Privacy Policy

In this Policy, terms such as personal information, personal data, retained personal data, personally referable information, pseudonymized personal information, and anonymized personal information have the meanings set out in the Act on the Protection of Personal Information. Customer means an individual who provides personal information to the Company through use of the Service, inquiries, material requests, demo bookings, or similar interactions.

The Company publishes the following matters regarding retained personal data under Article 32 of the Act on the Protection of Personal Information.

• Name of operator: INDX Inc.
• Address: 8F, 7-7-7 Roppongi, Minato-ku, Tokyo 106-0032, Japan
• Representative: Katsuya Ito, Representative Director and CEO
• Personal information contact: contact@indx.jp

The Company may collect the following personal information to provide the Service and respond to inquiries.

• Contact information such as name, company name, department, title, email address, and phone number.
• Information entered for inquiries, material requests, and free demo bookings, including inquiry details and preferred dates and times.
• Documents uploaded by Customers when using the Service and information contained in those documents (Check Target Data).
• Information relating to contracts and transactions, including contract details, billing, and payment information.
• Information automatically generated or transmitted through use of the Service, including usage history, access logs, cookies, device identifiers, IP address, and browser information.

The Company obtains personal information by lawful and fair means, mainly through form entries, meetings, phone calls, email communications, use of the Service, and information automatically transmitted through such use. The Company obtains sensitive personal information only with prior Customer consent, except where permitted by law.

The Company uses collected personal information within the scope of the following purposes.

• To provide, operate, maintain, improve, and develop new functions for the Service.
• To respond to inquiries, material requests, and free demo bookings, and to coordinate schedules and contact Customers.
• To conclude and perform contracts, verify identity, and bill, settle, and manage fees.
• To notify Customers of important information about the Service and changes to terms and policies.
• To provide information and marketing about the Service and other products and services offered by the Company, with opt-out procedures available.
• To prevent unauthorized use and access, ensure security, and respond to failures and other issues.
• To analyze usage, prepare statistical data, and improve the Service.
• To comply with legal obligations and exercise or defend rights.

The Company may change purposes of use within a scope reasonably related to the original purposes. When purposes are changed, the Company will notify the individual of the changed purposes or publish them on the Service.

The Company implements necessary and appropriate measures, including the following, to prevent leakage, loss, or damage of personal data and otherwise ensure secure management. Please contact the inquiry desk for details.

Organizational Security Control Measures

The Company maintains rules for personal information protection, appoints responsible persons, establishes inspection and audit systems for handling status, and prepares systems for responding to leakage and similar incidents.

Human Security Control Measures

The Company provides regular education and awareness training to personnel and specifies confidentiality obligations in work rules and similar policies.

Physical Security Control Measures

The Company implements measures to prevent theft or loss of devices and electronic media and measures to prevent leakage when such media is transported.

Technical Security Control Measures

The Company implements access controls, user identification and authentication, encryption in transit and at rest, and countermeasures against unauthorized access and malicious software.

Understanding the External Environment

When personal data is handled in a foreign country, the Company understands the personal information protection systems of that country and implements necessary and appropriate security control measures.

The Company may outsource all or part of personal data handling to external contractors to the extent necessary to achieve the purposes of use, including cloud infrastructure, email delivery, payment processing, and customer support. In such cases, the Company conducts appropriate due diligence on contractors, contractually requires security management, and provides necessary and appropriate supervision.

The Company does not provide personal data to third parties without prior consent from the individual, except in any of the following cases.

• When required by law.
• When necessary to protect a person's life, body, or property and it is difficult to obtain the individual's consent.
• When especially necessary to improve public health or promote the sound development of children and it is difficult to obtain the individual's consent.
• When cooperation with a national government agency, local public body, or entrusted party is necessary for performing legally prescribed affairs, and obtaining consent could impede those affairs.
• When provided in connection with business succession due to merger or other reasons, provided equivalent protection continues at the successor.

In providing the Service, the Company may entrust the handling of personal data to third parties located in foreign countries, such as cloud service providers located outside Japan. When personal data is provided to a third party in a foreign country based on prior consent from the individual, the Company provides the individual with information about the destination country, the personal information protection system of that country, and measures taken by the recipient to protect personal information.

The Company may collect and use cookies and other identifiers, browsing history, and similar personally referable information to improve convenience, analyze usage, and optimize advertising delivery. When providing personally referable information to a third party where it is expected to be acquired as personal data by the recipient, the Company confirms that consent from the individual has been obtained or that other required conditions are satisfied. Customers may disable cookies through browser settings, but some parts of the Service may then be unavailable.

When creating or handling pseudonymized or anonymized personal information, the Company performs appropriate processing in accordance with the Act on the Protection of Personal Information and applicable rules, and implements security control measures for deleted information and similar data. When anonymized personal information is created, the Company publicly announces the categories of information included as required by law and does not compare it with other information for the purpose of identifying an individual.

If leakage, loss, damage, or another incident involving personal data occurs and is likely to significantly harm the rights or interests of an individual, the Company reports to the Personal Information Protection Commission and notifies the individual in accordance with the Act on the Protection of Personal Information.

Customers may request notification of purposes of use, disclosure including disclosure of third-party provision records, correction, addition, deletion, suspension of use, erasure, or suspension of third-party provision regarding their retained personal data held by the Company.

• Please contact the inquiry desk listed at the end of this page to make a request. We will provide instructions for the Company's prescribed procedure.
• When making a request, we will verify that the requester is the individual or an authorized representative.
• For requests for notification of purposes of use and disclosure, a fee of JPY 1,000 is charged per request.
• If the Company is not legally obligated to comply, such as where complying may harm another person's rights or interests, the Company will notify the requester with the reason.

Check Target Data uploaded by Customers to the Service is used only to execute compliance checks and present results and cited evidence. The Company does not use that data beyond this purpose and does not repurpose it for machine-learning model training without Customer consent. Data is stored under the management framework set out in the Information Security Policy and is deleted after the retention period specified in the applicable agreement or upon a deletion request.

For inquiries regarding the handling of personal information, requests for disclosure and similar actions, and complaints, please contact the desk listed in the operator information at the end of this page. If the Company becomes a covered business operator of an authorized personal information protection organization, the Company will separately publish the organization name and complaint resolution contact point.

The Company may revise this Policy in response to changes in laws or Service content. When making material changes, the Company will announce them by posting on the Service or by another appropriate method. Revised content applies from the time it is posted on this page.