The operator of "Qoodish" (the "Service") ("we," "us," or "our") establishes this Privacy Policy (this "Policy") regarding the handling of users' personal information in the Service.
Article 1 (Operator Information)
The operator of the Service is as follows.
Operator: Qoodish (operated by an individual)
Contact: support@qoodish.com
The operator's name and address will be disclosed without delay, after identity verification, upon a request based on laws and regulations.
Article 2 (Definition of Personal Information)
In this Policy, "personal information" means personal information as defined in Article 2, Paragraph 1 of the Act on the Protection of Personal Information (the "APPI"): namely, information about a living individual that can identify the specific individual by name, date of birth, or other description contained in the information, or that contains an individual identification code.
Article 3 (Personal Information We Collect and How We Collect It)
In providing the Service, we collect the following personal information.
Information relating to registration and authentication
When email link authentication is used: email address
When authentication via a Google account is used: the user's identifier, name, email address, and other authentication information provided by Google
Authentication is performed through Google Cloud Identity Platform, an authentication platform provided by Google LLC.
Profile information
Display name, biography, and profile image
Content posted by users
The names, comments, and images of maps and reports, and the location information (latitude and longitude) of the places concerned
Location information
Location information obtained from the user's device when the "current location" feature is used. Location information is obtained only based on the user's action and the permission granted on the device.
Information relating to the device and notifications
The device registration token used to deliver push notifications (we use Firebase Cloud Messaging).
Information relating to use of the Service
The status of use of the Service, pages viewed, and information about the device and browser. We may obtain such information through the external transmission and access analysis described in Article 9.
Cookies and other identifiers used to maintain the authentication state
Article 4 (Purposes of Use)
We use the personal information we collect within the scope of the following purposes.
To provide, maintain, and operate the Service
To authenticate users, accept registrations, and manage accounts
To display and share content posted by users with other users on the Service
To provide features relating to maps, routes, and location information
To deliver push notifications and other communications
To analyze how the Service is used and to maintain, improve, and develop the Service
To respond to conduct that violates the Terms of Service and otherwise to operate the Service safely
To respond to inquiries from users
For purposes incidental to the purposes set out above
Article 5 (Changes to Purposes of Use)
We may change the purposes of use of personal information to the extent that the changed purposes are reasonably deemed to be relevant to the purposes of use before the change. If we change a purpose of use, we will notify users of the changed purpose by posting it on the Service or by other appropriate means, or will make it public.
Article 6 (Provision of Personal Data to Third Parties)
We will not provide personal data to any third party without obtaining the prior consent of the user, except in any of the following cases.
Where required by laws and regulations
Where it is necessary to protect the life, body, or property of a person and it is difficult to obtain the consent of the user
Where it is especially necessary to improve public health or promote the sound growth of children and it is difficult to obtain the consent of the user
Where it is necessary to cooperate with a state organ, a local government, or a party entrusted by either in performing affairs prescribed by laws and regulations, and obtaining the consent of the user is likely to impede the performance of such affairs
Where personal data is provided in connection with the succession of business due to a merger or other reason
Article 7 (Entrustment of Handling of Personal Data)
We may entrust all or part of the handling of personal data to external service providers within the scope necessary to achieve the purposes of use. In such cases, we exercise necessary and appropriate supervision over those providers. The principal external providers used by the Service are as follows.
Google LLC (provision of Google Cloud Identity Platform, Firebase Cloud Messaging, Google Analytics for Firebase, and Google Maps Platform)
Cloudflare, Inc. (storage and delivery of images)
Vercel Inc. (hosting of the Service)
Article 8 (Provision to Third Parties in Foreign Countries)
Among the external providers set out in the preceding Article, Google LLC, Cloudflare, Inc., and Vercel Inc. are located in a foreign country (the United States of America), and users' personal data may be handled in that foreign country in connection with such entrustment. In providing personal data to third parties in a foreign country, we provide the following information.
Name of the foreign country in which the third party is located: the United States of America
The personal information protection system in that foreign country: the United States does not have a comprehensive, cross-sectoral federal statute protecting personal information; rather, it is governed by sector-specific laws and state laws. Please also refer to the information on foreign systems published by the Personal Information Protection Commission.
Measures taken by the third party to protect personal information: each provider takes the safety management measures necessary to protect personal information in accordance with its own privacy policy and data processing terms.
Article 9 (External Transmission, Cookies, and Access Analysis)
The Service may transmit information about users from users' devices to external providers. The content of the information transmitted, the recipients, and the purposes of use are as follows.
Google Analytics for Firebase (recipient: Google LLC)
Information transmitted: pages viewed, information about the device and browser, identifiers relating to usage, and the like
Our purpose of use: analyzing how the Service is used and improving its quality
The recipient's purpose of use: as set out in the privacy policy established by Google LLC
Google Maps Platform (recipient: Google LLC)
Information transmitted: communication information necessary to display maps and use location features, information relating to location, and the like
Our purpose of use: providing features relating to maps, routes, and location information
The recipient's purpose of use: as set out in the privacy policy established by Google LLC
The Service uses cookies to maintain the authentication state and otherwise to provide the Service. Users may refuse to accept cookies through their browser settings, but in that case some features of the Service may not be available. To disable the collection of information by Google Analytics, please use the opt-out function provided by Google.
Article 10 (Requests for Disclosure and the Like Regarding Retained Personal Data)
If a user requests, under the APPI, notification of the purpose of use, disclosure, correction, addition, or deletion of the content, suspension of use, erasure, or suspension of provision to third parties of retained personal data (a "Request for Disclosure"), we will respond without delay in accordance with laws and regulations, after confirming that the request is made by the user.
A Request for Disclosure should be made to the contact set out in Article 1. We may be unable to respond to a request where it does not meet the requirements prescribed by laws and regulations, or where we are not obligated to respond under laws and regulations.
Article 11 (Security Management Measures)
We take necessary and appropriate measures, including the following, to prevent the leakage, loss, or damage of the personal data we handle and otherwise to manage the security of personal data.
Organizational security management measures: we limit the persons who handle personal data and the scope of such handling, and maintain a system that enables the status of such handling to be confirmed.
Human security management measures: we make those who handle personal data aware of appropriate handling.
Technical security management measures: we restrict access privileges to personal data and take measures to prevent unauthorized access.
Physical security management measures: we take measures to prevent the unauthorized removal and leakage of personal data in the environment in which it is handled.
Understanding of the external environment: where personal data is handled in a foreign country, we take security management measures after understanding the system for the protection of personal information in that foreign country.
Article 12 (Response to Leakage and the Like of Personal Data)
If a leakage, loss, or damage of personal data we handle, or any other situation prescribed by the APPI, occurs, we will report to the Personal Information Protection Commission, notify the affected users, and take other necessary action, in accordance with laws and regulations.
Article 13 (Use by Minors)
If a user is a minor, the user shall use the Service after obtaining the consent of a person with parental authority or another statutory agent.
Article 14 (Changes to the Privacy Policy)
We may change this Policy in response to amendments to laws and regulations or changes to the content of the Service. Where we change this Policy, the changed Policy shall apply from the time it is posted on this page. Where we make a material change, we will notify users by posting on the Service or by other appropriate means.
Article 15 (Contact)
For inquiries regarding this Policy, please contact the following.