Privacy Policy

Personal Information Protection Policy

Ptmind Inc. (“the Company”) provides data analytics, A/B testing, automation services, and AI assistant tools for business productivity. We recognize that protecting the personal information of our customers, business partners, employees, and other related parties is a significant responsibility. In accordance with our personal information protection philosophy and code of conduct, we declare our commitment to fulfilling our social mission, protecting individual rights, and complying with all applicable laws and regulations on personal information. We have established a Personal Information Protection Management System and commit to continuous improvement in response to technological developments, social requirements, and changes in the business environment.

1. We will acquire, use, and provide personal information appropriately and will not process personal information beyond the scope necessary for the specified purposes. We will take appropriate measures to this end.
2. We will comply with laws, government guidelines, and other norms related to the handling of personal information.
3. We will implement reasonable security measures to prevent leakage, loss, or damage of personal information, and will continuously improve our security systems. In the event of an incident, we will promptly take corrective action.
4. We will respond to complaints and inquiries regarding the handling of personal information promptly and sincerely.
5. Our Personal Information Protection Management System will be reviewed and continuously improved in a timely and appropriate manner.

Ptmind Inc.
Representative Director & CEO, Yuan Zheng

Personal Information Protection — Public Disclosures

2.1 Purposes of Use for Personal Information Handled by the Company

(a) Personal information acquired directly from the individual in writing

• Service user information: To customize service use, information, and advertising delivery for “Ptengine,” “VIVAIA,” “Kocoro,” and “Shannon” business services; to create statistical data processed into a form that cannot identify individuals.
• Employee information: For HR management, business management, health management, and security management.
• Recruitment applicant information: To contact recruitment applicants and manage recruitment operations.
• Inquiry information: To respond to inquiries such as document requests.

(b) Personal information acquired by other means

• Personal information entrusted when outsourcing business from customers: To perform the outsourced work.

2.2 Joint Use of Personal Information

The Ptmind Group jointly uses personal information of recruitment applicants and employees for management purposes across group companies, as follows.

• Categories of jointly used data:
  • Recruitment applicant information (name, address, date of birth, phone number including email address, etc.)
  • Employee information (employee name, working hours, payroll information, etc.)
• Scope of joint users: BEIJING BOJIN ZHIHUI INTERNET TECH. LTD.
• Purposes of joint use:
  • Recruitment applicant information: for recruitment management across group companies.
  • Employee information: for payroll processing.
• Manager responsible for jointly used personal information: BEIJING BOJIN ZHIHUI INTERNET TECH. LTD., Representative Director & CEO, Yuan Zheng.
• Acquisition method: Internet (web and email), written forms, etc.

2.3 Matters Concerning Retained Personal Data

Company Information

• Name: Ptmind Inc.
• Representative: Representative Director & CEO, Yuan Zheng
• Personal Information Protection Manager: WeiQiang Wang
• Address: Frontier Gran Nishi-Shinjuku 10F, 3-7-30 Nishi-Shinjuku, Shinjuku-ku, Tokyo 160-0023, Japan
• Contact: TEL: 03-6380-4268  /  Email: cs@ptmind.co.jp

Purpose of Use of Retained Personal Data

As stated in Section 2.1(a) above.

Complaint Contact for Retained Personal Data

Certified Personal Information Protection Organizations

The Company is not currently a member of any certified personal information protection organization.

Security Management Measures

The Company implements organizational, human, physical, and technical security management measures based on the Japanese Industrial Standard (JISQ15001) Personal Information Protection Management System.

Procedures for Responding to Requests for Disclosure of Retained Personal Data

You may submit requests to our inquiry desk for the following disclosure-related actions: notification of purpose of use, disclosure, correction/addition/deletion, suspension of use, suspension of third-party provision, erasure, and disclosure of third-party provision records. Upon receipt of a request, we will verify your identity and respond within a reasonable period. The procedure is as follows:

1. After receiving your initial request, we will send you our prescribed request form by post.
2. Please return the completed request form, together with any documentation confirming the authority of an authorized representative (if applicable) and a postal money order for the applicable fee (required for requests for notification of purpose of use and disclosure only), to our inquiry desk.
3. Upon receiving the completed form, we will ask you to provide approximately two items of personal information registered with us (e.g., phone number and date of birth) for identity verification.
4. Responses will in principle be provided to you in writing by postal mail.

Requests by authorized representative: Please include (a) documentation confirming the representative’s authority (original power of attorney, or certified copy of family register or residence certificate, etc.) and (b) documentation confirming the representative’s own identity (copy of driver’s license, passport, health insurance card, etc.).

Fee for notification of purpose of use or disclosure: ¥1,000 per request (enclose a postal money order with your request form).

Handling of Service User Information

Article 1 — Definition of User Information

“User information” means personal information (any data relating to an identified or identifiable natural person), behavioral history on the communication service, and other information generated or accumulated on a user’s device that the Company collects pursuant to this Policy.

Article 2 — Consent-Based Processing and Right to Withdraw Consent

By expressing agreement to this Privacy Policy, users consent to the Company’s processing of their personal information. Users may withdraw such consent at any time. Users under 16 years of age must obtain parental or guardian consent before using the Service.

Providing personal information to the Company is a prerequisite for using the Service; failure to provide such information may prevent use of the Service.

Article 3 — User Information Collected Through the Service

Information provided by users

• Company name, full name, email address, phone number, date of birth, credit card information, and other information entered in registration forms.

Information automatically collected by the system

• User agent (device type), display resolution, color depth, browser viewport dimensions, language settings, character set, platform (OS version), tap coordinates, referrer, title and URL of referring websites, and browser type.
• IP Address: automatically processed at the time of collection to prevent identification of individuals; the Company does not process IP addresses in a manner that identifies specific individuals.
• Pages accessed, time of visit, time of last visit, and geographic location (prefecture level in Japan; city level outside Japan).
• User Content: all data, files, materials, and inputs — including voice, images, documents, screenshots, knowledge bases, and data source connection information — that users transmit, store, create, or generate through the Service.
• Operation history: date and time of access, features used, frequency of use, time zone, country, region, and other records of user operations.

The combination of automatically collected information described above may enable analysis of visitor behavior on web pages; however, because IP addresses are automatically processed to prevent individual identification, the Company cannot identify specific individuals from this information alone.

When the Service is implemented using the Google Tag Manager integration, a Ptengine tag is automatically added to the connected Google Tag Manager account; no customer information is stored in this process.

Article 4 — Purpose of Use

The Company will not process user information obtained through the Service beyond the following purposes without the user’s consent, except as required by law or where the user has separately consented:

1. User registration, identity verification, and system operations necessary to provide, maintain, improve, and implement the Service.
2. Billing of usage fees and late payment charges.
3. Verification of credit card validity for payment settlement.
4. Customization of information and advertising delivery within the Service tailored to the user.
5. Provision of information regarding the Service.
6. Notification of suspension, discontinuation, or termination of the Service.
7. Response to acts that violate the Terms of Use of the Service.
8. Notification of changes to our Terms of Use, this Policy, and related documents.
9. Response to disputes and litigation.
10. Creation of statistical data processed into a form that cannot identify individuals.
11. Quality improvement, feature development, and enhancement of the Service.
12. Purposes incidental to the preceding items.

The Company may, with the user’s prior consent, share user information including personal information with third parties within the scope necessary to achieve the above purposes.

The Company provides personal information to group companies located in the People’s Republic of China. The Company takes necessary and appropriate protective measures pursuant to agreements with those group companies. Information on China’s personal information protection framework is available on the website of Japan’s Personal Information Protection Commission: https://www.ppc.go.jp/enforcement/infoprovision/laws/offshore_report_china/

Article 5 — Changes to Purpose of Processing

The Company may change the purposes of processing within the scope of what is reasonably considered to have a reasonable relationship with the original purposes, and will notify or announce such changes to users and obtain their renewed consent.

Article 6 — Acquisition of User Information

The Company will acquire user information in an appropriate manner, without deception or other improper means. Where user information is acquired by means other than through users’ use of the Service, the Company will notify or announce the purpose of use and acquisition method in advance.

Article 7 — Cookies and Anonymous IDs

The Service may use cookies and similar technologies to collect information about how the Service is being used. These technologies help the Company understand usage patterns and improve the Service. Users may configure their browsers to display warnings before accepting cookies or to refuse cookies entirely. Note that refusing cookies may cause parts of the Service to not function correctly.

Article 8 — Security Management

The Company will take necessary and appropriate measures, including anonymization, to prevent leakage, loss, or damage of user information.

In providing the “Kocoro” AI assistant service, the Company may provide user information to the following third-party AI model providers located outside Japan:

• OpenAI, L.L.C. (3180 18th St, San Francisco, California 94110, United States)
• Google L.L.C. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States)

Where Google API Services data must be transmitted to OpenAI L.L.C., such transmission is limited to the minimum scope necessary to provide the query, analysis, visualization, or other core feature explicitly requested by the user. OpenAI L.L.C. does not use such data for model training.

For information on personal information protection frameworks in the United States, please refer to:

• Federal law: https://www.ppc.go.jp/enforcement/infoprovision/laws/offshore_report_america/#federal
• California law: https://www.ppc.go.jp/enforcement/infoprovision/laws/offshore_report_america/#fcalifornia

Where the Company entrusts all or part of the handling of user information to a third party, it will enter into a confidentiality agreement compliant with this Policy and conduct necessary supervision to ensure security.

Article 9 — Disclosure and Sharing of User Information

The Company may disclose or share personal information with third parties, with the user’s consent, in the following circumstances:

1. Where the Company entrusts all or part of the handling of personal information to a third party within the scope necessary to achieve the purposes of use.
2. Where personal information is provided to payment processors, credit companies, or banks for the purpose of billing usage fees.
3. Where a user has taken or is attempting to take actions within the Service that harm others or violate public order and morals, and a response is necessary.
4. In connection with a business succession due to merger or similar event.
5. Where there is an imminent danger to life, property, or other vital interests.
6. Where disclosure is requested by a court, police, or other public authority pursuant to applicable law.
7. Where the Company is otherwise legally obligated to disclose.

Notwithstanding the above, data obtained through Google API Services in the “Kocoro” service will not be sold, used for advertising or marketing purposes, or disclosed or shared with third parties, except to the extent strictly necessary to provide the app’s core features, maintain security, or comply with applicable law.

Article 10 — Access, Correction, and Other Rights

Users have the following rights with respect to their personal information:

• Right of access to personal information.
• Right to correction or erasure of personal information.
• Right to restriction of processing.
• Right to object to processing.
• Right to data portability.

To exercise these rights, please contact our inquiry desk. Upon verification of identity, the Company will respond within a reasonable period. Users also have the right to lodge a complaint with the competent data protection authority in their jurisdiction.

Article 11 — Inquiries

For opinions, questions, complaints, or other inquiries regarding the handling of user information, please contact:

Article 12 — Organization and Structure

The Company designates Representative Director Yuan Zheng as the person responsible for the management of user information and implements appropriate management and continuous improvement.

Article 13 — Changes to this Policy

The Company will periodically review its handling of user information and make continuous improvements. The Company may amend this Policy without prior consent from users. Unless changes require user consent under applicable law, amendments take effect immediately upon publication on the Company’s website. Where applicable law requires user consent, the Company will obtain such consent through its prescribed method.

Article 14 — Links to Third-Party Services

The Service may contain links to services not managed by the Company. The Company assumes no responsibility for the content of such external services or their handling of user information.

Article 15 — Retention Period for Personal Information

The Company will promptly erase or anonymize personal information acquired from users when it is no longer necessary for the purposes specified in Article 4. However, the Company may retain information in the following cases:

• Where retention is necessary for the public interest.
• Where information is processed for scientific research purposes.
• Where information is processed solely for statistical purposes.