Privacy Policy

The administrator of the various services provided through Halatte!'s website or applications (hereinafter collectively referred to as the "Services"; the administrator hereinafter referred to as the "Operator") recognizes the importance of protecting customers' personal information and complies with the Act on the Protection of Personal Information of Japan ("APPI"). The Operator will appropriately handle and protect personal information in accordance with this Privacy Policy ("Policy").

This Policy also includes provisions for customers located in the EEA (European Economic Area: EU member states, Iceland, Norway, and Liechtenstein).

Article 1 (Information Collected from Customers)

The Operator collects the following information from customers:

  • Name (including nicknames and pen names)
  • Email address
  • Identifiers generated using cookies
  • Information related to the OS or device used by the customer, such as identifiers generated by the OS, device type, and device identifiers
  • Usage history of the Services, such as startup time, input history, purchase history

Article 2 (Purposes of Use)

The Operator uses information collected from customers for the following purposes:

When processing is necessary for the pursuit of legitimate interests:

  • To register customers for the Services and to perform identity verification and authentication
  • To manage customers' usage history of the Services
  • To analyze usage history and use the results for maintaining and improving the Services
  • To provide information regarding the Services
  • To respond to violations of the Terms of Use or applicable laws
  • To notify customers of changes to the Terms of Use
  • For the overall provision, maintenance, protection, and improvement of the Services
  • To display targeted advertisements tailored to customer preferences
  • For advertisement delivery, display, and effectiveness measurement

When processing is necessary for the performance of a contract:

  • To process payment for service fees
  • To respond to customer inquiries
  • To notify customers regarding changes, suspension, termination, or cancellation of the Services

When processing is necessary for compliance with legal obligations:

  • To respond to requests from judicial or administrative authorities based on laws and regulations
  • To respond to acts that violate EU or EU member state laws

Article 3 (Legal Basis for Processing Personal Data)

The Operator processes personal data obtained from customers located in the EEA on the legal basis of necessity for legitimate interests, necessity for the performance of a contract with the customer, necessity for taking steps at the customer's request prior to entering into a contract, consent obtained from the customer in advance, or compliance with legal obligations under the laws of the EU or its member states.

Article 4 (Security Measures)

Details of the security measures taken for the protection of information obtained from customers will be provided individually upon request through the inquiry form of the Services, in accordance with applicable laws and regulations.

Article 5 (Provision to Third Parties)

The Operator will not provide personal data (as defined in Article 16(3) of the APPI) collected from customers to any third party (including those located outside Japan) without prior consent from the customer, except in the following cases:

  • When outsourcing the handling of personal data
  • When the Operator or the Services are acquired
  • When jointly using personal data with business partners (specific details of joint use will be disclosed separately if applicable)
  • When otherwise permitted by law

Article 6 (Transfer of Personal Data from the EEA)

The Operator transfers personal data from Customers located in the EEA to Japan when necessary for performing a contract with the Customer or taking steps at the Customer's request prior to entering into a contract. Japan has been recognized by the European Commission as providing an adequate level of protection for personal data.

Article 7 (Retention Period)

The Operator retains customers' personal data only for the period necessary to achieve the purposes for which the personal data was obtained and processed as described in this Policy. The specific retention period is determined based on the purpose of collection and processing, the nature of the personal data, and legal or operational requirements.

Article 8 (Customer Rights)

Under the GDPR, Customers have the right to obtain information regarding the processing of their personal data, the right of access, the right to rectification or deletion, the right to restrict processing, the right to data portability, the right not to be subject to automated decision-making (including profiling), and the right to object to processing. Customers may also lodge a complaint with the supervisory authority in the EU member state of their residence, workplace, or the location of the alleged GDPR infringement.

Article 9 (Withdrawal of Consent)

When personal data is processed based on the Customer's consent, the Customer may withdraw that consent at any time. For details, please refer to the. However, the legality of processing based on consent prior to its withdrawal will not be affected.

Article 10 (Automated Decision-Making)

The Operator does not engage in automated decision-making based solely on automated data processing that produces legal effects or similarly significant impacts on customers.

Article 11 (Analytics Tools)

The Operator uses "Google Analytics" for access analysis. Google Analytics uses cookies to collect traffic data. The data is collected anonymously and does not identify individuals. Customers can disable cookies to prevent such data collection. Please check your browser settings for details. For more information about Google Analytics, please refer to the following:
https://marketingplatform.google.com/about/analytics/terms/jp/

Article 12 (reCAPTCHA)

To protect the Services from spam and fraudulent activities, the Operator uses "reCAPTCHA" provided by Google. reCAPTCHA collects data including IP addresses to determine whether a user is human or a robot. Traffic data is collected anonymously and does not identify individuals. For details, please see Google's Privacy Policy and Terms of Service:
https://policies.google.com/privacy
https://policies.google.com/terms

Article 13 (Advertising Delivery)

The Operator uses advertisements provided by Google and its partners (third-party vendors). Cookies are used for ad delivery, allowing advertisements to be shown based on the customer's past access to the Services and other websites. Google and its partners use cookies to display appropriate advertisements.
Customers can disable personalized ads on the Google Ads Settings page:
https://adssettings.google.com/u/0/authenticated
You may also disable cookies used by third-party vendors for personalized advertising by visiting aboutads.info.
For details about Google's handling of cookies, please see:
https://policies.google.com/technologies/ads

Article 14 (Changes to the Privacy Policy)

The Operator may modify this Policy as necessary. In such cases, the effective date of the revised Policy and the details of the revisions will be made known or notified through appropriate means.

Article 15 (Contact Information)

If you wish to request disclosure, correction, suspension of use, or deletion of your information, please contact the Operator through the inquiry form of the Services. To verify that the request is made by the individual concerned, you will be required to present identification such as a driver's license in accordance with the procedures specified by the Operator. A handling fee of 1,000 yen will be charged per request for disclosure, regardless of whether the requested information exists.

Established: July 12, 2025

Revised: December 10, 2025