wallet function — are planned for sequential support in accordance with changes to domestic and international virtual asset laws (including the Virtual Asset User Protection Act and the Act on Reporting and Using Specified Financial Transaction Information) and supervisory guidelines. The current scope of available features will be communicated through service notices and may be changed following prior notice depending on the regulatory environment.
If specific tokens or features are restricted or discontinued due to regulatory, market, or partnership changes, advance notice will be provided to the extent possible.

6. Risk Disclosure (Investment, Technical, and Regulatory Risks)
Investment Risk: Virtual assets carry high volatility and the risk of principal loss. Past returns do not guarantee future returns.
Technical Risk: Losses may occur due to vulnerabilities in external systems such as smart contracts, protocols, oracles, bridges, and wallet software.
Regulatory Risk: The scope of services and availability of specific features may change in accordance with domestic and international laws and regulatory changes.

7. User Obligations
Users must comply with applicable laws, these Terms, and related guidelines, and must not infringe upon the rights of others. Users must not attempt or facilitate illegal or fraudulent activities including hacking, phishing, fraud, or money laundering. Users must manage security information such as passwords safely and must immediately notify the Service in the event of loss or disclosure.

8. Prohibited Activities
The use of the Service or wallet for concealment of criminal proceeds, sanctions evasion, illegal gambling, or any other unlawful activity is strictly prohibited. Exploitation of service vulnerabilities, generation of excessive traffic through automated tools, and any attempt to compromise system integrity are strictly prohibited.

9. Disclaimer of Liability
The Foundation shall not be held liable for damages arising from causes beyond the reasonable control of the Service, including network congestion, node or RPC failures, failures of third-party services (such as exchanges or oracles), or smart contract vulnerabilities.
Loss of wallet access or assets resulting from a user’s lost password or disclosure of security information is the sole responsibility of the user. (Refer to Article 4, Section 4-3)
Losses resulting from user error — including incorrect deposits, incorrect withdrawals, or erroneous address entries — are the sole responsibility of the user.
The Foundation shall not be held liable for damages arising from service suspension or modification due to regulatory changes or legal compliance requirements.

10. Intellectual Property
All rights related to the Service, including trademarks, logos, UI, and source code, are vested in the Foundation or their respective rightful owners.

11. Notices and Announcements
Important matters such as changes to Terms or policies will be communicated through in-service notices or registered contact information. A reasonable prior notice period will be provided for significant changes.

12. Governing Law and Dispute Resolution
These Terms are governed by the laws of the Republic of Korea, and any disputes shall be submitted to the competent court under the Civil Procedure Act.

13. Amendments
These Terms may be amended in accordance with changes to laws, policies, or services. Upon amendment, the effective date and key changes will be announced.

Regulatory Compliance and Service Update Notice
The content of these Terms may be amended at any time in accordance with changes to applicable laws, supervisory guidelines, and internal policies. GRANO will sequentially support services including Non-Custodial features in line with evolving domestic and international virtual asset regulatory environments, and will operate the platform in faithful compliance with applicable laws and guidelines.
Applicable Laws and Guidelines / Links
● Personal Information Protection Act / https://www.law.go.kr/법령/개인정보보호법
● Electronic Financial Transactions Act / https://www.law.go.kr/법령/전자금융거래법
● Act on Reporting and Using Specified Financial Transaction Information / https://www.law.go.kr/법령/특정금융거래정보의보고및이용등에관한법률
● Financial Services Commission (FSC) Notices and Guidelines / https://www.fsc.go.kr/
● Financial Supervisory Service (FSS) Notices and Guidelines / https://www.fss.or.kr/
● Korea Financial Intelligence Unit (KoFIU) Directives and Guidelines / https://www.kofiu.go.kr/
● FATF Recommendations on Virtual Assets / https://www.fatf-gafi.org/recommendations

Important Notice (Sensitive Items) The Service currently operates under a hybrid wallet structure. The following items are sensitive from a regulatory and security standpoint. Please exercise particular caution.
1. Non-Custodial Feature — Planned for sequential support upon completion of regulatory and technical preparation
2. Password (Wallet Encryption Key) — Not stored on server; the Foundation bears no responsibility for loss
3. Wallet Backup and Recovery Information Management — Upon Non-Custodial support, loss of backup renders asset recovery impossible
4. Custody, Signing Flow, and Transactions — Within the scope of user responsibility
5. Logs and Security — Report any anomalies immediately
6. Cross-Border Transfer and Address Risk — Check service notices regularly for regulatory updates

Effective Date: 2026-03-09

GRANO Privacy Policy
Effective Date: 2026-03-09

GRANO Foundation (hereinafter "Foundation") values the personal information of its users and complies with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Electronic Financial Transactions Act, the Virtual Asset User Protection Act of the Republic of Korea (including provisions scheduled for enforcement), and all other applicable laws and supervisory guidelines. Personal information collected through the Service may be used across all aspects of service operations, including service improvement and fulfillment of legal obligations.

1. Purpose of Processing Personal Information
The Foundation collects and uses personal information for the following purposes.

Account creation and identity verification (KYC), service provision and operation, customer support and complaint handling, security monitoring and anomaly detection, fulfillment of legal obligations (AML/CTF and sanctions compliance), operation of mining services, operation of referral programs, service quality improvement and statistical analysis, and marketing and event notifications (upon consent).

Collected personal information may be used across overall service operations within the scope of the purposes stated above. Personal information will not be used for any purpose beyond those stated without prior consent from the user.

2. Personal Information Collected
Required Information

Email address, password (stored in encrypted form), name or nickname, wallet address, service usage records, access logs and device information, IP address.

Information Collected Upon KYC (Identity Verification)

Copy of government-issued identification document, selfie (facial image), date of birth, address, country of residence, sanctions status, and PEP (Politically Exposed Person) status, as required by applicable law.

Customer Support

Inquiry content and contact information.

Location Information

GPS and network-based location data. Collected within the scope necessary for service provision and mining feature operation, and may be used for operational optimization and fraud detection.

Mining-Related Information

Mining activity records, mining reward history, mining session information, and device performance data. May be used for mining service operation, reward settlement, and service quality improvement.

Referral Information

Individual referral status, referral reward history, and referrer/referee relationship information. May be used for referral program operation and reward settlement.

Optional Information

Marketing consent information. Refusal to provide optional information does not restrict access to core service features.

3. Method of Collection
Personal information is collected through the following means: direct user input during account registration, KYC procedures, and customer inquiries; automatic collection during Service use (cookies, logs, device information); and collection through lawful partner services (following prior notice and consent).

4. Retention and Disposal
Personal information is retained until the processing purpose is fulfilled or until the user deletes their account, after which it is promptly disposed of. Where retention is required by applicable law, information is retained for the prescribed period.

Statutory retention periods are as follows.

Act on Consumer Protection in Electronic Commerce: records of contracts and withdrawal of offers for 5 years; records of payment and supply of goods for 5 years; records of consumer complaints and dispute resolution for 3 years.

Act on Reporting and Using Specified Financial Transaction Information: KYC and AML-related records for a minimum of 5 years.

Electronic Financial Transactions Act: electronic financial transaction records for 5 years.

Protection of Communications Secrets Act: access logs and connection tracking data for 3 months.

5. Provision of Personal Information to Third Parties
The Foundation does not provide users' personal information to third parties without prior consent, except in the following cases.

Where required by applicable law; where a lawful request is made by investigative or supervisory authorities through proper legal procedures; where reporting to KoFIU or other authorities is required to fulfill AML/CTF reporting obligations; where integration with partner services is necessary for service provision (limited to the minimum information required, subject to prior consent).

Where cross-border transfer of personal information is required, the Foundation will provide prior notice of the destination country, items transferred, purpose of use, retention period, and protective measures, and will obtain user consent.

6. Entrustment of Personal Information Processing
The Foundation may entrust the following tasks to external service providers for the purposes of service operation.

Customer support and complaint handling, identity verification (KYC) services, cloud infrastructure and security, data backup and analysis.

The Foundation enters into agreements with trustees that prohibit processing of personal information beyond the scope of the entrusted tasks, and supervises compliance accordingly. A list of current trustees will be disclosed separately through in-service notices.

7. Rights of Users and Legal Representatives
Users may exercise the following rights at any time.

Right to access personal information, right to request correction of errors, right to request deletion, right to request suspension of processing, right to withdraw consent and delete account.

For users under the age of 14, legal representatives may exercise the above rights on their behalf. Please note that information subject to statutory retention obligations (such as KYC and AML records) may be retained for the required period notwithstanding a deletion or suspension request.

8. Measures to Ensure Security of Personal Information
The Foundation implements the following technical, administrative, and physical safeguards to protect personal information.

Encrypted (hashed) storage of passwords, access control and minimization of personal information access privileges, access log monitoring and intrusion detection systems, encryption of data in transit (TLS/SSL), regular vulnerability assessments and security patching, security training for personnel handling personal information, and physical access controls.

Wallet recovery information (seed phrases and private keys) is not stored on the Foundation's servers. Upon activation of the Non-Custodial feature, such information will be encrypted and stored solely on the user's device.

9. Cookies and Automatic Data Collection Tools
The Service may use cookies and similar technologies to enhance user experience and conduct usage analytics. Users may refuse cookies through their browser settings; however, certain features of the Service may be limited as a result.

10. Cross-Border Transfer of Personal Information
In the course of operating the Service, personal information may be transferred to, stored on, or processed by servers or service providers located outside the Republic of Korea. In such cases, the Foundation will provide prior notice of the destination country, timing and method of transfer, items transferred, purpose of use, retention period, and protective measures, obtain user consent, and establish contractual safeguards to ensure the required level of protection under applicable law.

11. Privacy Officer
The Foundation has designated a Privacy Officer responsible for overseeing all matters related to the processing of personal information and for handling related complaints and inquiries.

Name and Title: Privacy Officer (to be designated) Contact: nexwhale2030@gmail.com (to be finalized upon service launch) Hours: Monday through Friday, 09:00–18:00 (excluding public holidays)

12. Amendments to the Privacy Policy
This Privacy Policy may be amended in accordance with changes to applicable laws, policies, or service improvements. In the event of amendments, users will be notified through in-service notices at least 7 days prior to the effective date. For changes that materially affect user rights, at least 30 days' prior notice will be provided.

Regulatory Compliance and Change Notice
The content of this Privacy Policy may be amended at any time in accordance with changes to applicable laws, supervisory guidelines, and internal policies. GRANO Foundation will operate the platform in faithful compliance with applicable laws and guidelines in response to the evolving domestic and international virtual asset regulatory environment.


Applicable Laws and Guidelines

Personal Information Protection Act / https://www.law.go.kr/법령/개인정보보호법
Electronic Financial Transactions Act / https://www.law.go.kr/법령/전자금융거래법
Act on Reporting and Using Specified Financial Transaction Information / https://www.law.go.kr/법령/특정금융거래정보의보고및이용등에관한법률
Financial Services Commission (FSC) Notices and Guidelines / https://www.fsc.go.kr/
Financial Supervisory Service (FSS) Notices and Guidelines / https://www.fss.or.kr/
Korea Financial Intelligence Unit (KoFIU) Directives and Guidelines / https://www.kofiu.go.kr/
FATF Recommendations on Virtual Assets / https://www.fatf-gafi.org/recommendations
Important Notice (Sensitive Items)
The Service currently operates under a hybrid wallet structure. The following items are sensitive from a regulatory and security standpoint. Please exercise particular caution.

Non-Custodial Feature — Planned for sequential support upon completion of regulatory and technical preparation
Password (Wallet Encryption Key) — Not stored on server; the Foundation bears no responsibility for loss
Wallet Backup and Recovery Information Management — Upon Non-Custodial support, loss of backup renders asset recovery impossible
Custody, Signing Flow, and Transactions — Within the scope of user responsibility
Logs and Security — Report any anomalies immediately
Cross-Border Transfer and Address Risk — Check service notices regularly for regulatory updates
Effective Date: 2026-03-09