PRIVACY POLICY

Last Updated: February 28, 2026

Hyperflops G.K. (Godo Kaisha) (hereinafter referred to as the "Company," "we," "us," or "our") hereby establishes the following Privacy Policy (hereinafter referred to as the "Policy") regarding the handling of personal information of users (hereinafter referred to as "Users" or "you") of the AI-powered Chinese metaphysics and astrology application "FateSign" and related services (hereinafter referred to as the "Service") provided by the Company.

Article 1: Definition of Personal Information

In this Policy, "personal information" refers to "personal information" as defined in the Act on the Protection of Personal Information (Act No. 57 of 2003, as amended; hereinafter referred to as the "APPI"), meaning information relating to a living individual that can identify a specific individual by name, date of birth, or other descriptions contained in such information, or that contains an individual identification code.

In this Policy, "personal-related information" (kojin kanren joho) refers to personal-related information as defined in Article 2, Paragraph 7 of the APPI, including Cookie identifiers, IP addresses, device identifiers, and other information that alone cannot identify a specific individual.

Article 2: Personal Information Protection Manager

The Company has designated the following person as the Personal Information Protection Manager to ensure the proper management of personal information:

Personal Information Protection Manager: Yujie Zhuang
Contact: [email protected]

Article 3: Information Collected and Purposes of Use

The Company collects the following information to provide Users with highly personalized Chinese metaphysics (Four Pillars of Destiny, Zi Wei Dou Shu, etc.) and astrological analyses, and uses such information within the scope of each respective purpose. In accordance with Article 17, Paragraph 1 of the APPI, the Company shall not handle personal information beyond the scope necessary to achieve the purposes of use specified below.

3.1 Account Information

Information collected: Email address, password (stored in hashed form), display name, etc.
Purpose of use: To provide the Service, verify identity, and contact you as necessary (such as for important notices, support responses, and service change notifications).

3.2 Metaphysical Metadata

Information collected: Date of birth, time of birth, place of birth, gender, etc.
Purpose of use: To accurately calculate natal charts and astrological charts and provide personalized consultation services.

3.3 Chat Data and Prompts

Information collected: Text entered by Users into the AI, content of questions, and AI-generated outputs.
Purposes of use:
To maintain a history of interactions with Users and provide continuous service.
After processing into anonymously processed information (tokumei kako joho) pursuant to Article 43 of the APPI, to improve the UI of the Service and to enhance and develop the Company's proprietary algorithms and system prompts. In creating anonymously processed information, the Company shall process the information appropriately in accordance with the standards prescribed by the Rules of the Personal Information Protection Commission and shall implement security control measures for the information regarding the processing methods.

3.4 Payment Information

Information collected: Billing information (name, address, etc.)
Purpose of use: To bill and process payments for Paid Services. Payments are processed through our partnered payment processor (Stripe Inc.), and the Company does not retain credit card numbers directly.

3.5 Usage and Analytics Data (Personal-Related Information)

Information collected: IP address, device information, browser information, Cookie identifiers, access logs, etc.
Purpose of use: To investigate and analyze usage patterns of the Service and to improve the Service.

3.6 Changes to Purposes of Use

When changing the purposes of use, the Company shall not exceed the scope reasonably deemed relevant to the purposes of use prior to the change (Article 17, Paragraph 2 of the APPI), and shall notify or publicly announce the changed purposes of use to Users through updates to this Policy or other means. If use beyond the scope of the specified purposes becomes necessary, the Company shall obtain the User's consent in advance.

Article 4: Provision to Third Parties and Outsourcing

4.1 Outsourcing (Article 27, Paragraph 5, Item 1 of the APPI)

The Company outsources the handling of personal data to the following processors within the scope necessary to achieve the purposes of use. The Company exercises necessary and appropriate supervision over such processors to ensure the secure management of personal information.

Payment processor (Stripe Inc.): Billing information is shared for payment processing.
Cloud infrastructure provider: Data is stored on servers for data storage and processing.
Analytics provider (Google LLC): Usage data is shared with Google Analytics to understand service performance.

4.2 Third-Party Provision (Provision to AI Model Providers)

The Company provides Users' text prompts and necessary metaphysical data to the following third-party AI model providers via API to generate AI responses. As this may constitute third-party provision under the APPI beyond mere outsourcing, such provision is made based on the User's consent.

OpenAI, L.L.C. (United States)
Anthropic, PBC (United States)

The Company has entered into enterprise/API agreements with these providers that stipulate that user data submitted via API shall not be used for training their foundational models.

4.3 Provision Based on Laws and Regulations

The Company may provide personal information to third parties without the User's consent in the following cases:

Where required by laws and regulations (pursuant to each item of Article 27, Paragraph 1 of the APPI).
Where necessary for the protection of the life, body, or property of an individual and it is difficult to obtain the consent of the individual.
Where especially necessary for improving public health or promoting the sound growth of children and it is difficult to obtain the consent of the individual.
Where it is necessary to cooperate with a national government organ, a local government, or a person entrusted thereby in executing affairs prescribed by laws and regulations, and obtaining the consent of the individual may impede the execution of such affairs.

Article 5: Provision to Third Parties in Foreign Countries

5.1 Countries and Regions of Transfer

Because the Service is provided globally, the AI model providers and third-party processors used by the Company may be located in the following countries and regions:

United States of America: Location of OpenAI, Anthropic, Stripe, Google, and others.

5.2 Overview of the Personal Information Protection System in the Destination Country

In accordance with Article 28 of the APPI and Article 17 of the Enforcement Rules of the APPI, the Company provides the following information regarding the personal information protection system in the destination country:

United States: There is no comprehensive federal-level data protection law in the United States equivalent to Japan's APPI. However, sector-specific laws (such as HIPAA and GLBA) and state laws (such as the CCPA/CPRA in California) exist. Additionally, the Federal Trade Commission (FTC) has enforcement authority over unfair or deceptive trade practices.

5.3 Protective Measures at the Destination

The Company has implemented the following measures in connection with the provision of personal data to third parties in foreign countries:

The Company has entered into data processing agreements (DPAs) with each provider that require the protection of personal data at a level equivalent to that provided under Japan's APPI.
The Company periodically confirms the personal information protection measures implemented by each provider.

5.4 Consent

By using the Service, you consent to the provision of your personal data to third parties in the foreign countries described above. You may withdraw this consent at any time; however, withdrawal may result in your inability to use all or part of the Service.

Article 6: Third-Party Provision of Personal-Related Information

The Company may provide personal-related information collected through Cookies and similar technologies (such as IP addresses, device identifiers, and browsing history) to third parties such as Google Analytics. Where it is anticipated that such personal-related information will be acquired as personal data by the receiving third party (Article 31 of the APPI), the Company shall confirm that the third party has obtained the consent of the User before making such provision.

Article 7: Cookies and Tracking Technologies

7.1 Use of Cookies

The Company uses the following types of Cookies in the Service:

Essential Cookies: Cookies that are indispensable for providing the basic functions of the Service, such as maintaining login sessions.
Analytics Cookies: Cookies used in conjunction with Google Analytics to analyze usage patterns of the Service.

7.2 Google Analytics

The Company uses Google Analytics, provided by Google LLC, to analyze usage of the Service. Google Analytics uses Cookies to collect user information, but does not include information that identifies individuals. The collected data is managed in accordance with Google's Privacy Policy. For details, please refer to https://policies.google.com/privacy.

7.3 Opt-Out

Users may refuse the use of analytics Cookies by the following methods:

Disabling or deleting Cookies through your browser settings.
Installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout).

Please note that disabling essential Cookies may result in some features of the Service being unavailable.

Article 8: Data Retention Periods

8.1 Account Information and Metaphysical Data

Retained for as long as the account remains active.

8.2 Chat Data

Retained for as long as the account remains active. Users may delete individual chat histories from within the app.

8.3 Payment Information

Retained for the period required by applicable laws and regulations (such as the Electronic Book Preservation Act and the Corporation Tax Act, up to a maximum of 7 years).

8.4 Usage and Analytics Data

Retained for a maximum of 26 months from the date of collection (in accordance with Google Analytics data retention settings).

8.5 Anonymously Processed Information

Anonymously processed information created pursuant to Section 3.3 may be retained and used indefinitely for as long as necessary to achieve the applicable purposes, as it cannot be used to identify specific individuals.

Article 9: Account Deletion and Data Erasure

9.1 User Deletion Requests

Users may request the deletion of specific chat histories or the deletion of their entire account at any time through the settings screen within the app or by contacting the Company by email.

9.2 Execution of Deletion

Upon receipt of an account deletion request, the Company shall promptly (in principle, within 30 days) completely delete the User's personally identifiable information and chat history from active servers. However, the following data may be retained after deletion:

Payment-related information that is required to be retained under applicable laws pursuant to Section 8.3.
Anonymously processed information already created pursuant to Section 8.5 (which cannot be used to re-identify specific individuals).
Data contained in backup systems (which will be sequentially deleted within a technically reasonable period).

Article 10: Requests for Disclosure of Retained Personal Data

10.1 Requests for Disclosure and Related Actions

Users may make the following requests to the Company pursuant to Articles 33 through 39 of the APPI:

Notification of the purpose of use of retained personal data.
Disclosure of retained personal data.
Correction, addition, or deletion of the content of retained personal data.
Suspension of use or erasure of retained personal data.
Suspension of provision of retained personal data to third parties.

10.2 Request Procedures

To make any of the above requests, please contact the inquiry point listed in Article 15, accompanied by identity verification documents. The Company shall verify your identity and respond within the period prescribed by law.

10.3 Cases Where Requests Cannot Be Fulfilled

The Company may be unable to fulfill requests for disclosure and related actions in the following cases. In such cases, the Company shall notify you of the reasons without delay.

Where identity verification cannot be completed.
Where the Company is not obligated to fulfill the request under applicable laws.
Where fulfilling the request would significantly impede the proper conduct of the Company's business.
Where fulfilling the request would result in a violation of other laws or regulations.

Article 11: Security Control Measures

The Company implements the following measures to prevent the leakage, loss, or damage of personal information and to ensure its security:

11.1 Organizational Security Control Measures

Appointment of a Personal Information Protection Manager and clarification of the responsibility structure.
Development and operation of rules regarding the handling of personal information.
Regular inspections and audits of the status of personal information handling.

11.2 Human Security Control Measures

Execution of non-disclosure agreements with employees.
Provision of education and training to employees regarding the handling of personal information.

11.3 Physical Security Control Measures

Management of areas where personal data is handled.
Prevention of theft of equipment and electronic media.

11.4 Technical Security Control Measures

Access control and identification and authentication of access persons.
Encryption of communications (SSL/TLS).
Storage of passwords in hashed form.
Measures to prevent and detect unauthorized access.

Note: 100% security cannot be guaranteed for communications over the Internet or electronic storage methods.

Article 12: Precautions for AI Chat Input

[IMPORTANT] Users are strongly advised not to enter highly sensitive personally identifiable information (PII) into the AI chat interface, including real names, My Number, credit card numbers, or detailed addresses. Text entered into the AI chat will be transmitted to third-party AI model providers as described in Articles 4 and 5. The Company shall not be liable for damages arising from the entry of sensitive information into the AI chat, provided that the Company has given appropriate warnings.

Article 13: Amendments to the Privacy Policy

This Policy may be amended, except for matters otherwise provided for by laws or regulations or elsewhere in this Policy. For material changes, including changes to the purposes of use, the Company shall notify Users at least 14 days before the effective date of the amended Privacy Policy by posting a notice on the Service or by email notification. The amended Privacy Policy shall take effect from the effective date stated in the notification.

Article 14: Public Announcement Regarding Retained Personal Data

Pursuant to Article 32 of the APPI, the Company hereby publicly announces the following matters regarding its retained personal data:

Name, address, and name of the representative of the personal information handling business operator:

Hyperflops G.K. (Godo Kaisha)
Address: Nihonbashi 2-1-17, Chuo-ku, Tokyo, Japan
Representative Member: Yujie Zhuang

Purposes of use of all retained personal data: As stated in Article 3.
Procedures for requests for disclosure and related actions: As stated in Article 10.
Overview of security control measures implemented for retained personal data: As stated in Article 11.
Complaint contact: Same as the inquiry point stated in Article 15.

Article 15: Inquiry Contact

For questions, requests, or complaints regarding the Company's handling of personal information, please contact us at:

Operating Company: Hyperflops G.K. (Godo Kaisha)
Address: Nihonbashi 2-1-17, Chuo-ku, Tokyo
Personal Information Protection Manager: Yujie Zhuang
Email: [email protected]

End of Privacy Policy