Privacy Policy

Article 1 Definition of Personal Information

"Personal Information" in this Policy means any information relating to an identified or identifiable individual, including but not limited to name, date of birth, email address, or any other information that can be used to identify a specific person directly or in combination with other information.

This definition aligns with the concepts of "personal data" under GDPR and "personal information" under CCPA.

Article 2 Information We Collect

The Company collects the following information in providing the "Reading Forest" service.

2.1 Information Provided Directly by Users

Type of Information	Examples	Purpose of Collection
Account Information	Full name, email address, password, date of birth	Account management, identity verification, age verification, email address recovery
Parental Information (for child accounts)	Parent/guardian email address	Obtaining parental consent, notifying parents
Inquiry Content	Email address, inquiry details	Responding to inquiries

2.2 Automatically Collected Information

Type of Information	Examples	Purpose of Collection
Access Information	IP address, access date/time	Security measures, service improvement
Device Information	Device ID, browser type, OS, screen resolution, language settings	Device management, fraud prevention
Usage Data	Login history	Security measures, statistical analysis
Browser Storage Information	Authentication tokens, session information	Maintaining login status, improving convenience

Article 3 Purpose of Use

The Company uses collected personal information for the following purposes:

1. Provision, maintenance, protection, and improvement of this Service
2. Account management and identity verification
3. Age verification and provision of age-appropriate features
4. Responding to inquiries from users
5. Investigation and response to violations of Terms of Service
6. Sending important notices regarding the Service
7. Information about new features, campaigns, and events (only with consent)
8. Analysis of service usage and creation of statistical data
9. Prevention and detection of unauthorized access and fraudulent use
10. Obtaining parental consent for accounts of children under 13
11. Response based on legal requirements

Article 4 Protection of Personal Information of Children Under 13

4.1 Parental Consent

Parental consent is required for children under 13 to use this Service. When a parent/guardian creates and manages a child's account, this constitutes parental consent.

4.2 Minimizing Information Collection for Child Accounts

For accounts of children under 13, we minimize the collection of personal information:

Information We Collect

Type of Information	Details	Purpose of Collection
Date of Birth	For age verification only (determining when child turns 13)	Age verification, age-appropriate features, ad-free experience

Parent/guardian email address is information entered by the parent/guardian during registration, not collected from the child (see Article 2 "Parental Information").

Information We Do NOT Collect

The following information is NOT collected from children under 13:

• Child's own email address
• Phone number
• Physical address
• Geolocation data
• Photos or videos

4.3 Use of Children's Personal Information

Children's personal information is used only for the following purposes:

1. Provision of the Reading Notes service
2. Account management
3. Communication with parents (important notices, security-related)
4. Service improvement (only when anonymized as statistical data)

4.4 Parental Rights

Under COPPA and GDPR, parents/guardians have the following rights regarding their child's personal information, which can be exercised directly from the settings screen:

1. Right to Access: You can review the child's personal information held by the Company (account information, email address, date of birth, etc.) in the "My Data" section of the settings screen
2. Right to Rectification: You can change the child's email address and password from the settings screen
3. Right to Deletion: You can delete the child's account from the settings screen (with a 30-day recovery period)
4. Right to Withdraw Consent: You can withdraw consent at any time and delete the child's account

About Reading Notes Data:
Reading Notes content (memos, impressions, etc.) is stored only on your child's device (browser IndexedDB) or Google Drive, and is NOT stored on our servers. Therefore, we cannot view or provide Reading Notes content. To respect your child's privacy, Reading Notes cannot be accessed even by parents/guardians.

4.5 Security for Child Accounts

We implement the following security measures to protect children's personal information:

Technical Measures

• SSL/TLS encrypted communications
• Password strength requirements
• Detection and prevention of unauthorized access

4.6 Restrictions on Third-Party Disclosure

Personal information of children under 13 is NOT provided to third parties as a general rule.

Exceptions:

Limited information may be provided only in the following cases:

1. Legal Requirements: Formal requests from courts, law enforcement, or regulatory authorities
2. Protection of Life and Safety: When urgently necessary to protect the life, body, or property of the child
3. Parental Consent: When explicit consent is obtained from the parent/guardian

4.7 Data Retention Period

Type of Data	Retention Period	Reason
Account Information	30 days after account deletion	Recovery from accidental deletion
Parental Consent Records	30 days after account deletion	Deleted together with account information
Access Logs	90 days	Security measures

4.8 Regular Notifications to Parents

We notify parents/guardians about child accounts at the following times:

• Account creation (consent confirmation)
• Significant privacy policy changes
• Security incidents
• Important changes to account settings

4.9 Response to False Age Declaration

We take appropriate measures in the following cases:

When a Child Under 13 Creates an Account Without Parental Consent

• Account is suspended
• Parent/guardian is contacted (if contact information is available)
• If parental consent is not obtained, account and data are deleted

When False Age Declaration is Discovered

• Accurate age verification
• If under 13: Parental consent is required
• If parental consent is not obtained, account and data are deleted

Article 5 Third-Party Disclosure

5.1 General Principles

The Company will not provide personal information to third parties except in the following cases:

1. When user consent has been obtained
2. When required by law or legal process
3. When necessary to protect life, body, or property and it is difficult to obtain consent from the individual (or parent/guardian if under 13)
4. When particularly necessary to improve public health or promote the sound development of children and it is difficult to obtain consent from the individual (or parent/guardian if under 13)
5. When cooperation is necessary for a government agency to perform legally prescribed duties and obtaining consent from the individual (or parent/guardian if under 13) would impede such duties

5.2 Service Providers

The Company may outsource the handling of personal information to the following service providers:

Service Provider	Purpose	Information Provided
Cloud Server Provider	Data storage and management	Account information
Google LLC (USA)	Google Drive integration feature	Reading Notes files (only when saved by user)
Email Service Provider	Service notification delivery	Email addresses

* We ensure appropriate security management through contractual obligations with all service providers.

5.3 International Data Transfers

Your personal information may be transferred outside your country of residence in the following cases:

1. Google Drive Integration: If you choose to use this feature, your Reading Notes files are stored on Google LLC servers in the United States
2. Cloud Servers: Account information (email address, hashed password, date of birth, etc.) may be stored on cloud services used by the Company

For international transfers, we implement appropriate safeguards:

• SSL/TLS encrypted communications
• Contractual data protection obligations with service providers
• Compliance with applicable data protection regulations (GDPR, etc.)

Article 6 Management of Personal Information

6.1 Security Measures

The Company takes necessary and appropriate measures to prevent leakage, loss, or damage of personal information and to ensure its secure management:

• Technical Measures: SSL/TLS encryption, password hashing, firewalls, unauthorized access monitoring
• Physical Measures: Physical security management of server facilities by data center operators
• Organizational Measures: Personal information handling policies, employee training, access rights management
• Personnel Measures: Confidentiality agreements with employees, regular training

6.2 Retention Period

The Company retains personal information for the following periods:

• Account Information: 1 year after account deletion (then permanently deleted)
• Access Logs: 1 year
• Inquiry History: 2 years after resolution
• Parental Consent Records: Until child reaches 18, or 3 years after account deletion

6.3 Response to Security Incidents

In the event of personal information leakage, loss, or damage, the Company will take the following actions:

1. Prompt Investigation: Immediately investigate the facts upon becoming aware of the incident
2. Regulatory Notification: Report to relevant data protection authorities as required by law (including supervisory authorities under GDPR where applicable)
3. User Notification: Notify affected users by email or website announcement when necessary for preventing secondary damage
4. Preventive Measures: Analyze causes and implement appropriate measures to prevent recurrence

Article 7 Use of Cookies and Local Storage

7.1 Browser Storage Consent

7.2 Data Storage Methods

This Service stores data using the following methods.

Browser Storage (localStorage, IndexedDB)

Using browser storage features, the following data is stored on your device:

• Login status maintenance (authentication token)
• User settings (language preferences, display settings, etc.)
• Consent status recording
• Reading Notes data (auto-saved)

Local File Storage (PC, etc.)

You can download and save your Reading Notes data to your device (PC, etc.) by your own action. In this case, the data is saved to your specified location (such as the Downloads folder).

Cookies

This Service does not directly set cookies. However, if you consent to service usage analysis, Google Analytics cookies (_ga, _gid, etc.) will be set.

7.3 Use of Browser Storage

This Service stores the following data on your device (using browser storage features):

Type of Data	Information Stored	Storage Location / Purpose
Reading Notes Data	Book information, reading progress, memos	IndexedDB (primary storage)
Reading Notes Backup	Automatic backup of Reading Notes	localStorage (data loss prevention)
Browser Storage Consent Status	Consent/decline record, consent date	localStorage (consent management)
Application Settings	Display settings, language settings	User preference retention
Authentication Token	Login session information	Maintaining login status

7.4 Declining Data Storage

If you select "Decline" on the browser storage consent banner:

• No new data will be stored (except for the consent status record)
• The following features will be unavailable:
  • Saving Reading Notes (auto-save to browser storage)
  • Account registration
  • Login
• Browsing the service pages is still possible
• You can change your consent at any time (via "Data Settings" at the bottom of the page)

7.5 Managing Stored Data

You can perform the following actions through your browser settings:

• Disable Cookies: Block cookies in your browser settings
• Clear Browser Storage: Delete via browser settings (clear browsing data)
• Delete Stored Data: Delete via "Data Settings" in this Service

However, if you disable or delete cookies or browser storage, some features of this Service may not function properly.

7.6 Data Storage for Children Under 13

Article 8 About Google Drive Integration

8.1 Use of Google Drive Service

This Service provides a feature to save your Reading Notes data to Google Drive. This feature is completely optional and you can choose whether to use it at your discretion.

8.2 Information Sent to Google Drive

When you use the Google Drive integration feature, the following information is sent to Google LLC (USA) servers:

Type of Information	Specific Contents
Reading Notes Data	Book information (title, author name, publisher, ISBN, total pages, cover image, etc.), reading dates, page ranges, memos
File Metadata	File name, update date/time, file size
Authentication Information	Access token to Google account (sent encrypted)

8.3 How We Handle Your Data

Regarding the Google Drive integration feature, the Company handles data as follows:

• Storage on Our Servers: None - Reading Notes data is NOT stored on our servers; it is stored on your device (browser storage or local files) and Google Drive
• Data Viewing: None - We do NOT view, collect, or analyze Reading Notes data you save to your device or Google Drive
• Third-Party Sharing: None - We do NOT provide data stored on your device or Google Drive to third parties
• Access Token Management - Google account access tokens are stored only in your browser's localStorage and are NOT sent to our servers

8.4 Scope of Google Drive API Use

This Service uses the Google Drive API for the following purposes:

1. Creating and saving Reading Notes files
2. Loading saved files
3. Updating and deleting files
4. Retrieving file lists

All these operations are performed by your own actions, and neither we nor our application automatically access your Google Drive.

8.5 Data Storage Location and Management

• Storage Location: Within your Google Drive account (you can select any folder from the file selection screen)
• Data Ownership: You retain all rights to your data
• Deletion: You can delete files on Google Drive at any time
• Revoking Access: You can revoke this Service's access permissions at any time from your Google account settings

8.6 Google's Privacy Policy and Terms of Service

When using the Google Drive integration feature, Google's privacy policy and terms of service apply. Please review the following links:

• Google Privacy Policy:
  https://policies.google.com/privacy
• Google Terms of Service:
  https://policies.google.com/terms
• Google Drive Additional Terms:
  https://www.google.com/drive/terms-of-service/

8.7 Disconnecting Integration

If you want to disconnect Google Drive integration, you have the following options:

Method 1: Disconnect from This App

1. Click the [Settings] button in the top right of this Service's main screen
2. Select the "Google Drive" tab
3. Click the "Disconnect from Google Drive" button
4. The access token will be deleted from your browser's localStorage

Method 2: Disconnect from Google Account Settings

1. Go to your Google Account (https://myaccount.google.com/)
2. Go to "Security" → "Third-party apps with account access"
3. Select "Reading Forest" and click "Remove Access"

Article 9 User Rights

Under GDPR, CCPA, and other applicable data protection laws, you have the following rights regarding personal information held by the Company:

9.1 Right to Access

You can request disclosure of personal information held by the Company.

9.2 Right to Rectification/Addition/Deletion

You can request correction, addition, or deletion of personal information if the content is inaccurate.

9.3 Right to Restrict Processing/Erasure

You can request cessation of use or erasure of personal information if it is being handled in violation of this Policy.

9.4 Account Deletion

You can delete your account at any time from the account settings screen. After account deletion, all personal information will be completely deleted within 1 year.

Article 10 Use of Statistical Data

The Company may use non-personally identifiable access statistics obtained through Google Analytics for service improvement, marketing, research and development, etc.

Examples:

• "X% of users access from smartphones"
• "Page XX is viewed most frequently"

Note that the content of Reading Notes (book titles, authors, memos, etc.) is NOT sent to our servers and therefore is NOT used as statistical data.

Article 11 Changes to This Policy

1. The Company may change this Policy due to legal amendments or service changes
2. The changed Policy will take effect 14 days after being posted on this website
3. Prior notification will be sent to your registered email address for the following significant changes:
   • Substantial changes to the purpose of use of personal information
   • Expansion of the scope of third-party disclosure
   • Changes that restrict user rights
   • Significant changes to children's personal information protection
4. Continued use of the Service after the effective date constitutes acceptance of the changed Policy

Article 12 Contact Information

Article 13 For EU/EEA Residents - GDPR

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis for Processing: We process your personal data based on consent, contractual necessity, or legitimate interests
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority
• Data Protection Officer: For GDPR-related inquiries, please contact privacy@allisone.co.jp

Article 14 For California Residents - CCPA

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we collect
• Right to Delete: You can request deletion of your personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Do Not Sell: We do NOT sell your personal information to third parties

Copyright Allisone Inc. All Rights Reserved.