Privacy Policy

1. Data We Handle

Taplizm handles only data necessary for communication, data transmitted during feature use, and data needed for support inquiries.

1-1. Data collected during ordinary use

Connection and identification data

1. device_id (per-installation identifier)
   • Purpose: Connection session identification, reconnection control, rate limiting, abuse prevention
   • Note: device_id is a random UUID and does not contain your name or contact details.
2. IP address
   • Purpose: Establishing connections, connection attempt limiting, incident response, unauthorized access prevention
   • Note: An IP address may allow estimation of country, region, or city, but it does not pinpoint an exact address.
3. Communication metadata
   • Examples: app_version, platform, connection timestamps, error codes, maintenance responses, connection quality indicators (response time, etc.)
   • Purpose: Compatibility checks, incident analysis, service protection
4. Operational log data
   • Examples: Connection results, error categories, rate-limiting events, unauthorized admin API access records
   • Purpose: Incident analysis, abuse prevention, operational auditing
   • Note: Ordinary logs use a shortened hash instead of the raw device_id, and IP addresses are masked where possible.

Data transmitted during feature use

1. Tap data
   • Examples: Tap timestamp (ts)
   • Purpose: Rhythm synchronization
   • Note: In Session mode, tap events include device_id and are delivered to participants in the same room. In Field mode, tap events do not include device_id.
2. Session data
   • Examples: Room code, expiry time, member count
   • Purpose: Providing the Session room feature
3. Field mode location data
   • Uses latitude and longitude manually entered by the user in the settings screen. Device GPS is not used.
   • Entered coordinates are converted on-device into coarsened cell IDs (near, region, and globe levels) before being sent to the server. The server does not receive raw latitude or longitude.
   • The finest cell ID resolution is approximately 1 km square.

1-2. Ordinary-use data is not personal information

In ordinary use (1-1), we do not require account registration and do not collect directly identifying information such as names or email addresses. The operator has determined that data collected during ordinary use does not constitute "personal information" under Japan's Act on the Protection of Personal Information (APPI).

1-3. Data collected through support inquiries

Regardless of whether the inquirer is a user, we may collect the following data during support interactions.

1. Data submitted through the contact form
   • Examples: Email address, inquiry content, submission timestamp
   • Purpose: Responding, contacting the inquirer, managing response history, preventing abuse
2. Data from inquiries exceptionally received through other channels
   • Examples: Email address, caller phone number, mailing address, inquiry content, submission timestamp
   • Purpose: Responding, contacting the inquirer, managing response history, preventing abuse

1-4. Inquiry data is treated as personal information

Contact information such as email addresses obtained through support inquiries (1-3) can identify a specific individual and is therefore treated as "personal information" under Japan's APPI.

1-5. Separation of ordinary-use data and inquiry data

• Ordinary-use data and inquiry data are managed in separate systems, and we do not have a mechanism to systematically or continuously link them.
• A device_id may become associated with contact details during a support interaction, but we do not reflect that association in the ordinary-use system.
• This determination is based on the current architecture, which has no account registration and does not systematically link ordinary-use and inquiry data. If future feature additions change this premise, we will revise this policy.

2. Data We Do Not Collect

Taplizm does not collect the following:

• Name, date of birth, physical address, phone number, or email address (except when voluntarily provided through a support inquiry)
• Current device location (GPS) or OS-level location permission
• Contacts, photos, calendar data, SMS, or similar device content
• Microphone recordings or voice call data

2-1. Advertising and analytics tag policy

1. Website
   • The website currently does not include advertising or analytics tags.
   • If advertising or analytics tags are added in the future, we will provide the legally required notice or obtain consent upon first access.
2. App
   • The app currently does not include advertising or analytics tags.
   • If advertising or analytics tags are added in a future update, we will provide the required notice or obtain consent upon first launch after the update, in accordance with applicable laws and store policies.

3. Purposes of Use

Collected data is used only for the following purposes:

1. Service provision — Real-time communication, Field/Session participation, tap synchronization, room management
2. Service protection — Rate limiting, capacity control, abuse detection, incident recovery
3. Quality improvement — Monitoring, analyzing, and improving connection stability, error trends, and operational status
4. Creating statistics — Creating, analyzing, and publishing non-identifying statistics
5. Support inquiries — Receiving inquiries, contacting the inquirer, responding, managing response history
6. Legal compliance — Responding to laws, regulations, and legal proceedings

3-1. Legal classification

Although we have determined that data collected during ordinary use does not constitute personal information (see 1-2), we specify purposes of use and handle the data within that scope. Personal information obtained through support inquiries is handled in accordance with Japan's APPI.

3-2. Examples of statistics

• We may create, use, and publish non-identifying statistics.
• Examples include monthly active device counts, peak usage times, and trends in commonly entered coordinates, but are not limited to these.

4. Retention and Deletion

1. Real-time server data
   • Connection state, Field participation, and Session participation are processed mainly in memory.
   • Session rooms are deleted when empty or expired.
   • Reconnecting with the same device_id does not automatically restore Session room membership.
2. Server logs
   • Operational logs (connection results, error categories, rate-limiting events, etc.) are retained for up to 30 days on the current service infrastructure.
   • Raw device_id, raw coordinates, and device GPS coordinates are not written to or persisted in ordinary logs.
3. Statistics
   • The operator may create, use, or publish non-identifying statistics.
   • Statistics may be retained and used beyond the retention period of the underlying logs.
   • Statistics may be used after Taplizm ends for planning or improving other services provided by the operator.
   • If statistics are published in media, presentations, or web pages, those records may persist for as long as the medium exists.
4. Inquiry data
   • Inquiries from users or non-users are primarily accepted through the contact form.
   • Contact information (email address, etc.) and inquiry content submitted through the contact form are retained for as long as needed for support and generally deleted within one year after the service ends.
   • If support is exceptionally provided through email, phone, mail, or other methods, the inquirer's contact information (including phone number, address, etc.) and inquiry content are retained for as long as needed and generally deleted within one year after the service ends.
   • If an inquiry spans Taplizm and the operator's other services, or if it is unclear which service the inquiry relates to, the data may be retained until one year after the operator's business ends, even after Taplizm ends.
   • Communications identified as spam, inquiries with unintelligible content, or inquiries unrelated to the business or service may be deleted earlier.
5. Data stored on the device
   • The device stores device_id, preferences (Haptics / Audio / Visual), entered coordinates, and onboarding status.
   • You can review locally stored data and server-side data categories in Privacy Center in the Settings screen.
   • You can delete the above device data through "Reset local data" in the Settings screen.
   • The scope of deletion when the app is uninstalled depends on the OS. To ensure deletion, use "Reset local data" before uninstalling.
6. Service termination
   • User data held for the service will be deleted within one year after termination. Statistics are excluded.
   • Inquiry data that overlaps with other services or whose attribution is unclear may be retained until one year after the operator's business ends.
7. Method of deletion
   • Deletion is performed by executing data-deletion operations within the groupware and on devices used by the operator.

5. AI Use

The operator may use AI services for development, operations, incident response, document preparation, quality improvement, and support inquiries.

5-1. AI use of ordinary-use data

• Information handled by the operator for software development and operations (including operational logs) may be processed with AI for development, operations, incident response, document preparation, and quality improvement.
• Because data collected during ordinary use does not constitute personal information (see 1-2), providing it to AI services does not constitute third-party disclosure under Japan's APPI.
• Information provided to AI services may be used for AI model training in accordance with each provider's terms of service.
• The operator limits the information entered into AI services to what is necessary.

5-2. AI use of inquiry data

• Inquiry content may be processed with AI to draft responses or assist with support. In such cases, contact information (email addresses, etc.) is excluded before processing.
• The groupware used for inquiry management (Google Workspace) has integrated AI features that may read contact details and message content on screen. This is processing by internal groupware functions, not the operator individually entering contact details into AI. As of this policy's last update, Google Workspace AI features do not use input data for AI model training, under Google's terms of service.

5-3. AI service providers

6. International Transfers

International transfers are handled according to the following policies.

6-1. Service operations

• The operator performs work involving service data in the following countries:
  • Japan
  • Singapore
• When the operator is staying temporarily (90 consecutive days or fewer) in another country:
  • Work that does not involve raw logs or inquiry content may be performed on a regular basis.
  • In the event of unexpected service interruption or other emergencies, all data including raw logs and inquiry content may be accessed. In such cases, the scope and duration of access will be limited to the minimum necessary.

6-2. Primary transfer destinations

The operator transfers data to the following providers to the extent necessary for service provision and operations. Because data collected during ordinary use does not constitute personal information (see 1-2), providing data to these entities does not constitute third-party disclosure of personal data. For transfers of inquiry data (personal information), see 6-4.

Data transferred to these companies may be processed in the United States or other countries or regions where they operate.

To optimize communication, the service may route traffic through servers and networks in countries or regions near the user's location.

6-3. Limitations of SaaS / platform usage

• Apple, Google, OpenAI, Anthropic, Fly.io, and Cloudflare are SaaS or platforms offered under standard terms for developers.
• As a result, the operator generally cannot enter into individual supplemental agreements, conduct individual audits, fix storage locations, or impose custom management conditions.
• Instead, the operator limits information sent to the minimum necessary, selects Japan/US/Singapore regions where configurable, and reviews each company's published terms of service, privacy policies, standard data processing terms, and security information before use.
• If the necessary legal basis, notice content, or protection level cannot be confirmed, the operator will either refrain from sending data to that provider or use data in a non-identifying form.

6-4. Compliance with Japanese law

Under Japan's APPI, the following information is provided regarding the international transfer of personal information obtained through support inquiries (1-3).

Country of transfer

The groupware used for inquiry management (Google Workspace) is provided by Google LLC, based in the United States, and inquiry data may be processed in the United States.

Personal information protection system in the country of transfer

Please refer to the report on the United States published by Japan's Personal Information Protection Commission. In summary, the United States does not have a comprehensive federal law on personal information protection; protection is provided by sector-specific federal laws and individual state laws.

Protective measures taken by the transferee

Google has obtained third-party certifications including ISO/IEC 27001 and SOC 2/3, and applies contractual data processing terms (Cloud Data Processing Addendum).

Regarding ordinary-use data

Data collected during ordinary use does not constitute personal information (see 1-2) and therefore does not constitute provision of personal data to a third party in a foreign country under Japan's APPI.

This section will be updated if compliance with additional jurisdictions becomes necessary as the service expands to new countries.

7. Security Measures

The operator implements the following measures to prevent data leaks, loss, and corruption:

• Encrypted transport (wss / https)
• Minimized data collection
• On-device conversion of coordinates to cell IDs (design that does not send raw coordinates to the server)
• Prohibition of logging or persisting raw location coordinates
• Operational practice of not writing raw device_id to ordinary logs
• Limiting information entered into AI services to what is necessary
• Abuse prevention through rate limiting and capacity control
• Authentication for admin functions (Bearer tokens, etc.)

8. User Rights and Device Controls

8-1. Ordinary-use data (on-device review and deletion)

Because data collected during ordinary use does not constitute personal information (see 1-2), the following are app features, not rights granted by law.

• Review: You can review locally stored data and server-side data categories in Privacy Center in the Settings screen.
• Delete local data: Use "Reset local data" in Settings to delete device_id, preferences, entered coordinates, and onboarding status stored on the device.
• Suspend use: Use "Suspend this device" in Privacy Center to stop new use from this device.
• Resume use: You can resume from Privacy Center on the same device.

Notes:

• Since ordinary features do not hold account information such as name or email address, identity verification is generally based on device possession (operation from a device that holds the relevant device_id).
• The scope of deletion when the app is uninstalled depends on the OS. To ensure deletion, use "Reset local data" before uninstalling.

8-2. Statutory requests regarding inquiry data

For personal information obtained through support inquiries (1-3), we accept the following requests under Japan's APPI:

• Disclosure and correction requests: Please contact us through the contact form. We may be unable to respond if we cannot verify your identity.
• Suspension and deletion requests: Inquiry data may need to be retained for managing response history and preventing abuse. Suspension or deletion may not be possible while the retention need exists. Once the need no longer exists, after the retention period expires, or after the service ends, we will promptly delete the data (see Section 4).
• For requests regarding inquiry data, please contact us through the contact form.

9. Children

Taplizm provides the service without collecting age information and implements the following measures for all ages:

• The app does not collect date of birth.
• The app does not provide features for exchanging contact information or sending/receiving messages or images.
• In Session mode, only those who know the room code and 4-digit UTC code can join; there is no mechanism for meeting unknown users.

Regarding consent and inquiries:

• Minors should obtain consent from a legal guardian before using the service.
• Legal guardians should verify the legal suitability of the minor's use and provide appropriate supervision, including usage time.
• Inquiries should be made by the legal guardian.
• If the operator learns that a child's data was collected without legally required consent, the operator will take appropriate action, such as suspending use or deleting the data, unless retention is required by law.

10. Policy Changes

• Taplizm follows a principle of "minimum necessary collection."
• If we begin collecting new categories of data, we will update this policy first.
• For material changes, we will provide notice in the app or through store communications before the effective date.
• Japanese law takes precedence over this policy. Data that the operator recognizes as subject to a legal retention or deletion obligation will be handled in accordance with that law.

Change history:

• March 15, 2026 — Revised the server log retention description to match current operations and adjusted the wording for statistics
• March 15, 2026 — Published

11. Operator Information