AGOS LABS TECHNOLOGIES (hereinafter referred to as the "Company") has established the following privacy policy (hereinafter referred to as the "Policy") regarding the handling of Personal Data of individuals who use the Company's services (hereinafter referred to as the "Users") and those who have entered into a promotional agreement with the Company (the "Partners"; Users and Partners collectively referred to as the "Data Subjects"). The terms used in this Policy shall apply mutatis mutandis to the terms defined in our
Terms of Use.
Article1 (Personal Data)
For the purposes of this Policy, "Personal Data" means information about a living individual as defined in Article 2, Paragraph 1 of the Act on the Protection of Personal Information of Japan (Act No. 57 of 2003; hereinafter referred to as the "Act").It refers to information that can identify a specific individual, such as name and date of birth, either by itself or in combination with other information, or that contains individual identification codes.
Article 2 (Purposes of Use of Personal Data)
The Company will use the Personal Data it obtains for the following purposes.
When collecting Personal Data, the Company will, where appropriate, inform the individual of the following: whether the provision of such data is required by law or contract; whether the provision is necessary for entering into a contract; whether the individual is obligated to provide the data; and the potential consequences or disadvantages of not providing the data.
1. Personal Data Related to Individuals
| Category of Personal Data | Purpose of Use | Legal Basis |
|---|
| Identification Data(e.g., name, address, gender, date of birth, phone number, email address) | - To provide the Service, verify identity, and manage user accounts
- To notify individuals of updates to terms, maintenance activities, or other important information
- To respond to inquiries or customer support requests
- To identify and restrict access to individuals who violate the Terms of Service or attempt to misuse the Service
| - Performance of a contract or steps prior to entering into a contract
- Legitimate interests (e.g., ensuring service quality, preventing fraudulent use)
|
| Payment Information(e.g., bank account details, payment method) | To process payments related to the Service | Performance of a contract |
| Uploaded Data(e.g., messages, images, videos) | - To generate content as part of the Service
- To improve and develop existing and new services
- To report usage data to individuals
- To identify and restrict access to individuals who violate the Terms of Service or attempt to misuse the Service
| - Performance of a contract
- Legitimate interests (e.g., enhancing service quality, preventing misuse)
|
| External Service Integration Data(e.g., user ID, profile name, profile image, email address, friend list, language settings, login information, metadata such as impression counts) | - To perform integration processes with external services
- To improve and develop existing and new services, and to deliver advertisements
| - Consent of the individual
- Performance of a contract
- Legitimate interests (e.g., enhancing functionality through external integrations)
|
| Automatically Collected Information(e.g., cookie ID, device information, location data, browsing history) | - To provide the Service and analyze usage
- To improve and develop existing and new services, and to deliver advertisements
- To notify individuals of new features, updates, campaigns, or other services via email, flyers, or direct mail
| - Consent of the individual
- Legitimate interests (e.g., improving service quality and functionality)
|
| Other Information Provided with Explicit Consent | For purposes explicitly stated at the time of consent | Consent of the individual |
Article 3 (Sources of Personal Data)
The Company may obtain Personal Data either directly or indirectly. In cases of indirect collection, such data may be obtained through the following third parties:
- Companies to which the individual belongs, or companies that have a business partnership with the Company
- External services through which the individual has authorized data sharing (e.g., Facebook, Instagram, X (formerly Twitter), ByteDance, etc.)
- Providers of data analytics, hosting, and cloud services (e.g., Google LLC, Meta Platforms, Inc., X Corp., ByteDance Ltd., etc.)
- Ad networks and analytics service providers (e.g., Google Analytics, etc.)
Article4 (Provision to Third Parties)
1.
The Company shall not provide Personal Data to any third party without the prior consent of the Data Subjects. However, this does not apply in the following cases where the provision of Personal Data to a third party is necessary:
- (1) When outsourcing all or part of the handling of Personal Data within the scope necessary to achieve the purpose of use.
- (2) When Personal Data is provided due to business succession through merger or other reasons.
- (3) When Personal Data is provided to a business partner or information collection module provider in accordance with Article 6.
- (4) When otherwise permitted under the Act or other applicable laws and regulations.
2.
When the Company provides Personal Data to a third party, it shall create and retain records of such provision.
3.
When receiving Personal Data from a third party, the Company shall perform necessary verifications and create and retain records related to such verifications.
Article 5 (Provision of Personal Data to Third Parties Located in Foreign Countries)
The Company may provide Personal Data held by the Company to third parties located in foreign countries in the following cases:
| Recipient | Location (Country) | Service | Personal Data Protection Framework in the Country | Measures Taken by Recipient | Privacy Policy / Additional Information |
|---|
| Google LLC | California, United States | Google, YouTube, Google Analytics, etc. | California, United States Report (Japanese) https://www.ppc.go.jp/files/pdf/california_report.pdf | All eight OECD Privacy Principles are observed | Privacy Policy / Legal Notice for Japanese Users https://policies.google.com/privacy/additional?gl=jp |
| Meta Platforms, Inc. | California, United States | Facebook, Instagram, Threads, etc. | California, United States Report (Japanese) https://www.ppc.go.jp/files/pdf/california_report.pdf | All eight OECD Privacy Principles are observed | Privacy Policy:https://www.facebook.com/privacy/policy/?entry_point=about_fb / Japan Privacy Notice :https://www.facebook.com/privacy/policies/japan |
| X Corp. | California, United States | X (formerly Twitter) | California, United States Report (Japanese) https://www.ppc.go.jp/files/pdf/california_report.pdf | All eight OECD Privacy Principles are observed | Privacy Policy:https://x.com/ja/privacy |
| ByteDance Ltd. | California, United States, Singapore, Malaysia | TikTok, etc. | U.S.: Report (https://www.ppc.go.jp/files/pdf/USA_report.pdf) Singapore: Report (https://www.ppc.go.jp/files/pdf/singapore_report.pdf) Malaysia: Report (https://www.ppc.go.jp/files/pdf/malaysia_report.pdf) | All eight OECD Privacy Principles are observed | Privacy Policy |
Article6(Provision of Information to Partners and Information Collection Module Providers)
1.
In the Service, the following partners may store and use Personal Data through the use of cookies or similar technologies.
| Name of the service to which the information is sent | Name of the entity to which the information is externally transmitted | Externally Transmitted Information | Our Purpose of Use | Destination Purpose of Use | Opt-out | Privacy Policy |
|---|
| Google Cloud Platform | Google LLC | IP address, Data Subjects agent (browser and OS information), access logs such as requested URLs and timestamps, and identifier information (e.g., Data Subjects IDs) handled within the service as needed | For providing the service | For hosting, operation and maintenance, traffic distribution, and security measures | https://policies.google.com/privacy | https://policies.google.com/privacy |
2.
We use Google Analytics provided by Google, which collects and analyzes your browsing history based on cookies set by us or by Google, the results of which we receive and which we may use to better understand your use of our website and our services. For more information about Google's use of your data in Google Analytics, please visit their website at https://policies.google.com/technologies/partner-sites.
Article7 (Requests for Disclosure of Personal Data, etc.)
1.
In accordance with the Act, the Company shall, upon request from the Data Subjects, respond without delay to requests for notification of the purpose of use of retained personal data (as defined in Article 16, Paragraph 4 of the Act, hereinafter the same), disclosure of retained personal data or records of provision to third parties, correction, addition, or deletion of retained personal data, or cessation of use, deletion, or cessation of provision to third parties (collectively, "Requests for Disclosure of Personal Data, etc."). These requests will be processed according to the Company’s prescribed procedures, after verifying that the request originates from the Data Subjects.
2.
A fee of 1,000 yen (excluding consumption tax) per request will be charged for notifications of the purpose of use, disclosures of retained personal data, or records of provision to third parties.
3.
For details on how to make a request for disclosure of Personal Data, please contact the Company's inquiry desk as described in this Policy.
Article8 (Policy Modification)
The Company may modify this Policy as necessary. However, if the Company makes changes to this Policy that require the Data Subjects consent under the law, the modified Policy shall apply only to those Data Subjects who have agreed to the changes in the manner prescribed by the Company. When modifying this Policy, the Company will inform the Data Subjects of the effective date and content of the modified Policy by posting it on the Company’s website or by other appropriate means.
Article9 (Compliance with Laws and Regulations)
The Company shall comply with Japanese laws, regulations, and other applicable standards regarding Personal Data in its possession.
Article10(Security Control Measures)
The Company takes organizational, physical, personnel, and technical measures to prevent unauthorized access to Personal Data, as well as loss, destruction, alteration, or leakage of Personal Data. These measures include access restrictions to Personal Data files, access log recording, and security protocols to prevent unauthorized external access. In the event of a Personal Data leakage or similar incident, the Company will promptly report the incident to regulatory authorities in accordance with the Act and related guidelines, and will implement necessary preventive and corrective measures as instructed by the relevant authorities. For specific details of the Company’s security control measures, please contact the inquiry desk listed in this Policy.
Article 11 (Retention Period of Personal Data)
The Company retains Personal Data only for the period necessary to achieve the purposes of use described above.
Article12 (Company Address, Representative, and Personal Data Protection Manager)
The Company’s representative, and Personal Data protection manager are as follows: Representative: Kosuke Yokoyama
Personal Data Protection Manager: Kosuke Yokoyama
Article13 (Inquiry Contact)
For inquiries regarding the Company’s handling of Personal Data, please contact: FotisAI Customer Support Address: Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates.
Enacted and effective as of August 1, 2025.
Revised on August 7, 2025
