Scavenger Hunt App — Petanco

Log in Sign up

Privacy Policy

Privacy Policy

Note: This is a translation of the original Japanese Privacy Policy for reference purposes only. In the event of any discrepancy between this translation and the Japanese original, the Japanese version shall prevail.

Information Security Policy

GOWAS LLC (hereinafter referred to as "the Company") recognizes that ensuring information security is one of the key challenges in conducting business activities properly and smoothly. As a guideline for protecting our information assets, the Company has established this Information Security Policy and implements and promotes it as follows.

Protection of Information Assets

The Company takes appropriate organizational and technical measures to ensure the confidentiality, integrity, and availability of information assets.

Compliance with Laws and Regulations

The Company complies with laws, regulations, and rules related to information security. The Company provides necessary education and training to ensure that management and employees fully recognize the importance of information assets.

Continuous Improvement

The Company periodically evaluates and reviews this Information Security Policy, related rules, and management systems to achieve continuous improvement in information security.

End

Privacy Policy

GOWAS LLC (hereinafter referred to as "the Company") respects the privacy of users and gives full consideration to personal information in the operation of the websites and services (hereinafter referred to as "the Service") managed by the Company. The Company strives to protect personal information and manage it appropriately. This Privacy Policy applies in conjunction with the Terms of Service of the Service.

Article 1 — Personal Information

  1. "Personal information" refers to "personal information" as defined by the Act on the Protection of Personal Information, meaning information about a living individual that can identify the specific individual by name, date of birth, address, telephone number, contact details, or other descriptions contained in such information, as well as data relating to appearance, fingerprints, voiceprints, and information that can identify a specific individual from a single piece of information such as the insurer number of a health insurance certificate (personal identification information).
  2. Cookies, IP addresses, device identifiers, and similar information alone cannot identify a specific individual and are therefore not considered personal information. However, when such information is used in conjunction with personal information, it shall be treated as personal information.
  3. Unless otherwise specified, this Privacy Policy also applies, to the extent associated with personal information, to the operation history of Participants within the Service (time-series records of check-ins, benefit redemptions, survey responses, page views, image submissions, lottery participation, use of AI Functions, and similar actions; hereinafter referred to as "Behavioral Data"), attribute information voluntarily registered as a profile by Participants, image data provided by Participants through the photo submission function, receipt-reading function, and other features, and data input by Users into AI Functions.

Article 2 — Methods of Collecting Personal Information

  1. The Company may ask Providers for their email address, username, and other information necessary for registration at the time of user registration. Additionally, when Providers use paid services, the Company may ask for credit card information for payment purposes.
  2. When Participants use the Service, the Company may obtain their email address, identifiers and display names obtained through social login (LINE or other external services designated by the Company), and attribute information voluntarily registered as a profile (such as name, age, gender, place of residence), as well as keywords, survey responses, quiz answers, and other inputs provided by Participants when participating in campaigns.
  3. In providing the Service, the Company may obtain location information voluntarily permitted by Participants at the time of check-in, through the location services available on the operating system of the Participant's device (services using GPS, Wi-Fi, cell towers, etc.). The acquisition of location information may be subject to a separate permission prompt on the User's device operating system.
  4. When Participants use the photo submission function, receipt-reading function, or other image upload functions, the Company obtains the image data. Such image data will be made available for the Provider of the relevant campaign to view, approve, reject, and download.
  5. The Company obtains Participants' Behavioral Data as well as IP addresses, device information, browser information, Cookies, and other technical information for the purposes of providing the Service, improving quality, preventing fraud, performing statistical analysis, and supporting Providers in operating campaigns.
  6. When Users use AI help chat, AI translation, AI content generation, AI receipt reading, or other AI Functions, the Company may obtain and record the text, images, and other data input by Users into AI Functions, as well as the output results of such AI Functions. Such data may be transmitted to third-party AI service providers for the purpose of generating responses or output (see Article 5-3 for details).
  7. The Company uses "Google Analytics," an access analysis tool provided by Google. Google Analytics uses cookies to collect data. This data is collected anonymously and does not identify individuals. You can refuse data collection by disabling cookies in your browser settings. For details regarding these terms, please see the Google Analytics Terms of Service page and the Google Policies and Terms page.
  8. The Company uses Microsoft Clarity to understand how users interact with our website in order to improve our products and advertising. By using our site, you agree that the Company and Microsoft may collect and use this data.

Article 3 — Purposes of Collecting and Using Personal Information

The purposes for which the Company collects and uses personal information, Behavioral Data, and other information are as follows:

  1. To provide and operate the Service
  2. To respond to inquiries from Users (including identity verification)
  3. To send emails about new features, updates, campaigns, and other services provided by the Company regarding the services currently used by Users
  4. To contact Users as necessary for maintenance, important notices, and other communications
  5. To identify Users who violate the Terms of Service or who attempt to use the Service for fraudulent or improper purposes, and to refuse their use
  6. To allow Participants to participate in campaigns and use functions such as check-ins, benefit redemptions, and lottery participation
  7. To bill Providers for paid services
  8. To enable Providers to statistically aggregate and analyze participation status, Participant Attribute Information (excluding information that can identify individuals), and Behavioral Data related to campaigns created and published by them
  9. To provide AI Functions (such as content generation, multilingual translation, image recognition (receipt reading, etc.), and AI help chat), improve response accuracy, and detect fraudulent use
  10. To compile and process statistical data in a form that cannot identify individuals, for purposes such as improving the Service, developing new features, analyzing usage trends, presenting case studies, and conducting market research
  11. To detect and prevent fraudulent use, unauthorized access, bot-based attacks, and other security risks related to the Service
  12. Purposes incidental to the above purposes of use

Article 4 — Changes to Purpose of Use

  1. The Company shall change the purpose of use of personal information only when it is reasonably considered to be related to the purpose of use before the change.
  2. If the purpose of use is changed, the Company shall notify Users of the changed purpose or announce it on this website by the method prescribed by the Company.

Article 5 — Disclosure of Personal Information to Third Parties

  1. The Company shall not provide personal information to third parties without the prior consent of the User, except in the following cases. However, this excludes cases permitted by the Act on the Protection of Personal Information and other laws and regulations.
    1. When it is necessary for the protection of the life, body, or property of a person and it is difficult to obtain the consent of the individual
    2. When it is particularly necessary for improving public health or promoting the sound growth of children and it is difficult to obtain the consent of the individual
    3. When it is necessary to cooperate with a national institution, a local government, or a person entrusted by either in executing affairs prescribed by laws and regulations, and obtaining the consent of the individual is likely to impede the execution of such affairs
    4. When the following matters have been notified or made public in advance, and the Company has filed a notification with the Personal Information Protection Commission:
      1. That the purpose of use includes provision to third parties
      2. The data items to be provided to third parties
      3. The means or method of provision to third parties
      4. That the provision of personal information to third parties will be stopped at the request of the individual
      5. The method of accepting requests from the individual
  2. Notwithstanding the preceding paragraph, in the following cases, the recipient of such information shall not be considered a third party:
    1. When the Company outsources all or part of the handling of personal information to the extent necessary to achieve the purpose of use
    2. When personal information is provided due to business succession resulting from a merger or other reasons
    3. When personal information is shared with a specific party, and the individual has been notified in advance or placed in a position to easily know of the items of personal information to be shared, the scope of parties who share the information, the purpose of use by those parties, and the name or title of the person responsible for managing such personal information
  3. Providers may view and download participation status, Participant Attribute Information (excluding information that can identify individuals), and Behavioral Data obtained through campaigns they have created and published, for purposes such as analyzing and improving such campaigns. Providers shall handle such information in compliance with the Service's Terms of Service and applicable laws and regulations, and the Company shall not be liable for the handling of such information by Providers.
  4. The Company may statistically aggregate and process information obtained from the Service, and after processing it into a form that cannot identify individuals, may provide it to Providers and third parties for purposes such as improving the Service, presenting case studies, and conducting market research.

Article 5-2 — Outsourcing Partners and Sub-processors

  1. In providing the Service, the Company may outsource all or part of the handling of information, including personal information, to external businesses in the following categories (hereinafter referred to as "Sub-processors") within the scope necessary to achieve the purpose of use:
    1. Cloud infrastructure (servers, databases, storage, message delivery, etc.)
    2. Payment processing services
    3. Authentication services (such as social login)
    4. Map display services
    5. AI-related services (generative AI, machine translation, image recognition, etc.)
    6. Bot and unauthorized access detection services
    7. Email delivery services
    8. Access analytics, error monitoring, and operations monitoring services
  2. The main external services currently used by the Company are as follows (this list may be updated from time to time due to changes in service providers):
    • Google LLC (Firebase, Google Cloud, Google Maps, Google Analytics, Gemini API, etc.)
    • Stripe, Inc. (payment processing)
    • LY Corporation (social login via LINE)
    • Cloudflare, Inc. (bot protection, CDN)
    • Microsoft Corporation (Microsoft Clarity)
  3. Some Sub-processors are based in the United States or other countries outside Japan, and may store or process User information on servers located outside Japan. In accordance with Article 28 of the Act on the Protection of Personal Information and other applicable laws, the Company implements appropriate safeguards, including entering into appropriate contracts with such Sub-processors.
  4. The Company may add, change, or discontinue Sub-processors due to factors such as improving the quality of the Service, optimizing cost structure, or changes in contractual terms. Material changes shall be announced on the Service's website.

Article 5-3 — Provision of Data to Third-Party AI Service Providers via AI Functions

  1. The Company provides AI Functions in the Service, including content generation, multilingual translation, image recognition (such as receipt reading), AI help chat, and other functions (hereinafter referred to as "AI Functions").
  2. The text, images, and other data input by Users into AI Functions (hereinafter referred to as "AI Input Data") and the output results of AI Functions may be provided to third-party AI service providers selected by the Company (hereinafter referred to as "AI Providers") for the purpose of generating responses or output.
  3. The handling of AI Input Data and output results by AI Providers shall be governed by the terms of service and privacy policies established by such AI Providers. In selecting AI Providers, the Company endeavors to select providers that handle data appropriately, including by not using AI Input Data for the training of their models and by deleting such data after a reasonable period of time.
  4. Users shall not input personal information, confidential information, or any other information that should not be disclosed to third parties into AI Functions. The Company shall not be liable for any damage caused by User input.
  5. The Company may use AI Input Data and output results, after processing them into a form that cannot identify individuals, for purposes such as improving the quality of AI Functions, preventing fraudulent use, and understanding usage trends.

Article 6 — Disclosure of Personal Information

  1. When requested by the individual to disclose their personal information, the Company shall disclose it to the individual without delay. However, if disclosure would fall under any of the following, the Company may choose not to disclose all or part of the information, and if a decision not to disclose is made, the individual shall be notified without delay. Please note that a fee of 1,000 yen per request will be charged for the disclosure of personal information.
    1. When there is a risk of harming the life, body, property, or other rights or interests of the individual or a third party
    2. When there is a risk of significantly hindering the proper conduct of the Company's business
    3. When it would violate other laws and regulations
  2. Notwithstanding the preceding paragraph, information other than personal information, such as history information and attribute information, shall not be disclosed as a general rule.

Article 7 — Correction and Deletion of Personal Information

  1. If a User's personal information held by the Company is incorrect, the User may request the Company to correct, add, or delete (hereinafter referred to as "correction, etc.") the personal information according to the procedures established by the Company.
  2. If the Company receives a request from the User as described in the preceding paragraph and determines that it is necessary to comply with the request, the Company shall correct the personal information without delay.
  3. When the Company makes a correction based on the preceding paragraph, or when a decision is made not to make a correction, the Company shall notify the User without delay.
  4. Users may request the deletion of their account through the prescribed functions of the Service or the procedures established by the Company. The handling of each piece of data upon account deletion shall be governed by Paragraph 5 of Article 11.

Article 8 — Suspension of Use of Personal Information

  1. When requested by the individual to suspend the use or delete personal information (hereinafter referred to as "suspension of use, etc.") on the grounds that the information is being handled beyond the scope of the purpose of use or was obtained by fraudulent means, the Company shall promptly conduct the necessary investigation.
  2. Based on the results of the investigation described in the preceding paragraph, if the Company determines that it is necessary to comply with the request, the Company shall promptly suspend the use of the relevant personal information.
  3. When the Company suspends the use based on the preceding paragraph, or when a decision is made not to suspend the use, the Company shall notify the User without delay.
  4. Notwithstanding the preceding two paragraphs, in cases where suspension of use would incur significant costs or is otherwise difficult, and alternative measures can be taken to protect the rights and interests of the User, such alternative measures shall be adopted.

Article 9 — Changes to Privacy Policy

  1. The content of this Privacy Policy may be changed without notifying Users, except for matters otherwise provided by law or otherwise set forth in this Privacy Policy.
  2. Unless otherwise specified by the Company, the revised Privacy Policy shall take effect from the time it is posted on this website.

Article 10 — Data Protection Officer and EU Representative

The Company is not obligated to appoint a Data Protection Officer (DPO) under the EU General Data Protection Regulation (GDPR), but from the perspective of privacy protection, we have established the following contact point.

Personal Information Officer: Representative of GOWAS LLC
Contact: support@petanco.net

Article 11 — Additional Provisions for EU and EEA Users

Users subject to the EU General Data Protection Regulation (GDPR) have the following additional rights:

  1. Legal Basis for Data Processing
    The Company processes personal data based on one or more of the following legal bases:
    • Consent of the User
    • When necessary for the performance of a contract
    • When necessary for compliance with a legal obligation
    • When necessary to protect the vital interests of the User or another natural person
    • When necessary for the legitimate interests of the Company (except where the fundamental rights and freedoms of the User take precedence)
  2. Right to Data Portability
    Users have the right to receive personal data processed by the Company in a structured, commonly used, and machine-readable format.
  3. Right to Object
    Users have the right to object at any time to the processing of personal data based on the legitimate interests of the Company.
  4. Automated Decision-Making
    The Company does not make decisions based on fully automated processing, including profiling, that produce legal effects concerning the User or similarly significantly affect the User.
  5. Data Retention Period
    The Company retains personal data only for the period necessary for the purpose for which it was collected. Specific retention periods are as follows:
    • Provider account information: During the active period of the account and for a period prescribed by the Company after deletion (standard 90 days)
    • Transaction information: For the period prescribed by law (up to 10 years)
    • Inquiry information: For 3 years after the response is completed
    • Campaign information: During the active publication period of the campaign and for the retention period prescribed by the Company (after expiration of the publication period, the campaign may revert to draft status by the method prescribed by the Company, or be deleted after the retention period prescribed by the Company. Details are announced on the Service's website.)
    • Participant Behavioral Data and attribute information: Same retention period as the related campaign information, linked to such campaign
    • Images submitted by Participants (photos, receipt images, etc.): Same retention period as the related campaign information, linked to such campaign
    • AI chat history and AI Function usage logs: For the retention period prescribed by the Company (at the time of account deletion, data linked to the deleted account will be deleted)
    • Cookie information: Until the expiration date of each cookie
  6. International Data Transfers
    The Company uses Sub-processors as set forth in Article 5-2, some of which are based in the United States or other countries outside Japan. Accordingly, User personal data may be transferred outside Japan (including outside the EEA). The Company implements appropriate safeguards (such as the conclusion of standard contractual clauses).
  7. Right to Lodge a Complaint with a Supervisory Authority
    Users have the right to lodge a complaint with the data protection supervisory authority of the EU Member State of their residence, workplace, or the place where the alleged violation occurred.

Article 12 — Cookie Policy

The Company uses cookies and similar technologies on its website. For details regarding the use of cookies, please refer to our Cookie Policy.

Article 13 — Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided personal information, we will promptly delete such information. If a Provider plans a campaign primarily targeted at Participants under the age of 16, the Provider shall, at its own responsibility, obtain parental consent and comply with other applicable laws and regulations.

Article 14 — Contact

For inquiries regarding our Privacy Policy, please use the Contact page.

(For identity verification purposes, please contact us from your registered email address.)

Established: June 30, 2023
Revised: December 28, 2024
Revised: May 15, 2026