Version:: 1.0.0
Updated:: 2026-06-12

プライバシーポリシー

Choco Next Year For Sure（以下「当方」といいます。）は、当方が提供するアプリケーション「PrivCook」及び関連するサービス（以下「本サービス」といいます。）における、お客様の情報の取扱いについて、以下のとおりプライバシーポリシー（以下「本ポリシー」といいます。）を定めます。

お客様から取得する情報

当方は、本サービスの提供にあたり、お客様から以下の情報を取得することがあります。

Cookie（クッキー）その他類似技術を用いて生成された識別情報
端末に関する情報
- 端末の種類
- OS の種類及びバージョン
- アプリのバージョン
- 端末の言語・地域設定
- その他端末又はアプリの利用環境に関する情報
アプリ又は端末ごとに生成される識別子
- Firebase Installation ID
- Google Analytics for Firebase / Google Analytics 4 におけるアプリインスタンス ID
- Crashlytics installation UUID
- RevenueCat におけるアプリユーザー ID その他これに類する識別子
当方アプリの利用履歴
- アプリの起動日時
- 画面遷移
- 機能の利用状況
- 操作履歴
- 入力履歴
- その他本サービスの利用状況に関する情報
クラッシュ及び不具合に関する情報
- クラッシュ発生時の日時
- スタックトレース
- アプリの状態
- 端末の状態
- OS、端末、アプリバージョン等の技術情報
- クラッシュ発生前の操作に関するログ
購入及び購読に関する情報
- アプリ内課金の購入履歴
- サブスクリプションの状態
- 有料機能の利用資格
- Apple 又は Google が発行するレシート、購入トークンその他取引確認に必要な情報
- RevenueCat を通じて処理される購入・購読管理情報
お問い合わせ時に取得する情報
- メールアドレス
- お問い合わせ内容
- 本人確認に必要な情報
- その他お問い合わせ対応に必要な情報

なお、当方は、Apple App Store 又は Google Play を通じたアプリ内課金に関して、お客様のクレジットカード番号その他の決済手段の詳細を直接取得しません。

お客様の情報を利用する目的

当方は、お客様から取得した情報を、以下の目的のために利用します。

本サービスを提供するため
本サービスにおけるお客様の行動履歴を分析し、本サービスの維持、改善及び品質向上に役立てるため
本サービスの利用状況を把握し、機能改善、不具合修正及び利便性向上を行うため
クラッシュ、不具合、エラーその他の技術的問題を検知、調査及び修正するため
アプリ内課金、サブスクリプション、有料機能の提供、購入状態の確認及び不正利用の防止のため
お客様からのお問い合わせに対応するため
利用規約、本ポリシーその他当方が定めるルールに違反する行為に対応するため
本サービスの不正利用、障害、セキュリティ上の問題を防止、調査及び対応するため
以上のほか、本サービスの提供、維持、保護及び改善のため

利用する外部サービス

当方は、本サービスの提供、分析、不具合調査及びアプリ内課金管理のため、以下の外部サービスを利用します。

サービス名	提供者	利用目的	送信される主な情報
Google Analytics for Firebase / Google Analytics 4	Google LLC	利用状況の分析、サービス改善	アプリの利用状況、イベント情報、端末情報、アプリインスタンス ID 等
Firebase Crashlytics	Google LLC	クラッシュ解析、不具合調査、品質改善	クラッシュログ、スタックトレース、端末情報、アプリ状態、Crashlytics installation UUID 等
Firebase	Google LLC	アプリの品質維持、分析基盤、関連機能の提供	Firebase Installation ID、端末情報、アプリ情報等
RevenueCat	RevenueCat, Inc.	アプリ内課金、サブスクリプション、有料機能の管理	購入履歴、購読状態、レシート、購入トークン、アプリユーザー ID 等

これらの外部サービスにおいて取得される情報は、各サービス提供者のプライバシーポリシーその他の規約に従って取り扱われます。

アクセス解析ツール及びクラッシュ解析ツール

当方は、お客様の利用状況の分析及び本サービスの改善のため、Google Analytics for Firebase / Google Analytics 4 を利用します。

Google Analytics for Firebase / Google Analytics 4 は、アプリの利用状況、イベント情報、端末情報、アプリインスタンス ID 等を収集することがあります。これらの情報は、個人を直接特定する情報を含まない形で収集され、サービスの利用状況分析及び改善のために利用されます。

また、当方は、本サービスのクラッシュ、不具合及び技術的問題を調査・修正するため、Firebase Crashlytics を利用します。Firebase Crashlytics は、クラッシュ発生時のスタックトレース、アプリの状態、端末情報、Crashlytics installation UUID 等を収集することがあります。

当方は、これらの解析情報を、本サービスの改善、不具合修正、品質向上及び安定運用の目的で利用します。

Google アナリティクスについて、詳しくは以下をご確認ください。

https://marketingplatform.google.com/about/analytics/terms/jp/

オプトアウトについて

当方は、Google Analytics for Firebase / Google Analytics 4 及び Firebase Crashlytics による情報収集について、お客様がアプリ内の設定により停止できる仕組みを提供します。

お客様がオプトアウトした場合、当方は、当該設定以後、対象となる分析情報及びクラッシュ情報の送信を停止します。ただし、オプトアウト前に既に送信された情報については、各外部サービスの仕様及び保存期間に従って取り扱われる場合があります。

なお、RevenueCat による購入履歴、購読状態及び有料機能の利用資格に関する情報の処理は、アプリ内課金、サブスクリプション及び有料機能の提供に必要な範囲で行われるものであり、上記の分析情報及びクラッシュ情報のオプトアウトとは別に取り扱われます。

第三者提供

当方は、お客様から取得する情報のうち、個人データ（個人情報の保護に関する法律第16条第3項に定める個人データをいいます。）に該当するものについて、あらかじめお客様の同意を得ずに、第三者（日本国外にある者を含みます。）に提供しません。

ただし、次の場合は除きます。

個人データの取扱いを外部に委託する場合
当方又は本サービスが買収、合併、事業譲渡その他の事業承継の対象となる場合
事業パートナーと共同利用する場合なお、具体的な共同利用がある場合は、その内容を別途公表します。
法令に基づく場合
人の生命、身体又は財産の保護のために必要がある場合であって、お客様の同意を得ることが困難である場合
公衆衛生の向上又は児童の健全な育成の推進のために特に必要がある場合であって、お客様の同意を得ることが困難である場合
国の機関、地方公共団体又はその委託を受けた者が法令の定める事務を遂行することに協力する必要がある場合であって、お客様の同意を得ることにより当該事務の遂行に支障を及ぼすおそれがある場合
その他、法令により第三者提供が認められる場合

外国にある第三者への提供又は委託

当方は、本サービスの提供、分析、不具合調査及びアプリ内課金管理のため、Google LLC、RevenueCat, Inc. その他日本国外に所在する事業者が提供するサービスを利用することがあります。

当方は、外国にある第三者に個人データを提供する場合、又は外国にある事業者に個人データの取扱いを委託する場合には、法令に従い、必要な情報提供、同意取得、委託先の監督その他必要な措置を講じます。

安全管理のために講じた措置

当方は、お客様から取得した情報について、漏えい、滅失、毀損、不正アクセスその他のリスクを防止するため、必要かつ適切な安全管理措置を講じます。

当方が講じる安全管理措置の具体的な内容については、情報セキュリティ上の支障が生じない範囲で、末尾記載のお問い合わせ先にご連絡をいただいた場合に、法令の定めに従い個別に回答します。

保存期間

当方は、お客様から取得した情報を、利用目的の達成に必要な範囲で保存します。

保存期間は、情報の種類、利用目的、法令上の保存義務、外部サービスの保存期間及び本サービスの運営上の必要性を考慮して定めます。

利用目的の達成に必要がなくなった情報については、法令に従い、適切な方法により削除又は匿名化します。

お客様の権利

お客様は、当方が保有するお客様の情報について、法令に従い、開示、訂正、追加、削除、利用停止、消去、第三者提供の停止その他の請求を行うことができます。

これらの請求を希望される場合は、末尾記載のお問い合わせ先までご連絡ください。

当方は、法令に従い、本人確認を行ったうえで、合理的な期間内に対応します。

お問い合わせ

お客様の情報の開示、訂正、利用停止、削除その他個人情報の取扱いに関するお問い合わせは、以下のメールアドレスにご連絡ください。

e-mail

[email protected]

この場合、必ず、運転免許証のご提示等、当方が指定する方法により、ご本人からのご請求であることの確認をさせていただきます。

なお、情報の開示請求については、開示の有無にかかわらず、ご申請時に一件あたり1,000円の事務手数料を申し受けます。

プライバシーポリシーの変更

当方は、必要に応じて、本ポリシーの内容を変更します。

本ポリシーを変更する場合、当方は、変更後のプライバシーポリシーの施行時期及び内容を、本サービス内での表示、当方ウェブサイトへの掲載その他適切な方法により周知又は通知します。

事業者の氏名

Choco Next Year For Sure（代表：渡邉朝太）

事業者の住所

〒107-0062

東京都港区南青山3丁目1番36号青山丸竹ビル6F

2026年06月12日制定

Version:: 1.0.0
Updated:: 2026-06-12

Privacy Policy

Choco Next Year For Sure (Representative: Haruta Watanabe) (hereinafter referred to as “we,” “us,” or “our”) establishes this Privacy Policy (hereinafter referred to as this “Policy”) regarding the handling of personal data and personal information of users who use the application “PrivCook” and related websites, content, features, and other services provided by us (hereinafter collectively referred to as the “Service”) from the European Union, Iceland, Liechtenstein, Norway, or the United States.

For users located in the European Union, Iceland, Liechtenstein, or Norway (hereinafter collectively referred to as the “EU/EEA”), this Policy applies to the processing of personal data as defined in Article 4(1) of the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter referred to as the “GDPR”).

For users located in the United States, this Policy also serves as a U.S. State Privacy Notice, including a California Notice at Collection, to the extent applicable under U.S. federal or state privacy laws.

Data Controller / Business Operator

For the purposes of the GDPR, we act as the controller of personal data processed under this Policy.

For the purposes of applicable U.S. state privacy laws, we determine the purposes and means of processing personal information to the extent such laws apply to us.

Operator: Choco Next Year For Sure Representative: Haruta Watanabe

Address: Aoyama Marutake Building 6F 3-1-36 Minami-Aoyama, Minato-ku, Tokyo 107-0062 Japan

Contact: [email protected]

Users to Whom This Policy Applies

This Policy applies to users who use the Service from the EU/EEA or the United States.

If a user uses the Service from outside the EU/EEA or the United States, our general Privacy Policy may apply in addition to or instead of this Policy, depending on the applicable laws and circumstances.

Personal Data and Personal Information We Collect

We may collect the following personal data or personal information from users in connection with the Service.

1. Identification Information

Identifiers generated using cookies or similar technologies
App instance IDs
Firebase Installation ID
Crashlytics installation UUID
RevenueCat app user ID
Device identifiers
Other identifiers generated by the OS, app, SDKs, or external services

2. Device and Technical Information

Device type
Device model
OS type and version
App version
Browser information
Network information
IP address
Region or approximate location information
Language and region settings
SDK type and version
Information regarding the user’s usage environment

3. Usage Information

App startup time
Usage date and time
Screen transitions
In-app events
Operation history
Feature usage status
Input history
Viewed pages
Referrers
Other information related to behavior on the Service

4. Crash, Error, and Defect Information

Crash occurrence date and time
Stack traces
App status at the time of crash or error
Device status
OS information
Device model
App version
Operation logs immediately before a crash
Error information
Non-fatal error information
Other technical information necessary to investigate crashes, errors, and defects

5. Purchase and Subscription Information

Purchase history
Subscription status
Product ID
Transaction ID
Purchase date and time
Expiration date
Receipt information
StoreKit 2 transaction information
Google Play purchase tokens
Eligibility to use paid features
Store used for purchase
Payment status
Information necessary to confirm, restore, manage, or cancel purchases and subscriptions

We do not directly collect users’ credit card numbers or other detailed payment method information for in-app purchases processed through Apple App Store, Google Play, or other stores.

6. Inquiry, Survey, Feedback, and Form Information

Name
Email address
Inquiry content
Survey responses
Feedback content
Defect report content
Content entered into forms
Submission date and time
Attached files if a file upload function is used
Google Account-related information if the user is logged in to a Google Account
Other information submitted by the user through Google Forms or other inquiry methods

7. Website Access and Security Information

IP address
Request date and time
Destination URL
Browser information
Device information
OS information
Network information
Cookies
Access logs
Information necessary to detect unauthorized access, attacks, or other security incidents

8. User-Provided Content

To the extent transmitted to us through the Service, inquiry forms, feedback forms, or support communications, we may process information voluntarily provided by users, including recipe-related information, cooking records, notes, tags, settings information, and other user-entered content.

Special Categories of Personal Data and Sensitive Personal Information

The Service is not intended to collect special categories of personal data under Article 9 of the GDPR, such as health data, biometric data, genetic data, religious beliefs, political opinions, or similar sensitive information.

The Service is also not intended to collect sensitive personal information under applicable U.S. state privacy laws, such as precise geolocation, government identification numbers, financial account access credentials, biometric information, racial or ethnic origin, religious or philosophical beliefs, union membership, health diagnosis, sexual orientation, citizenship or immigration status, or similar sensitive information.

Users should not submit such information unless it is necessary for an inquiry or support request.

If a user voluntarily provides information that may include special categories of personal data or sensitive personal information, such as allergy, health, dietary restriction, or similar information, we will process such information only to the extent necessary for the purpose for which it was provided, and only where permitted under applicable law, including where the user has given explicit consent or where another applicable legal basis exists.

We do not use or disclose sensitive personal information for the purpose of inferring characteristics about users, except as permitted by applicable law.

Purposes and Legal Bases of Processing for EU/EEA Users

We process users’ personal data for the following purposes and on the following legal bases.

Purpose of Processing	Categories of Personal Data	Legal Basis under the GDPR
To provide the Service	Identification information, device and technical information, usage information, user-provided content	Performance of a contract, Article 6(1)(b)
To provide paid features, in-app purchases, subscriptions, one-time purchase products, and purchase restoration	Purchase and subscription information, identification information, device and technical information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f); legal obligation, Article 6(1)(c), where applicable
To confirm purchase status and prevent unauthorized use	Purchase and subscription information, identification information, device and technical information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f)
To respond to inquiries, feedback, surveys, and defect reports	Inquiry, survey, feedback, and form information; user-provided content	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f); consent, Article 6(1)(a), where applicable
To analyze usage of the Service and improve features, quality, display, and usability	Usage information, device and technical information, identification information	Consent, Article 6(1)(a), where required; legitimate interests, Article 6(1)(f), where applicable
To detect, investigate, and fix crashes, defects, errors, and other technical issues	Crash, error, and defect information; device and technical information; identification information	Consent, Article 6(1)(a), where required; legitimate interests, Article 6(1)(f), where applicable
To provide Firebase-related functions and maintain app quality, stability, and safety	Identification information, device and technical information, session information, quality indicators	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f)
To deliver the website, improve display speed, and ensure security	Website access and security information	Legitimate interests, Article 6(1)(f)
To prevent, investigate, and respond to unauthorized use, fraud, security incidents, and violations of our terms	Identification information, device and technical information, usage information, website access and security information, purchase information	Legitimate interests, Article 6(1)(f); legal obligation, Article 6(1)(c), where applicable
To comply with applicable laws, regulations, legal requests, or obligations	Relevant personal data necessary for compliance	Legal obligation, Article 6(1)(c)
To announce or notify users of changes to, discontinuance of, termination of, or cancellation of the Service	Identification information, contact information, purchase and subscription information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f)
To provide, maintain, protect, and improve the Service	Identification information, device and technical information, usage information, crash information, purchase information, inquiry information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f); consent, Article 6(1)(a), where applicable

Purposes of Processing for U.S. Users

We collect, use, retain, disclose, and otherwise process personal information of users in the United States for the following purposes.

To provide the Service
To operate, maintain, and improve the Service
To provide paid features, in-app purchases, subscriptions, one-time purchase products, and purchase restoration
To confirm purchase status and prevent unauthorized use
To respond to inquiries, surveys, feedback, defect reports, and support requests
To analyze usage of the Service and improve features, quality, display, and usability
To detect, investigate, and fix crashes, defects, errors, and other technical issues
To provide Firebase-related functions and maintain app quality, stability, and safety
To deliver the website, improve display speed, and ensure security
To prevent, investigate, and respond to fraud, unauthorized use, abuse, security incidents, and violations of our terms
To comply with applicable laws, regulations, legal requests, or obligations
To protect our rights, users’ rights, and third-party rights
To provide, maintain, protect, and improve the Service

California Notice at Collection

This section applies to California residents to the extent the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), applies to us.

We may collect the following categories of personal information.

Category of Personal Information	Examples	Purposes of Collection and Use	Categories of Third Parties to Whom We May Disclose
Identifiers	Name, email address, IP address, app instance ID, Firebase Installation ID, Crashlytics installation UUID, RevenueCat app user ID, device identifiers	To provide the Service, manage accounts or identifiers, respond to inquiries, provide paid features, restore purchases, prevent fraud, and improve the Service	Google, RevenueCat, Apple, Google Play-related providers, Cloudflare, payment and platform providers, professional advisors, public authorities where required
Customer records information	Contact information, purchase-related information, inquiry-related information	To process inquiries, manage purchases, provide support, and comply with legal obligations	Google, RevenueCat, Apple, Google Play-related providers, payment and platform providers, professional advisors, public authorities where required
Commercial information	Purchase history, subscription status, product ID, transaction ID, receipt information, purchase tokens, eligibility to use paid features	To provide in-app purchases, subscriptions, paid features, purchase restoration, fraud prevention, and support	RevenueCat, Apple, Google, payment and platform providers
Internet or other electronic network activity information	Usage history, screen transitions, in-app events, operation history, viewed pages, referrers, cookies, access logs	To analyze usage, improve the Service, detect errors, ensure security, and prevent unauthorized use	Google, Firebase-related services, Cloudflare
Geolocation information	Region or approximate location derived from IP address or device/network information	To provide, secure, analyze, and improve the Service	Google, Cloudflare, other service providers where necessary
Audio, electronic, visual, or similar information	Attached files, images, documents, or other materials submitted by the user through forms or support communications	To respond to inquiries, feedback, defect reports, and support requests	Google Forms / Google Workspace, professional advisors, public authorities where required
Inferences	Basic service usage patterns or feature usage status derived from usage information	To improve the Service, analyze functionality, and maintain service quality	Google and analytics-related service providers
Sensitive personal information	Information voluntarily submitted by the user that may include allergy, health, dietary restriction, or similar information	To respond to the user’s inquiry or support request, only to the extent necessary and permitted by law	Service providers or authorities only where necessary and permitted by law

We retain each category of personal information only for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Sources of Personal Information

We may collect personal information from the following sources.

Users directly
Users’ devices, browsers, apps, or operating systems
Apple App Store, Google Play, and other stores or platform providers
RevenueCat
Firebase, Google Analytics, Firebase Crashlytics, Google Forms, Google Workspace, and other Google services
Cloudflare
Payment service providers, platform providers, and other external service providers
Public authorities, regulators, courts, or other parties where required or permitted by law

Disclosure of Personal Information

We may disclose personal information to the following categories of recipients for the purposes described in this Policy.

Recipient Category	Purpose
Google LLC and its affiliates	Google Analytics, Google Analytics for Firebase, Google Analytics 4, Firebase, Firebase Crashlytics, Google Forms, Google Workspace, and related services
RevenueCat, Inc.	In-app purchase and subscription management, purchase verification, purchase restoration, usage eligibility management, and fraud prevention
Apple Inc. and its affiliates	App distribution, in-app purchases, subscriptions, billing, refund handling, and related App Store services
Google LLC and its affiliates	App distribution, in-app purchases, subscriptions, billing, refund handling, and related Google Play services
Cloudflare, Inc.	Website delivery, CDN, DNS, security, DDoS protection, access control, and log management
Payment service providers, stores, and platform providers	Payment processing, billing, refund handling, purchase confirmation, and subscription management
Professional advisors	Legal, accounting, tax, audit, or other professional advice, where necessary
Public authorities, courts, regulators, or law enforcement agencies	Compliance with laws, regulations, legal procedures, or enforceable governmental requests

We do not sell users’ personal information for monetary consideration.

We do not currently use external transmission tools for advertising delivery purposes.

We do not knowingly sell or share personal information for cross-context behavioral advertising or targeted advertising as those terms are defined under applicable U.S. state privacy laws.

If any processing is deemed to constitute a “sale,” “sharing,” or processing for “targeted advertising” under applicable U.S. state privacy laws, users may opt out by contacting us at the email address stated in this Policy or by using any opt-out mechanism made available within the Service or on our website.

U.S. State Privacy Rights

Depending on the state in which the user resides and subject to the conditions and limitations under applicable law, users in the United States may have the following rights.

Right to know or confirm whether we process personal information
Right to access personal information
Right to obtain a copy of personal information in a portable format
Right to correct inaccurate personal information
Right to delete personal information
Right to opt out of the sale of personal information
Right to opt out of sharing personal information for cross-context behavioral advertising
Right to opt out of targeted advertising
Right to opt out of certain profiling or automated decision-making
Right to limit the use or disclosure of sensitive personal information, where applicable
Right to withdraw consent, where applicable
Right not to be discriminated against for exercising privacy rights
Right to appeal a denial of a privacy rights request, where applicable

To exercise these rights, users may contact us at the email address stated in this Policy.

We may request information necessary to verify the identity of the user before responding to a request.

Where applicable law permits an authorized agent to submit a request on behalf of a user, we may request proof of authorization and may also require the user to verify their identity directly with us.

California Privacy Rights

California residents may have the following rights under the CCPA, subject to applicable limitations.

Right to know what personal information we collect, use, disclose, sell, or share
Right to access personal information
Right to delete personal information
Right to correct inaccurate personal information
Right to opt out of the sale or sharing of personal information
Right to limit the use and disclosure of sensitive personal information, where applicable
Right not to receive discriminatory treatment for exercising CCPA rights

We do not sell users’ personal information for monetary consideration.

We do not knowingly share users’ personal information for cross-context behavioral advertising.

We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA.

California residents may exercise their rights by contacting us at the email address stated in this Policy.

Nevada Privacy Rights

Nevada residents may have the right to request that we not sell certain covered information as defined under Nevada law.

We do not currently sell covered information as defined under Nevada law.

Nevada residents may submit an opt-out request by contacting us at the email address stated in this Policy.

Appeals

Where applicable U.S. state privacy laws provide a right to appeal our decision regarding a privacy rights request, users may appeal by contacting us at the email address stated in this Policy and including “Privacy Appeal” in the subject line.

If we deny an appeal, users may have the right to contact the attorney general or other privacy authority in their state of residence.

Global Privacy Control and Universal Opt-Out Mechanisms

To the extent required by applicable law, we will recognize and process opt-out preference signals, including Global Privacy Control or other universal opt-out mechanisms, where such signals are technically supported and legally required.

Because we do not currently use external transmission tools for advertising delivery purposes and do not knowingly sell or share personal information for cross-context behavioral advertising, such signals may not change the user’s experience in the Service.

Children’s Privacy

The Service is not directed to children under the age of 13.

We do not knowingly collect personal information from children under 13 without verifiable parental consent.

If a minor uses the Service, the minor must obtain the consent of a parent or legal guardian.

If we become aware that we have collected personal information from a child without required parental or guardian consent, we will take appropriate measures in accordance with applicable laws and regulations.

We do not knowingly sell or share personal information of users under 16 years of age.

Where we process personal data or personal information based on the user’s consent, the user may withdraw such consent at any time.

Users may withdraw consent or stop certain processing by using the settings provided within the app, by using browser settings, or by contacting us at the email address stated in this Policy.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Opt-Out

We provide a mechanism that allows users to stop the collection of information by Google Analytics for Firebase / Google Analytics 4 and Firebase Crashlytics through settings within the app.

If a user opts out, we will stop transmitting the relevant analytics information and crash information after such setting is applied.

However, information that has already been transmitted before the opt-out may be handled in accordance with the specifications and retention periods of each external service.

Information necessary for providing in-app purchases, subscriptions, paid features, purchase status confirmation, and purchase restoration may continue to be processed to the extent necessary to provide the paid features of the Service. If such processing is stopped, paid features, purchase status confirmation, purchase restoration, and other related functions may become unavailable.

With respect to the use of cookies on the website, users may disable cookies through their browser settings. However, if cookies are disabled, some functions of the Service may not operate properly.

Automated Decision-Making and Profiling

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning the user or similarly significantly affect the user.

We also do not currently conduct profiling in furtherance of decisions that produce legal or similarly significant effects concerning users.

International Transfers

We are located in Japan. Users’ personal data and personal information may be transferred to and processed in Japan.

Japan has received an adequacy decision from the European Commission, which allows personal data to be transferred from the EU to Japan on the basis that Japan ensures an adequate level of protection for personal data.

Users’ personal data or personal information may also be transferred to countries or regions outside the EU/EEA and Japan, including the United States, through our use of external service providers such as Google, RevenueCat, Apple, and Cloudflare.

Where personal data is transferred from the EU/EEA to a country or region that has not received an adequacy decision from the European Commission, we will rely on appropriate safeguards under the GDPR, such as standard contractual clauses, an adequacy mechanism, or other lawful transfer mechanisms, where required.

Users may contact us if they wish to receive information regarding the safeguards applied to international transfers.

Retention Period

We retain users’ personal data and personal information only for as long as necessary to fulfill the purposes for which it was collected and processed, unless a longer retention period is required or permitted by applicable laws and regulations.

Specific retention periods are determined by taking into account the following factors.

The purposes for collecting and processing the personal data or personal information
The nature and sensitivity of the personal data or personal information
The need to retain the personal data or personal information for legal, accounting, tax, security, fraud prevention, dispute resolution, or business reasons
The retention periods and settings of external services used in connection with the Service
The need to provide, maintain, protect, and improve the Service

When personal data or personal information is no longer necessary, we will delete, anonymize, or otherwise appropriately handle it in accordance with applicable laws and regulations.

Security Measures

We implement reasonable technical and organizational measures to protect users’ personal data and personal information from unauthorized access, leakage, loss, destruction, alteration, misuse, and other risks.

However, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

EU/EEA User Rights

Subject to the conditions and limitations under the GDPR, users in the EU/EEA have the following rights regarding their personal data.

Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significant effects
Right to lodge a complaint with a supervisory authority

If a user wishes to exercise any of these rights, the user may contact us at the email address stated in this Policy.

We may request information necessary to verify the identity of the user before responding to a request.

If a user is dissatisfied with our processing of personal data, the user may lodge a complaint with the data protection supervisory authority in the user’s country of residence, place of work, or place of the alleged infringement.

Relationship with Other Policies

Our general Privacy Policy and External Transmission Policy may also apply to the handling of users’ information in connection with the Service.

If there is any conflict between this Policy and our general Privacy Policy with respect to the processing of personal data or personal information of users in the EU/EEA or the United States, this Policy shall prevail to the extent of such conflict.

Changes to This Policy

We may amend this Policy as necessary.

When we amend this Policy, we will notify or inform users of the effective date and content of the amended Policy by displaying it within the Service, posting it on our website, or by any other appropriate method.

Contact Information

If you have any questions regarding this Policy or wish to exercise your rights under applicable privacy laws, please contact us at the following email address.

Privacy Contact: Choco Next Year For Sure Representative: Haruta Watanabe

Address: Aoyama Marutake Building 6F 3-1-36 Minami-Aoyama, Minato-ku, Tokyo 107-0062 Japan

Email: [email protected]

Established on June 12, 2026

Version:: 1.0.0
Updated:: 2026-06-12

Privacy Policy

Choco Next Year For Sure (Representative: Haruta Watanabe) (hereinafter referred to as “we,” “us,” or “our”) establishes this Privacy Policy (hereinafter referred to as this “Policy”) regarding the handling of personal data of users who use the application “PrivCook” and related websites, content, features, and other services provided by us (hereinafter collectively referred to as the “Service”) from the European Union, Iceland, Liechtenstein, or Norway (hereinafter collectively referred to as the “EU/EEA”).

This Policy applies to the processing of personal data as defined in Article 4(1) of the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter referred to as the “GDPR”).

Data Controller

For the purposes of the GDPR, we act as the controller of personal data processed under this Policy.

Controller: Choco Next Year For Sure Representative: Haruta Watanabe

Address: Aoyama Marutake Building 6F 3-1-36 Minami-Aoyama, Minato-ku, Tokyo 107-0062 Japan

Contact: [email protected]

Users to Whom This Policy Applies

This Policy applies to users who use the Service from the EU/EEA.

If a user uses the Service from outside the EU/EEA, our general Privacy Policy may apply in addition to or instead of this Policy, depending on the applicable laws and circumstances.

Personal Data We Collect

We may collect the following personal data from users in connection with the Service.

1. Identification Information

Identifiers generated using cookies or similar technologies
App instance IDs
Firebase Installation ID
Crashlytics installation UUID
RevenueCat app user ID
Device identifiers
Other identifiers generated by the OS, app, SDKs, or external services

2. Device and Technical Information

Device type
Device model
OS type and version
App version
Browser information
Network information
IP address
Region or approximate location information
Language and region settings
SDK type and version
Information regarding the user’s usage environment

3. Usage Information

App startup time
Usage date and time
Screen transitions
In-app events
Operation history
Feature usage status
Input history
Viewed pages
Referrers
Other information related to behavior on the Service

4. Crash, Error, and Defect Information

Crash occurrence date and time
Stack traces
App status at the time of crash or error
Device status
OS information
Device model
App version
Operation logs immediately before a crash
Error information
Non-fatal error information
Other technical information necessary to investigate crashes, errors, and defects

5. Purchase and Subscription Information

Purchase history
Subscription status
Product ID
Transaction ID
Purchase date and time
Expiration date
Receipt information
StoreKit 2 transaction information
Google Play purchase tokens
Eligibility to use paid features
Store used for purchase
Payment status
Information necessary to confirm, restore, manage, or cancel purchases and subscriptions

We do not directly collect users’ credit card numbers or other detailed payment method information for in-app purchases processed through Apple App Store, Google Play, or other stores.

6. Inquiry, Survey, Feedback, and Form Information

Name
Email address
Inquiry content
Survey responses
Feedback content
Defect report content
Content entered into forms
Submission date and time
Attached files if a file upload function is used
Google Account-related information if the user is logged in to a Google Account
Other information submitted by the user through Google Forms or other inquiry methods

7. Website Access and Security Information

IP address
Request date and time
Destination URL
Browser information
Device information
OS information
Network information
Cookies
Access logs
Information necessary to detect unauthorized access, attacks, or other security incidents

8. User-Provided Content

To the extent transmitted to us through the Service, inquiry forms, feedback forms, or support communications, we may process information voluntarily provided by users, including recipe-related information, cooking records, notes, tags, settings information, and other user-entered content.

Special Categories of Personal Data

The Service is not intended to collect special categories of personal data under Article 9 of the GDPR, such as health data, biometric data, genetic data, religious beliefs, political opinions, or similar sensitive information.

Users should not submit such information unless it is necessary for an inquiry or support request.

If a user voluntarily provides information that may include special categories of personal data, such as allergy, health, dietary restriction, or similar information, we will process such information only to the extent necessary for the purpose for which it was provided, and only where permitted under the GDPR, including where the user has given explicit consent or where another applicable legal basis exists.

Purposes and Legal Bases of Processing

We process users’ personal data for the following purposes and on the following legal bases.

Purpose of Processing	Categories of Personal Data	Legal Basis under the GDPR
To provide the Service	Identification information, device and technical information, usage information, user-provided content	Performance of a contract, Article 6(1)(b)
To provide paid features, in-app purchases, subscriptions, one-time purchase products, and purchase restoration	Purchase and subscription information, identification information, device and technical information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f); legal obligation, Article 6(1)(c), where applicable
To confirm purchase status and prevent unauthorized use	Purchase and subscription information, identification information, device and technical information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f)
To respond to inquiries, feedback, surveys, and defect reports	Inquiry, survey, feedback, and form information; user-provided content	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f); consent, Article 6(1)(a), where applicable
To analyze usage of the Service and improve features, quality, display, and usability	Usage information, device and technical information, identification information	Consent, Article 6(1)(a), where required; legitimate interests, Article 6(1)(f), where applicable
To detect, investigate, and fix crashes, defects, errors, and other technical issues	Crash, error, and defect information; device and technical information; identification information	Consent, Article 6(1)(a), where required; legitimate interests, Article 6(1)(f), where applicable
To provide Firebase-related functions and maintain app quality, stability, and safety	Identification information, device and technical information, session information, quality indicators	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f)
To deliver the website, improve display speed, and ensure security	Website access and security information	Legitimate interests, Article 6(1)(f)
To prevent, investigate, and respond to unauthorized use, fraud, security incidents, and violations of our terms	Identification information, device and technical information, usage information, website access and security information, purchase information	Legitimate interests, Article 6(1)(f); legal obligation, Article 6(1)(c), where applicable
To comply with applicable laws, regulations, legal requests, or obligations	Relevant personal data necessary for compliance	Legal obligation, Article 6(1)(c)
To announce or notify users of changes to, discontinuance of, termination of, or cancellation of the Service	Identification information, contact information, purchase and subscription information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f)
To provide, maintain, protect, and improve the Service	Identification information, device and technical information, usage information, crash information, purchase information, inquiry information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f); consent, Article 6(1)(a), where applicable

Legitimate Interests

Where we rely on legitimate interests under Article 6(1)(f) of the GDPR, our legitimate interests include the following.

Maintaining and improving the Service
Ensuring the quality, stability, and safety of the Service
Detecting, investigating, and fixing defects, crashes, errors, and security issues
Preventing unauthorized use, fraud, abuse, and violations of the Terms of Use
Managing purchase status, usage eligibility, and service operations
Responding to inquiries and maintaining necessary records
Protecting our rights, users’ rights, and third-party rights

When relying on legitimate interests, we consider the impact on users’ rights and interests and implement reasonable measures to protect users’ personal data.

Where we process personal data based on the user’s consent under Article 6(1)(a) of the GDPR, the user may withdraw such consent at any time.

Users may withdraw consent or stop certain processing by using the settings provided within the app, by using browser settings, or by contacting us at the email address stated in this Policy.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Opt-Out

We provide a mechanism that allows users to stop the collection of information by Google Analytics for Firebase / Google Analytics 4 and Firebase Crashlytics through settings within the app.

If a user opts out, we will stop transmitting the relevant analytics information and crash information after such setting is applied.

However, information that has already been transmitted before the opt-out may be handled in accordance with the specifications and retention periods of each external service.

Information necessary for providing in-app purchases, subscriptions, paid features, purchase status confirmation, and purchase restoration may continue to be processed to the extent necessary to provide the paid features of the Service. If such processing is stopped, paid features, purchase status confirmation, purchase restoration, and other related functions may become unavailable.

With respect to the use of cookies on the website, users may disable cookies through their browser settings. However, if cookies are disabled, some functions of the Service may not operate properly.

Recipients of Personal Data

We may disclose or transfer users’ personal data to the following recipients to the extent necessary for the purposes described in this Policy.

Recipient	Purpose
Google LLC and its affiliates	Google Analytics, Google Analytics for Firebase, Google Analytics 4, Firebase, Firebase Crashlytics, Google Forms, Google Workspace, and related services
RevenueCat, Inc.	In-app purchase and subscription management, purchase verification, purchase restoration, usage eligibility management, and fraud prevention
Apple Inc. and its affiliates	App distribution, in-app purchases, subscriptions, billing, refund handling, and related App Store services
Google LLC and its affiliates	App distribution, in-app purchases, subscriptions, billing, refund handling, and related Google Play services
Cloudflare, Inc.	Website delivery, CDN, DNS, security, DDoS protection, access control, and log management
Payment service providers, stores, and platform providers	Payment processing, billing, refund handling, purchase confirmation, and subscription management
Professional advisors	Legal, accounting, tax, audit, or other professional advice, where necessary
Public authorities, courts, regulators, or law enforcement agencies	Compliance with laws, regulations, legal procedures, or enforceable governmental requests

We do not sell users’ personal data.

International Transfers

We are located in Japan. Users’ personal data may be transferred to and processed in Japan.

Japan has received an adequacy decision from the European Commission, which allows personal data to be transferred from the EU to Japan on the basis that Japan ensures an adequate level of protection for personal data.

Users’ personal data may also be transferred to countries or regions outside the EU/EEA and Japan, including the United States, through our use of external service providers such as Google, RevenueCat, Apple, and Cloudflare.

Where personal data is transferred to a country or region that has not received an adequacy decision from the European Commission, we will rely on appropriate safeguards under the GDPR, such as standard contractual clauses, an adequacy mechanism, or other lawful transfer mechanisms, where required.

Users may contact us if they wish to receive information regarding the safeguards applied to international transfers.

Retention Period

We retain users’ personal data only for as long as necessary to fulfill the purposes for which the personal data was collected and processed, unless a longer retention period is required or permitted by applicable laws and regulations.

Specific retention periods are determined by taking into account the following factors.

The purposes for collecting and processing the personal data
The nature and sensitivity of the personal data
The need to retain the personal data for legal, accounting, tax, security, fraud prevention, dispute resolution, or business reasons
The retention periods and settings of external services used in connection with the Service
The need to provide, maintain, protect, and improve the Service

When personal data is no longer necessary, we will delete, anonymize, or otherwise appropriately handle it in accordance with applicable laws and regulations.

User Rights

Subject to the conditions and limitations under the GDPR, users have the following rights regarding their personal data.

Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significant effects
Right to lodge a complaint with a supervisory authority

If a user wishes to exercise any of these rights, the user may contact us at the email address stated in this Policy.

We may request information necessary to verify the identity of the user before responding to a request.

If a user is dissatisfied with our processing of personal data, the user may lodge a complaint with the data protection supervisory authority in the user’s country of residence, place of work, or place of the alleged infringement.

Automated Decision-Making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning the user or similarly significantly affect the user.

Security Measures

We implement reasonable technical and organizational measures to protect users’ personal data from unauthorized access, leakage, loss, destruction, alteration, misuse, and other risks.

However, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

Children’s Personal Data

The Service is not intended for children under the age at which consent can be lawfully given under applicable data protection laws without the consent of a parent or legal guardian.

If a minor uses the Service, the minor must obtain the consent of a parent or legal guardian.

If we become aware that we have collected personal data from a child without required parental or guardian consent, we will take appropriate measures in accordance with applicable laws and regulations.

Relationship with Other Policies

Our general Privacy Policy and External Transmission Policy may also apply to the handling of users’ information in connection with the Service.

If there is any conflict between this Policy and our general Privacy Policy with respect to the processing of personal data of users in the EU/EEA, this Policy shall prevail to the extent of such conflict.

Changes to This Policy

We may amend this Policy as necessary.

When we amend this Policy, we will notify or inform users of the effective date and content of the amended Policy by displaying it within the Service, posting it on our website, or by any other appropriate method.

Contact Information

If you have any questions regarding this Policy or wish to exercise your rights under the GDPR, please contact us at the following email address.

Privacy Contact: Choco Next Year For Sure Representative: Haruta Watanabe

Address: Aoyama Marutake Building 6F 3-1-36 Minami-Aoyama, Minato-ku, Tokyo 107-0062 Japan

Email: [email protected]

Established on June 12, 2026

Version:: 1.0.0
Updated:: 2026-06-12

Privacy Policy

Choco Next Year For Sure (Representative: Haruta Watanabe) (hereinafter referred to as “we,” “us,” or “our”) establishes this Privacy Policy (hereinafter referred to as this “Policy”) regarding the handling of personal data and personal information of users who use the application “PrivCook” and related websites, content, features, and other services provided by us (hereinafter collectively referred to as the “Service”) from the European Union, Iceland, Liechtenstein, Norway, or the United States.

For users located in the European Union, Iceland, Liechtenstein, or Norway (hereinafter collectively referred to as the “EU/EEA”), this Policy applies to the processing of personal data as defined in Article 4(1) of the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter referred to as the “GDPR”).

For users located in the United States, this Policy also serves as a U.S. State Privacy Notice, including a California Notice at Collection, to the extent applicable under U.S. federal or state privacy laws.

Data Controller / Business Operator

For the purposes of the GDPR, we act as the controller of personal data processed under this Policy.

For the purposes of applicable U.S. state privacy laws, we determine the purposes and means of processing personal information to the extent such laws apply to us.

Operator: Choco Next Year For Sure Representative: Haruta Watanabe

Address: Aoyama Marutake Building 6F 3-1-36 Minami-Aoyama, Minato-ku, Tokyo 107-0062 Japan

Contact: [email protected]

Users to Whom This Policy Applies

This Policy applies to users who use the Service from the EU/EEA or the United States.

If a user uses the Service from outside the EU/EEA or the United States, our general Privacy Policy may apply in addition to or instead of this Policy, depending on the applicable laws and circumstances.

Personal Data and Personal Information We Collect

We may collect the following personal data or personal information from users in connection with the Service.

1. Identification Information

Identifiers generated using cookies or similar technologies
App instance IDs
Firebase Installation ID
Crashlytics installation UUID
RevenueCat app user ID
Device identifiers
Other identifiers generated by the OS, app, SDKs, or external services

2. Device and Technical Information

Device type
Device model
OS type and version
App version
Browser information
Network information
IP address
Region or approximate location information
Language and region settings
SDK type and version
Information regarding the user’s usage environment

3. Usage Information

App startup time
Usage date and time
Screen transitions
In-app events
Operation history
Feature usage status
Input history
Viewed pages
Referrers
Other information related to behavior on the Service

4. Crash, Error, and Defect Information

Crash occurrence date and time
Stack traces
App status at the time of crash or error
Device status
OS information
Device model
App version
Operation logs immediately before a crash
Error information
Non-fatal error information
Other technical information necessary to investigate crashes, errors, and defects

5. Purchase and Subscription Information

Purchase history
Subscription status
Product ID
Transaction ID
Purchase date and time
Expiration date
Receipt information
StoreKit 2 transaction information
Google Play purchase tokens
Eligibility to use paid features
Store used for purchase
Payment status
Information necessary to confirm, restore, manage, or cancel purchases and subscriptions

We do not directly collect users’ credit card numbers or other detailed payment method information for in-app purchases processed through Apple App Store, Google Play, or other stores.

6. Inquiry, Survey, Feedback, and Form Information

Name
Email address
Inquiry content
Survey responses
Feedback content
Defect report content
Content entered into forms
Submission date and time
Attached files if a file upload function is used
Google Account-related information if the user is logged in to a Google Account
Other information submitted by the user through Google Forms or other inquiry methods

7. Website Access and Security Information

IP address
Request date and time
Destination URL
Browser information
Device information
OS information
Network information
Cookies
Access logs
Information necessary to detect unauthorized access, attacks, or other security incidents

8. User-Provided Content

To the extent transmitted to us through the Service, inquiry forms, feedback forms, or support communications, we may process information voluntarily provided by users, including recipe-related information, cooking records, notes, tags, settings information, and other user-entered content.

Special Categories of Personal Data and Sensitive Personal Information

The Service is not intended to collect special categories of personal data under Article 9 of the GDPR, such as health data, biometric data, genetic data, religious beliefs, political opinions, or similar sensitive information.

The Service is also not intended to collect sensitive personal information under applicable U.S. state privacy laws, such as precise geolocation, government identification numbers, financial account access credentials, biometric information, racial or ethnic origin, religious or philosophical beliefs, union membership, health diagnosis, sexual orientation, citizenship or immigration status, or similar sensitive information.

Users should not submit such information unless it is necessary for an inquiry or support request.

If a user voluntarily provides information that may include special categories of personal data or sensitive personal information, such as allergy, health, dietary restriction, or similar information, we will process such information only to the extent necessary for the purpose for which it was provided, and only where permitted under applicable law, including where the user has given explicit consent or where another applicable legal basis exists.

We do not use or disclose sensitive personal information for the purpose of inferring characteristics about users, except as permitted by applicable law.

Purposes and Legal Bases of Processing for EU/EEA Users

We process users’ personal data for the following purposes and on the following legal bases.

Purpose of Processing	Categories of Personal Data	Legal Basis under the GDPR
To provide the Service	Identification information, device and technical information, usage information, user-provided content	Performance of a contract, Article 6(1)(b)
To provide paid features, in-app purchases, subscriptions, one-time purchase products, and purchase restoration	Purchase and subscription information, identification information, device and technical information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f); legal obligation, Article 6(1)(c), where applicable
To confirm purchase status and prevent unauthorized use	Purchase and subscription information, identification information, device and technical information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f)
To respond to inquiries, feedback, surveys, and defect reports	Inquiry, survey, feedback, and form information; user-provided content	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f); consent, Article 6(1)(a), where applicable
To analyze usage of the Service and improve features, quality, display, and usability	Usage information, device and technical information, identification information	Consent, Article 6(1)(a), where required; legitimate interests, Article 6(1)(f), where applicable
To detect, investigate, and fix crashes, defects, errors, and other technical issues	Crash, error, and defect information; device and technical information; identification information	Consent, Article 6(1)(a), where required; legitimate interests, Article 6(1)(f), where applicable
To provide Firebase-related functions and maintain app quality, stability, and safety	Identification information, device and technical information, session information, quality indicators	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f)
To deliver the website, improve display speed, and ensure security	Website access and security information	Legitimate interests, Article 6(1)(f)
To prevent, investigate, and respond to unauthorized use, fraud, security incidents, and violations of our terms	Identification information, device and technical information, usage information, website access and security information, purchase information	Legitimate interests, Article 6(1)(f); legal obligation, Article 6(1)(c), where applicable
To comply with applicable laws, regulations, legal requests, or obligations	Relevant personal data necessary for compliance	Legal obligation, Article 6(1)(c)
To announce or notify users of changes to, discontinuance of, termination of, or cancellation of the Service	Identification information, contact information, purchase and subscription information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f)
To provide, maintain, protect, and improve the Service	Identification information, device and technical information, usage information, crash information, purchase information, inquiry information	Performance of a contract, Article 6(1)(b); legitimate interests, Article 6(1)(f); consent, Article 6(1)(a), where applicable

Purposes of Processing for U.S. Users

We collect, use, retain, disclose, and otherwise process personal information of users in the United States for the following purposes.

To provide the Service
To operate, maintain, and improve the Service
To provide paid features, in-app purchases, subscriptions, one-time purchase products, and purchase restoration
To confirm purchase status and prevent unauthorized use
To respond to inquiries, surveys, feedback, defect reports, and support requests
To analyze usage of the Service and improve features, quality, display, and usability
To detect, investigate, and fix crashes, defects, errors, and other technical issues
To provide Firebase-related functions and maintain app quality, stability, and safety
To deliver the website, improve display speed, and ensure security
To prevent, investigate, and respond to fraud, unauthorized use, abuse, security incidents, and violations of our terms
To comply with applicable laws, regulations, legal requests, or obligations
To protect our rights, users’ rights, and third-party rights
To provide, maintain, protect, and improve the Service

California Notice at Collection

This section applies to California residents to the extent the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), applies to us.

We may collect the following categories of personal information.

Category of Personal Information	Examples	Purposes of Collection and Use	Categories of Third Parties to Whom We May Disclose
Identifiers	Name, email address, IP address, app instance ID, Firebase Installation ID, Crashlytics installation UUID, RevenueCat app user ID, device identifiers	To provide the Service, manage accounts or identifiers, respond to inquiries, provide paid features, restore purchases, prevent fraud, and improve the Service	Google, RevenueCat, Apple, Google Play-related providers, Cloudflare, payment and platform providers, professional advisors, public authorities where required
Customer records information	Contact information, purchase-related information, inquiry-related information	To process inquiries, manage purchases, provide support, and comply with legal obligations	Google, RevenueCat, Apple, Google Play-related providers, payment and platform providers, professional advisors, public authorities where required
Commercial information	Purchase history, subscription status, product ID, transaction ID, receipt information, purchase tokens, eligibility to use paid features	To provide in-app purchases, subscriptions, paid features, purchase restoration, fraud prevention, and support	RevenueCat, Apple, Google, payment and platform providers
Internet or other electronic network activity information	Usage history, screen transitions, in-app events, operation history, viewed pages, referrers, cookies, access logs	To analyze usage, improve the Service, detect errors, ensure security, and prevent unauthorized use	Google, Firebase-related services, Cloudflare
Geolocation information	Region or approximate location derived from IP address or device/network information	To provide, secure, analyze, and improve the Service	Google, Cloudflare, other service providers where necessary
Audio, electronic, visual, or similar information	Attached files, images, documents, or other materials submitted by the user through forms or support communications	To respond to inquiries, feedback, defect reports, and support requests	Google Forms / Google Workspace, professional advisors, public authorities where required
Inferences	Basic service usage patterns or feature usage status derived from usage information	To improve the Service, analyze functionality, and maintain service quality	Google and analytics-related service providers
Sensitive personal information	Information voluntarily submitted by the user that may include allergy, health, dietary restriction, or similar information	To respond to the user’s inquiry or support request, only to the extent necessary and permitted by law	Service providers or authorities only where necessary and permitted by law

We retain each category of personal information only for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Sources of Personal Information

We may collect personal information from the following sources.

Users directly
Users’ devices, browsers, apps, or operating systems
Apple App Store, Google Play, and other stores or platform providers
RevenueCat
Firebase, Google Analytics, Firebase Crashlytics, Google Forms, Google Workspace, and other Google services
Cloudflare
Payment service providers, platform providers, and other external service providers
Public authorities, regulators, courts, or other parties where required or permitted by law

Disclosure of Personal Information

We may disclose personal information to the following categories of recipients for the purposes described in this Policy.

Recipient Category	Purpose
Google LLC and its affiliates	Google Analytics, Google Analytics for Firebase, Google Analytics 4, Firebase, Firebase Crashlytics, Google Forms, Google Workspace, and related services
RevenueCat, Inc.	In-app purchase and subscription management, purchase verification, purchase restoration, usage eligibility management, and fraud prevention
Apple Inc. and its affiliates	App distribution, in-app purchases, subscriptions, billing, refund handling, and related App Store services
Google LLC and its affiliates	App distribution, in-app purchases, subscriptions, billing, refund handling, and related Google Play services
Cloudflare, Inc.	Website delivery, CDN, DNS, security, DDoS protection, access control, and log management
Payment service providers, stores, and platform providers	Payment processing, billing, refund handling, purchase confirmation, and subscription management
Professional advisors	Legal, accounting, tax, audit, or other professional advice, where necessary
Public authorities, courts, regulators, or law enforcement agencies	Compliance with laws, regulations, legal procedures, or enforceable governmental requests

We do not sell users’ personal information for monetary consideration.

We do not currently use external transmission tools for advertising delivery purposes.

We do not knowingly sell or share personal information for cross-context behavioral advertising or targeted advertising as those terms are defined under applicable U.S. state privacy laws.

If any processing is deemed to constitute a “sale,” “sharing,” or processing for “targeted advertising” under applicable U.S. state privacy laws, users may opt out by contacting us at the email address stated in this Policy or by using any opt-out mechanism made available within the Service or on our website.

U.S. State Privacy Rights

Depending on the state in which the user resides and subject to the conditions and limitations under applicable law, users in the United States may have the following rights.

Right to know or confirm whether we process personal information
Right to access personal information
Right to obtain a copy of personal information in a portable format
Right to correct inaccurate personal information
Right to delete personal information
Right to opt out of the sale of personal information
Right to opt out of sharing personal information for cross-context behavioral advertising
Right to opt out of targeted advertising
Right to opt out of certain profiling or automated decision-making
Right to limit the use or disclosure of sensitive personal information, where applicable
Right to withdraw consent, where applicable
Right not to be discriminated against for exercising privacy rights
Right to appeal a denial of a privacy rights request, where applicable

To exercise these rights, users may contact us at the email address stated in this Policy.

We may request information necessary to verify the identity of the user before responding to a request.

Where applicable law permits an authorized agent to submit a request on behalf of a user, we may request proof of authorization and may also require the user to verify their identity directly with us.

California Privacy Rights

California residents may have the following rights under the CCPA, subject to applicable limitations.

Right to know what personal information we collect, use, disclose, sell, or share
Right to access personal information
Right to delete personal information
Right to correct inaccurate personal information
Right to opt out of the sale or sharing of personal information
Right to limit the use and disclosure of sensitive personal information, where applicable
Right not to receive discriminatory treatment for exercising CCPA rights