Privacy Policy

1. Business Operator Information

2. Personal Information We Collect

In providing the Services and conducting our business, the Company may collect the following personal information. (1) Information you provide via our website and applications Name, company name, department, job title, email address, phone number, employee size of your organization, industry, inquiry contents, services of interest, application contents, and other information you enter through various forms. (2) Information collected upon account registration and use of the Services Login ID, authentication credentials, profile information, billing-related information (credit card information is handled by payment processors and is not directly held by the Company), service usage history, operation logs, API call logs, error information, support history, and so on. (3) Information automatically collected when you browse our website IP address, browser information, OS information, device identifiers, referrer, access date and time, pages viewed, time spent, click and scroll behavior, cookie information, pixel tags, and other information obtained through similar technologies. (4) Information related to communications from the Company Click date and time of links in emails, source IP address, browser information, open status, and reaction information to various notifications and newsletters. (5) Information obtained through offline interactions Information provided through business card exchanges, sales meetings, interviews, conferences, events, exhibitions, hackathons, study sessions, and similar occasions; information about participants in events hosted by the Company; photographs and videos taken; meeting minutes, and so on. (6) Information obtained from third parties Information provided by business partners, referrers, advisors, mentors, investors, financial institutions, and others; public information obtained from public sources, corporate information databases, industry association directories, social media, and similar sources. (7) Information related to recruiting activities Applicants' resumes, work histories, portfolios, interview records, reference information, and information provided by recruiting agencies and similar parties.

3. Purposes of Use

The Company uses the personal information it collects within the scope of the following purposes. 1. Responding to inquiries, requests for materials, sales meetings, quotations, contract negotiations, and other communications with customers 2. Providing, operating, maintaining, improving, and adding features to the Services, and ensuring quality 3. Identity verification, authentication, prevention of fraudulent use, security management, and log auditing 4. Billing and processing payments for service fees, accounts receivable management, and assignment of receivables 5. Providing information about our services, seminar invitations, product updates, campaigns, and similar communications 6. Optimizing the information we provide and our proposals based on customers' interests and usage status 7. Research and development of our services, user research, usability testing, and surveys 8. Creating and publishing statistical data, reports, white papers, case studies, and the like (in a form that does not allow individuals to be identified) 9. Planning, operating, supporting participants of, recording, and publicizing events, seminars, exhibitions, hackathons, study sessions, and similar gatherings 10. Recruiting activities (managing applicant information, conducting selection processes, communicating with offerees, working with recruiting agencies, and managing personnel matters after joining) 11. Responding to media inquiries, communicating with press, public relations and PR activities, public announcements about our business, and media coverage 12. Communicating with investors, shareholders, prospective investors, financial institutions, and grant-issuing organizations; investor relations; fundraising; and grant application support 13. Coordinating and managing contracts with business partners, suppliers, external advisors, and industry associations 14. Considering and executing corporate activities such as business succession, mergers, corporate splits, business transfers, share transfers, and other forms of restructuring 15. Performance of obligations under laws, contracts, and terms of service; responding to disputes, litigation, mediation, administrative procedures, and inquiries from investigative authorities 16. Notifying changes to this Policy, terms of service, and other important matters, and providing important notices 17. Other purposes incidental or related to the above

4. Methods of Collecting Personal Information

The Company collects personal information through one or more of the following methods. • Information provided by you through forms on our website, email, telephone, meetings, chat, social media, and similar means • Information automatically recorded in connection with use of the Services (cookies, server logs, application logs, and so on) • Measurement of your reactions to communications sent by the Company • Collection through offline interactions such as business card exchanges, sales meetings, events, exhibitions, and study sessions • Information provided by third parties such as business partners, referrers, advisors, mentors, investors, and recruiting agencies • Information obtained from public sources, corporate information databases, industry association directories, social media, and similar sources • Collection based on laws or your separate consent

5. Provision to Third Parties

Except in any of the following cases, the Company will not provide personal information to third parties without obtaining your prior consent. 1. When required by law 2. When necessary for the protection of life, body, or property of a person and obtaining consent from the individual is difficult 3. When particularly necessary for improving public health or promoting the sound development of children and obtaining consent from the individual is difficult 4. When cooperation is required for a national agency, local government, or a party entrusted by them to perform statutory duties, and obtaining consent could impede such performance 5. When business is succeeded due to merger, corporate split, business transfer, or similar reasons (the successor will be obligated to handle the information in a manner equivalent to or stricter than this Policy) 6. When, with your prior consent, information is disclosed to media organizations, industry associations, or other publication channels as information related to the Company's business

6. Outsourcing of Personal Information Handling

The Company may outsource the handling of personal information to external parties to the extent necessary to achieve the purposes of use. The Company appropriately supervises such outsourcees, imposes contractual confidentiality obligations, and strives to ensure that safety management is maintained. Main categories of outsourcees are as follows. • Cloud infrastructure, database, and storage providers • Generative AI model and machine learning platform providers • Payment processors • Email delivery, CRM, business management, and communication tool providers • Access analytics, marketing support, and ad delivery providers • Accounting, tax, legal, HR/labor, and other professional service providers

7. Provision to Third Parties in Foreign Countries (Cross-Border Transfers)

Some of the cloud services and SaaS used by the Company are provided by operators located in foreign countries, and as a result, your personal information may be transferred to such countries. The primary destination country is the United States, where we use cloud and generative AI services from AWS, OpenAI, Anthropic, Google, and others. The Company selects appropriate providers after confirming the personal information protection systems of the destination country and the safety management measures taken by such providers. Detailed information about the personal information protection systems of each destination country can be provided upon request to the contact point set forth in Section 17.

8. Use of Cookies and Similar Technologies

Our website and the Services use cookies and similar technologies to improve convenience, enhance the Services, understand usage, and optimize marketing activities. You may refuse to accept cookies through your browser settings; however, in that case, some functions of the Services may not be available.

9. Click Tracking in Emails

Emails sent by the Company may include mechanisms that measure clicks on links for the purpose of understanding your interests and optimizing our proposals. The information collected includes click date and time, source IP address, browser information, and similar data. If you do not wish for such information to be collected, please contact the contact point set forth in Section 17.

10. Access Analytics Tools

Our website uses Google Analytics, an access analytics tool provided by Google LLC. Google Analytics uses cookies to collect information about access status. For details, please refer to the privacy policy published by Google. If you wish to disable data collection by Google Analytics, please use the opt-out browser add-on provided by Google.

11. Handling of Personally Referable Information

The Company may collect personally referable information such as cookie information, IP addresses, browser information, and device identifiers obtained when you browse our website, and may treat it as personal information by matching it against personal data held by the Company. When the Company provides personally referable information to a third party and it is anticipated that such third party will match the information with their personal data, the Company will obtain your prior consent in accordance with the APPI.

12. Pseudonymized and Anonymized Information

The Company may, in accordance with the APPI, process personal information it has collected into pseudonymized or anonymized information and use it, or provide it to third parties, for purposes such as statistical analysis, research and development, service improvement, report creation, machine learning, and other forms of data analysis. The handling of customer data in the Services as set forth in Section 16 is governed by the terms of service of each service or by separate data processing agreements.

13. Special-Care-Required Personal Information

As a general rule, the Company does not collect special-care-required personal information. If, due to business necessity, such collection becomes unavoidable, the Company will obtain your prior consent and handle such information strictly within the scope necessary for the purpose of use.

14. Security Management Measures

The Company implements organizational, human, physical, and technical security management measures against risks such as leakage, loss, or damage of personal information, and works to understand the external environment when entrusting or providing personal information handling to third parties located in foreign countries. The specific contents of such measures can be provided upon request to the contact point set forth in Section 17.

15. Requests for Disclosure, Correction, Suspension of Use, and Similar Requests

You may request notification of the purpose of use, disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of provision to third parties of your personal information held by the Company. For details on procedures, please contact the contact point set forth in Section 17. After verifying your identity, the Company will respond within a reasonable period.

16. Handling of Customer Data in the Services

In Saturn, totsugo.com, and other SaaS-type services, the handling of data that customers (including corporate customers) input into, upload to, or transmit through the Company's APIs (hereinafter "Customer Data") — including the scope of purposes of use, whether it may be used to train generative AI models, whether it is provided to third parties, retention periods, and so on — is governed by the terms of service of each service or by separate data processing agreements. Because handling policies may differ from service to service, please be sure to review the applicable terms of service before use.

17. Contact Point

Inquiries and requests regarding the handling of personal information are accepted at the following contact point. Leach, Inc., Personal Information Protection Officer Satsunotsuji Square 9F, 5-36-4 Shiba, Minato-ku, Tokyo 108-0014, Japan Please reach out via the contact form on our website.

18. Revisions to This Policy

The Company may revise this Policy due to amendments to laws, changes to the contents of the Services, or other circumstances. The revised content takes effect from the time it is posted on the Company's website. In the case of material changes, the Company will provide prior notice to you by methods designated by the Company.