FactDecode Privacy Policy
Last updated: June 28, 2026
Effective date: June 28, 2026
Version: 1.0
IN MY BOOK, Inc. (the "Company") establishes this Privacy Policy (the "Policy") as follows regarding the handling of user information and personal information in "FactDecode" (the "Service") provided by the Company.
This Policy applies together with the Terms of Use, Data Policy, and other related rules established by the Company for the Service.
This English version is provided for reference purposes only. If there is any inconsistency or conflict between the Japanese version and this English version, the Japanese version shall prevail.
Japanese official version: FactDecodeプライバシーポリシー
Article 1 (Scope of Application)
- This Policy applies to user information and personal information obtained or handled by the Company in connection with the use, browsing, registration, login, inquiries, payments, support, and other matters related to the Service.
- If External Services are used in connection with the Service, the handling of information by the providers of such External Services may be subject to the privacy policies, terms, and other conditions of those External Services.
- In addition to this Policy, the Data Policy separately established by the Company may apply to the handling of market data, macroeconomic data, external data sources, analytical data, analysis results, and similar data in the Service.
Article 2 (Information Collected)
The Company may collect or handle the following information in providing the Service.
1. Account and authentication information
Name, display name, email address, identifiers provided by Google accounts or other external authentication services, profile information, authentication status, login date and time, session information, device identifiers, browser identifiers, and other information necessary for account management.
2. Contract and payment information
Pricing plan, contract status, subscription status, billing history, payment status, customer IDs or transaction IDs issued by payment service providers, and other information necessary for contract and payment management.
In principle, credit card numbers and other detailed payment method information are handled by payment service providers rather than by the Company.
3. Information concerning use of the Service
Projects, datasets, factors, analysis settings, workspace settings, analysis execution history, analysis results, screen operation history, functions used, error information, logs, access date and time, IP address, User-Agent, cookies, device information, browser information, language settings, and other information concerning use of the Service.
4. Information input or uploaded by Users
Data, notes, settings, files, text, inquiry contents, and other information voluntarily provided by Users that Users input, upload, store, edit, or designate for analysis on the Service.
5. Inquiry and support information
Name, email address, inquiry contents, support history, communications with the Company, attachments, and other information necessary for responding to inquiries and providing support.
6. Information concerning External Service integrations
Information provided by, or necessary for integration with, Google login, payment service providers, cloud services, email delivery services, access analytics services, error monitoring services, and other External Services integrated with the Service.
Article 3 (Purposes of Use)
The Company uses collected information for the following purposes.
- To provide the Service, conduct authentication, manage logins, manage accounts, and verify identity.
- To manage contracts, calculate fees, conduct billing and payment processing, handle plan changes and cancellations, confirm subscription status, and prevent unauthorized use.
- To provide, store, display, and manage projects, datasets, factors, analysis settings, analysis results, workspaces, and other functions of the Service.
- To integrate with external data sources, external APIs, authentication services, payment service providers, cloud services, and other External Services.
- To respond to inquiries, provide support, handle failures, verify identity, provide important notices, and conduct administrative communications.
- To maintain and operate the Service, investigate failures, improve quality, improve functions, analyze usage, conduct statistical analysis, and develop new functions.
- To ensure security and to detect, prevent, and respond to unauthorized access, unauthorized use, account sharing, violations of terms, circumvention of authority, spam, attacks, and other fraudulent or improper acts.
- To confirm compliance with and respond to violations of the Terms of Use, Data Policy, this Policy, and other rules established by the Company.
- To respond to requests from laws and regulations, administrative agencies, courts, police, attorneys, and other public authorities or professionals.
- To provide information to Users regarding guidance, announcements, surveys, campaigns, marketing, improvement proposals, and other information concerning the Company's services.
- To process, aggregate, statistically analyze, analyze, or otherwise handle information generated or accumulated on the Service, including Users' usage status, input data, analysis conditions, settings, analysis execution history, analysis results, and operation history, in a manner that does not identify any individual or specific User, and to use such information for improvement of the Service, development of new functions, enhancement of analysis functions, indicators, models, and other service quality, the Company's research and studies, business decisions, and service operations.
- For purposes incidental or related to the purposes set forth above.
Article 4 (Handling of Google User Data)
- The Company may use Google login and other Google API Services to the extent necessary for login, authentication, account identification, and other provision of the Service.
- Information obtained by the Company through Google API Services is limited to the scope necessary for providing the Service, authentication, account management, ensuring security, and support.
- The Company uses Google user data only within the scope of the purposes expressly indicated to Users and the purposes set forth in this Policy.
- The Company does not use Google user data for advertising delivery, retargeting, personalized advertising, creditworthiness assessment, lending decisions, or sale to data brokers.
- The Company does not provide Google user data to third parties except where required by law, where the User has consented, where it is provided to contractors necessary for the provision or improvement of the Service, where necessary for security response or investigation of unauthorized use, or in other cases set forth in this Policy.
- The Company endeavors to prevent human access to Google user data except where necessary for providing the Service, security response, support, legal compliance, or an explicit request from the User.
Article 5 (Cookies, Device Identifiers, and Access Analytics)
- The Company may use cookies, local storage, device identifiers, browser identifiers, and similar technologies for providing the Service, maintaining login status, managing sessions, ensuring security, preventing unauthorized use, analyzing usage, improving functions, and optimizing display.
- Users may disable or delete cookies through browser settings. However, if cookies are disabled, some or all functions of the Service may not be available.
- The Company may use access analytics tools, error monitoring tools, log analysis tools, and other external tools. Information collected through such tools may be handled in accordance with the terms and privacy policies of the respective tool providers.
Article 6 (Provision to Third Parties)
- Except in any of the following cases, the Company will not provide personal data to third parties without obtaining the prior consent of the User.
- Where provision is based on laws or regulations.
- Where provision is necessary to protect the life, body, or property of a person and it is difficult to obtain the consent of the data subject.
- Where provision is especially necessary for improving public health or promoting the sound growth of children and it is difficult to obtain the consent of the data subject.
- Where it is necessary to cooperate with a national government agency, local public entity, or a person entrusted thereby in performing affairs prescribed by laws or regulations, and obtaining the consent of the data subject is likely to impede the performance of such affairs.
- Where the User has consented.
- Where the Company entrusts handling of personal data to a contractor to the extent necessary to achieve the Company's purposes of use, including provision, maintenance, payment processing, authentication, support, notifications, access analytics, error monitoring, cloud hosting, and other operations of the Service.
- Where personal data is provided in connection with a merger, company split, business transfer, or other business succession.
- Where otherwise permitted by the Act on the Protection of Personal Information of Japan or other applicable laws and regulations.
- When the Company entrusts the handling of personal data pursuant to item 6 of the preceding paragraph, the Company endeavors to exercise necessary and appropriate supervision over the contractor.
Article 7 (External Entrustment and External Services)
- The Company may entrust external business operators with cloud hosting, databases, authentication, payment processing, email delivery, access analytics, error monitoring, inquiry management, development, maintenance, operations, and other work to the extent necessary for providing the Service.
- The main External Services used in the Service include Google login, payment service providers, cloud services, email delivery services, access analytics services, error monitoring services, and other services the Company deems necessary for providing the Service.
- Providers of External Services may be located outside Japan. In such cases, the Company endeavors to confirm, to the extent required by law, the systems, contracts, and other necessary matters concerning the protection of personal information by such External Service providers.
Article 8 (Security Control Measures)
The Company endeavors to implement necessary and appropriate security control measures, including the following, to prevent leakage, loss, damage, unauthorized access, unauthorized use, and other risks concerning personal data handled by the Company.
- Management and minimization of access privileges.
- Appropriate management of authentication information, API keys, secrets, and other confidential information.
- Encryption of communications and appropriate storage management.
- Log monitoring, error monitoring, and detection of unauthorized use.
- Supervision of employees and contractors who handle personal data.
- Deletion of information that is no longer necessary or restriction of access thereto.
- Investigation, prevention of damage expansion, prevention of recurrence, and necessary notification or reporting in the event of a security incident.
Article 9 (Retention Period)
- The Company retains collected information for the period necessary to achieve the purposes of use, the duration of the contract or account, the retention period required by law, and the period necessary for legitimate purposes including dispute resolution, prevention of unauthorized use, ensuring security, accounting and tax processing, and other legitimate purposes.
- Even if a User requests account deletion, contract termination, or data deletion, the Company may retain certain information for a certain period to the extent necessary for legal compliance, fee settlement, dispute resolution, prevention of unauthorized use, backups, log management, and other legitimate purposes.
- Information stored for backups, logs, audit records, and other system operation purposes may be sequentially deleted or anonymized in accordance with normal operational cycles.
Article 10 (Requests for Disclosure, Correction, Suspension of Use, etc.)
- Users may request, in accordance with laws and regulations, notification of the purpose of use, disclosure, correction, addition, deletion, suspension of use, erasure, suspension of third-party provision, or disclosure of records of third-party provision with respect to their retained personal data held by the Company.
- When making a request under the preceding paragraph, Users shall provide information necessary for identity verification by the method designated by the Company.
- After confirming that the requester is the data subject or a legitimate representative, the Company will respond within a reasonable period in accordance with laws and regulations.
- Where permitted by law, the Company may decline all or part of a request. In such case, the Company endeavors to explain the reason in accordance with laws and regulations.
- For disclosure requests and other requests for which fees may be charged under laws and regulations, the Company may charge actual costs or other fees separately specified by the Company.
Article 11 (Information Management by Users)
- Users shall manage their own accounts, authentication information, devices, browsers, sessions, and other usage environments for the Service at their own responsibility.
- Users shall confirm that they have the necessary rights, authority, consents, and licenses with respect to information they input, upload, or store on the Service.
- If Users input or upload personal information, sensitive personal information, trade secrets, confidential information, undisclosed material facts, insider information, or other information requiring careful handling to the Service, Users shall confirm the necessity, legality, safety, and authority for doing so at their own responsibility.
Article 12 (Use by Minors)
- If a minor uses the Service, the minor shall use the Service after obtaining the consent of a person with parental authority or another legal representative.
- The Company does not intend for the Service to recommend or support investment, trading, financial decisions, or other professional judgments by minors.
Article 13 (Response to Leakage and Similar Incidents)
If the Company recognizes that leakage, loss, damage, or any other security control issue concerning personal data has occurred or may have occurred, the Company will, depending on the nature of the incident, investigate the facts, identify the cause, determine the scope of impact, prevent the expansion of damage, prevent recurrence, notify the data subjects, report to the Personal Information Protection Commission of Japan, and take other actions required by laws and regulations.
Article 14 (Changes to this Policy)
- The Company may change this Policy due to amendments to laws and regulations, changes to service contents, changes to External Services, security responses, business needs, or other reasons.
- When changing this Policy, the Company will notify or announce the changed contents and effective date by posting on the Service or the Company's website, by email, or by any other method the Company considers appropriate.
- For material changes, the Company will endeavor, within a reasonable scope, to enable Users to confirm the details of the changes.
Article 15 (Contact)
For inquiries, complaints, consultations, requests for disclosure and similar matters, or other communications regarding the handling of personal information under this Policy, please contact the following.
Operator: IN MY BOOK, Inc.
Address: 1-36-2 Shinjuku, Shinjuku-ku, Tokyo, Japan
Contact: contact form
Related Documents
Terms of Use: FactDecode Terms of Use
Data Policy: FactDecode Data Policy
Commercial Transaction Disclosure: Commercial Transaction Disclosure Based on the Act on Specified Commercial Transactions