Last updated: 2026-04-30
1. Information We Collect
※ Comprehensive list aligned with Google Play Data Safety declarations.
◇ Personal Information
- Email address (at account creation; for authentication only)
- Login provider subject identifier (Google / Apple / Anonymous)
- In-game display name (optional user input)
◇ In-Game Progress Data
- Hime-stone balance, owned cards, deck composition, battle records, gacha history
- Session data including playtime and launch counts
◇ Automatically Collected Information
- IP address (access logs; short-term retention by Vercel / Supabase)
- User agent (device type / OS version)
- HTTP referrer and request timestamps
- Crash / error logs (collected after anonymization)
◇ Information We Do NOT Collect
- Location data (GPS / Wi-Fi positioning)
- Contacts / address book
- Camera / microphone / photos
- SMS / call logs
- Health / fitness data
2. Purpose of Use
- Service operation (authentication / progress saving / multiplayer matchmaking)
- Bug response and fraud prevention (bot detection / RMT monitoring)
- Anonymous statistical analysis for feature improvement (Vercel Analytics)
- Identity verification and inquiry response
- Legal compliance
3. Third-Party Sharing (Data Recipients)
We do not share user personal information with third parties except for legal obligations and the following service vendors.
| Recipient | Purpose | Region |
|---|
| Supabase, Inc. | Auth / DB / Realtime | USA |
| Vercel, Inc. | Hosting / Analytics / Speed Insights | USA |
| Stripe, Inc. | Payment processing (Web only) | USA |
| Google LLC (OAuth) | Google Sign-In | USA |
| Apple Inc. (OAuth) | Sign in with Apple | USA |
| Google AdSense | Ad delivery / interest data via cookies | USA |
| Google Play Billing | In-app purchases (Android only) | USA |
All recipients receive data over TLS 1.2+ encrypted connections, with the minimum necessary data only.
4. Cookies / Similar Technologies / Advertising IDs
- This service uses cookies and localStorage for authentication persistence.
- Vercel Analytics stores anonymous session identifiers in cookies (no personal identification).
- Google AdSense may collect interest information via browser cookies for ad delivery. Opt-out: Google Ad Settings.
- The Android app does NOT collect Google Advertising ID (AAID).
- The iOS app does NOT collect IDFA (advertising identifier).
5. Notifications
If you opt in to device notifications, the app sends local notifications (e.g., daily reminders). Notification content is generated locally and is never sent to third parties.
6. Data Retention Period
- Account information / in-game progress: while account is active
- Access logs: deleted within 30 days of collection
- Crash reports: deleted within 90 days of collection
- After account deletion: complete erasure within 30 days (including backups)
7. User Rights (Access / Correction / Deletion)
Users may exercise the following rights:
- Account deletion: Available immediately via the "Delete Account" button in Settings.
- Disclosure / correction / deletion of personal data: Email mori7ga2222@gmail.com. We respond within 14 business days.
- Suspension of processing: same email contact as above.
Deleted data cannot be recovered. Payment records are retained for the legally mandated period (7 years) for duplicate-charge investigations.
8. Minors and Children
- This service is intended for users aged 12 and older.
- Users under 13 must not create accounts without parental consent.
- If a user under 13 is identified, their account will be deleted.
- This service complies with US COPPA, EU GDPR-K, and other child privacy regulations.
- Minors purchasing in-app must obtain parental consent.
9. Security
- All communication encrypted with TLS 1.2+.
- Passwords are not stored (delegated to OAuth providers).
- Server-side data stored in Supabase encrypted storage.
- Row Level Security (RLS) prevents unauthorized access to other users' data.
10. International Data Transfer
Your data is processed by external services located in the United States (Supabase / Vercel etc.). By using this service, you consent to international data transfers outside Japan. For users in the EEA / UK, transfers are based on the recipient country's adequate level of data protection.
11. Revisions
This policy may be revised without prior notice as needed. For significant changes, we will notify via app launch or at the top of this page. Continued use after revisions constitutes acceptance of the new policy.