We have established this Privacy Policy to ensure the proper handling of personal data based on the Act on the Protection of Personal Information of Japan ("APPI") and—where applicable—the EU/EEA/UK General Data Protection Regulation (GDPR/UK GDPR) and the California Consumer Privacy Act as amended by the CPRA (CCPA). Unless otherwise specified, terms used herein have the meanings defined by the applicable laws.

1. Company Name, Address, and Representative

Name: Panory, Inc.
Address: 3rd floor, Navi Shibuya V, 5-5 Maruyamacho, Shibuya-ku, Tokyo
Representative: MATSUDA Kengo

2. Compliance with Laws and Regulations

To realize personal information protection, our company complies with the Personal Information Protection Act, ministerial guidelines, and other related laws and regulations.

3. Data Controller and Contact

For the purposes of GDPR/UK GDPR, Panory, Inc. is the data controller for personal data processed in connection with this website and our services. If you have questions or wish to exercise your rights, please contact us at: info@panory.jp.

4. Categories of Personal Information We Collect

We collect the following categories of information, depending on your interactions with us:

• Identifiers and contact details (e.g., name, email address, phone number, postal address, account identifiers)
• Professional or employment-related information (e.g., company name, role/title)
• Commercial information (e.g., records of services used, inquiries, transaction-related information)
• Internet or other network activity and device information (e.g., IP address, device identifiers, browser/OS, pages viewed, referral URLs, usage timestamps)
• Geolocation information in an imprecise/general sense derived from IP address
• User-generated content you provide to us via forms or support channels

We do not intend to collect sensitive personal information. If the provision of such information is necessary, we will obtain it only with your explicit consent or as permitted by law and limit its use to the specified purpose.

5. Collection of Personal Information

We collect personal information such as the provider's name, contact information, and corporate information on our website or in applications provided by our company (hereinafter referred to as "our media").

Sources of collection include:

• Directly from you (e.g., forms, inquiries, account registration, job applications)
• Automatically when you use our media (e.g., through cookies, log files, beacons)
• From service providers and partners that support our operations (e.g., analytics, hosting, recruiting platforms)

6. Purpose and Legal Bases for Processing

Except in cases permitted by the Personal Information Protection Act and other laws, we use the acquired personal information within the scope of the following purposes. Personal information acquired from our media may be supplemented with information obtained offline or from other information sources.

Where GDPR/UK GDPR applies, we process personal data under the following legal bases: (i) performance of a contract or taking steps at your request prior to entering into a contract; (ii) our legitimate interests (for example, operating, securing, and improving our services, communicating with you, and preventing fraud), balanced against your interests and rights; (iii) your consent, where required (for example, for certain marketing and non-essential cookies); and (iv) compliance with legal obligations.

(1) Personal Information of Employees and Former Employees

• For confirmation and communication of work progress, safety status in emergencies, etc.
• For proper management of salary payment, personnel information, labor information, and health information for employees
• For providing information necessary for the use of welfare benefits
• For sending retirement-related documents to former employees and confirming and communicating necessary procedures

(2) Personal Information of Job Applicants

• For providing job information, interview schedules, employment procedures, and other information and communication to job applicants
• For confirming and communicating hiring results, schedule adjustments, etc. to recruitment agencies

(3) Personal Information of Business Partners

• For necessary business communication and conducting business meetings
• For managing business partner information such as mailing and payment destinations

(4) Personal Information of Users of Our Services

• For providing information about our service functions, specifications, inquiries, updates, etc.
• For providing our services and managing individual usage permissions
• For understanding and managing the usage status and operational status of our services
• For improvement and new development of our services
• For conducting surveys related to functions and usage status of our services
• For creating, using, and providing statistical data and marketing materials related to our services after processing data so that individuals cannot be identified

7. Use for Purposes Different from the Original Purpose of Acquisition

Except in cases permitted by the Personal Information Protection Act and other laws, we do not use acquired personal information beyond the scope of the original purpose of acquisition. If we need to use personal information beyond the scope of the original purpose of use, we will use it after obtaining prior consent from the data subject.

8. Third-Party Disclosure and Processors

We may disclose personal information to service providers that process data on our behalf for the purposes described above (e.g., cloud hosting, analytics, customer support, recruiting). We require such providers to process personal information pursuant to appropriate contractual safeguards.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as defined by the CCPA/CPRA. If in the future we engage in activities that constitute a “sale” or “sharing” under the CCPA, we will provide required notices and offer the right to opt out via a “Do Not Sell or Share My Personal Information” link.

9. Joint Use of Personal Information

We do not jointly use acquired personal information.

10. Technical Information such as Log Files, Cookies, and Web Beacons

On our media, we collect information such as your IP address, number of accesses, browser used, OS, and other terminal information through log file collection, cookie transmission (including cookie transmission from third-party servers for advertising effectiveness measurement), and web beacon installation. When using smartphone apps, we also acquire terminal ID and Wi-Fi connection information from the app. You can refuse to accept cookies by setting your browser, but in that case, some services of the website may not be available. This information is collected for the purpose of analyzing usage trends on our media and investigating causes when problems occur, and is not used for the purpose of identifying individuals.

Where required by law (e.g., in the EU/EEA/UK), we obtain your consent for non-essential cookies and similar technologies. You can manage your preferences at any time via Cookie Settings.

Our media also uses Google Analytics and Firebase provided by Google for usage analysis. Google Analytics and Firebase use cookies and web beacons to collect usage data of our media in a format that cannot identify individuals. The use of cookies in Google Analytics and Firebase follows Google's privacy policy and terms.

For information on the mechanism of data collection by Google Analytics and Firebase and how to disable it, please see here:
Google Policies and Terms: https://policies.google.com/technologies/partner-sites?hl=en
Firebase Terms of Service: https://firebase.google.com/terms

11. International Data Transfers

We store and process personal information on servers located in Japan and the United States. For transfers from the EU/EEA/UK, we rely on applicable transfer mechanisms such as adequacy (Japan) and the European Commission’s Standard Contractual Clauses or their UK equivalents (for transfers to the United States), along with supplementary safeguards as appropriate.

12. Security Management Measures

To ensure the proper handling of personal data, we have established this Privacy Policy as a basic policy regarding "compliance with laws and regulations" and "notification of changes and updates to the Privacy Policy and complaints." We regularly conduct internal education on security and personal information protection, striving to improve and raise awareness of personal information protection among employees, and include matters related to confidentiality of personal data in employment contracts or work rules. We also take all preventive measures to protect acquired personal information, which is protected both online and offline. In addition to organizational and physical security management measures such as establishing management flows and restricting areas where personal information handling operations are conducted, we implement technical security management measures such as firewalls, intrusion detection, and SSL, paying close attention to the handling of personal information and making it accessible only to those who have been granted the authority necessary for business.

13. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy (including satisfying legal, accounting, or reporting requirements). Retention periods vary depending on the type of data and our legal obligations; we periodically review and securely delete or anonymize data when it is no longer needed.

14. Children’s Privacy

Our media and services are not directed to children below the age of 13 (or 16 where required by law), and we do not knowingly collect personal information from such children. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

15. Reporting of Leaks

In the event of leakage, loss, damage, etc. of personal information handled by us, if reporting to the Personal Information Protection Commission and notification to the data subject are required based on the provisions of the Personal Information Protection Act, we will make such reports and notifications.

16. Your Rights (GDPR/UK GDPR)

Where GDPR/UK GDPR applies, you have the right to request access to your personal data, rectification, erasure, restriction of processing, data portability, and to object to processing based on our legitimate interests. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact us at info@panory.jp. If you have an account for our services including “Kirokusion,” you may also verify or correct certain information in “Edit User Information” after logging in.

17. California Privacy Notice (CCPA/CPRA)

(1) Categories Collected and Purposes of Use

In the preceding 12 months, we have collected the categories described in Section 4 from the sources listed in Section 5 for the business purposes described in Section 6.

(2) Disclosure of Personal Information

We disclose personal information to service providers for business purposes (e.g., hosting, analytics, support). We have not sold or shared personal information for cross-context behavioral advertising in the preceding 12 months.

(3) Your CCPA Rights

• Right to know/access the categories and specific pieces of personal information we collect, use, disclose, and (if applicable) sell or share
• Right to delete personal information, subject to exceptions
• Right to correct inaccurate personal information
• Right to opt out of sale or sharing of personal information (if applicable)
• Right to limit the use and disclosure of sensitive personal information (if applicable)
• Right to non-discrimination for exercising your rights

(4) How to Exercise Your Rights

You may submit requests by emailing info@panory.jp. We will verify your request consistent with the CCPA. Authorized agents may submit requests on your behalf subject to verification.

If we engage in activities constituting a “sale” or “sharing,” you will be able to exercise your rights at: Do Not Sell or Share My Personal Information and Limit the Use of My Sensitive Personal Information.

18. Handling of Personal Information at Linked Sites

External links may exist on our media. The scope of application of this Privacy Policy is limited to "our website group" and "our app group" including the smartphone app "Kirokusion," so please refer to the privacy statement of the linked website for the handling of personal information on external websites. However, for surveys, we use external ASPs and may transition to domains other than "our website group." The handling of personal information there is within the scope of application of this Privacy Policy.

19. Changes and Update Notifications to Privacy Policy and Complaints

We regularly review and improve our services. Accordingly, we may change this Privacy Policy. When there are important changes to the Privacy Policy, we will announce them on our media. For inquiries and complaints regarding our handling of personal information, please contact us at the following address.

Panory, Inc.
3rd floor, Navi Shibuya V, 5-5 Maruyamacho, Shibuya-ku, Tokyo
info@panory.jp

20. Cookie and Preference Links

• Cookie Settings (manage non-essential cookies)
• Do Not Sell or Share My Personal Information (CCPA/CPRA)
• Limit the Use of My Sensitive Personal Information (CCPA/CPRA)

Last updated: August 8, 2025