ROUNDIE

Privacy Policy

Established: May 24, 2026 / Last revised: July 2, 2026 / Provided by: KANOPY Inc.

Governing language This English translation is provided for reference only. If there is any inconsistency between the Japanese original and this translation, the Japanese version shall prevail.

ROUNDIE (the "Service") deeply respects our users' privacy. This Policy explains what information we collect and how we use and protect it.

01Basic Policy

KANOPY Inc. (the "Company") believes that handling users' personal information appropriately in providing the golf community service "ROUNDIE" (the "Service") is part of our social responsibility.

The Company complies with the Act on the Protection of Personal Information of Japan (the "APPI") and other applicable laws, regulations, and guidelines, and handles personal information in accordance with this Privacy Policy (this "Policy").

ROUNDIE's privacy design ROUNDIE is built on the design philosophy that "you never have to show your score numbers to others unless you want to." Users can choose for themselves the visibility of each post (Everyone / Followers / Close Friends / Only Me, etc.) and whether score numbers are displayed.

02Information We Collect

The Company collects the following information in order to provide the Service.

2.1 Information provided by users

CategoryItems
RequiredEmail address, ROUNDIE ID (username/handle), password (for email sign-up; stored in encrypted form). If you sign up via Apple or Google account linking, the name, email address, and identifier received from that account
OptionalPrefecture (area), year you started playing golf, bio, avatar image
Posted contentRound scores, photos, videos, comments, reaction (heart) history, competition participation history, and names/users entered as playing partners (to be entered with the consent of the partner concerned)
Payment informationSubscription status via the App Store / Google Play (the Company does not collect or retain payment card information)

2.2 Information collected automatically

2.3 Information we do not collect

The Company does not collect the following information.

03Purposes of Use

The Company uses the personal information it collects for the following purposes.

  1. Providing, operating, and maintaining the Service
  2. User authentication, account management, and identity verification
  3. Providing subscriptions and managing billing
  4. User support and responding to inquiries
  5. Analysis for improving the Service, developing new features, and enhancing quality
  6. Preventing fraudulent use and investigating and responding to violations of the Terms of Service
  7. Notifying users of Service announcements, maintenance information, and important changes
  8. Informing users, with their consent, of new features, campaigns, and the like
  9. Creating, using, and publishing statistically processed information that cannot identify individuals
  10. Other purposes incidental to the above

If the Company uses personal information beyond the purposes above, it will obtain the user's prior consent.

04Provision to Third Parties

The Company will not provide personal information to third parties without the user's consent, except in any of the following cases.

  1. When required by law (formal requests from courts, police, or other public authorities)
  2. When necessary to protect a person's life, body, or property and it is difficult to obtain the user's consent
  3. When particularly necessary to improve public health or promote the sound development of children
  4. When it is necessary to cooperate with a national government agency or the like in executing affairs prescribed by law
  5. When personal information is transferred in connection with a business succession (merger, corporate split, business transfer, etc.) (in which case users will be notified in advance)

05Outsourcing

In providing the Service, the Company may outsource part of its operations to trusted third parties (service providers). Service providers are contractually required to handle personal information appropriately and are supervised by the Company.

The principal service providers are as follows.

ProviderRoleLocation
Supabase Inc.Database, authentication infrastructure, and storageTokyo (ap-northeast-1 region)
Cloudflare, Inc.Website delivery and securityUnited States
Apple Inc.iOS app distribution and App Store paymentsUnited States
Google LLCAndroid app distribution and Google Play paymentsUnited States
RevenueCat, Inc.In-app purchase and subscription state management (processing of purchase status and entitlements; the user UUID is sent as app_user_id)United States
Functional Software, Inc. (Sentry)Crash reporting and error analysisUnited States
Expo (650 Industries, Inc.)App delivery (OTA updates) and push notification deliveryUnited States
Google LLC (Google Analytics)Statistical analysis of site usage (GA4 measurement ID: G-T8YSVSPZ7E)United States
Microsoft Corporation (Clarity)Session analysis for UX improvement (Clarity project ID: w8acp9qnxk)United States

Service providers handle personal information in accordance with their contracts with the Company and with their own privacy policies.

06Cookies and Tracking Technologies

The Service uses cookies and similar technologies (local storage, device identifiers, etc.) to analyze usage, improve the user experience, and maintain authentication state, among other purposes.

6.1 Purposes of use

6.2 Use of third-party tools

The Service uses industry-standard analytics tools such as the following to analyze usage and improve quality. These tools do not collect information that directly identifies individuals and provide the Company only with statistically processed information.

Of these, Google Analytics, Microsoft Clarity, and cookies and similar technologies are used only on the Company's websites (such as roundie.app) and are not used inside the iOS / Android apps. Data collection within the apps is limited to crash analysis (Sentry) and the Company's own usage analysis; we never collect the advertising identifier (IDFA) or perform cross-app tracking.

For details on how these third-party tools are handled, please also see the Cookie Policy.

6.3 Opting out

You can restrict cookies and tracking features through your browser settings or your OS privacy settings. Note, however, that doing so may make some features of the Service unavailable.

07Cross-Border Transfers of Personal Information

Among the service providers listed in Article 5, Supabase — the Service's primary user database, authentication infrastructure, and storage — operates in the Tokyo (ap-northeast-1) region, and core data such as sign-ups, round records, and competitions is processed and stored on servers located in Japan. Meanwhile, service providers such as Cloudflare (delivery and security), Apple (App Store), Google (Play Store / GA4), RevenueCat (billing and subscription state management), Expo (app delivery and push notifications), and Microsoft (Clarity) are based primarily in the United States, and data relating to delivery, payments, and analytics may be processed and stored on servers overseas, including in the United States.

In accordance with the APPI and other applicable laws, the Company verifies the personal information protection regimes of destination countries and the security measures taken by recipients, and maintains an appropriate level of protection. Detailed information on destination countries is available upon request.

08Retention Periods

The Company retains personal information only for the period necessary to achieve the purposes of use. Specific retention periods are as follows.

Category of informationRetention period
Account informationUntil the user deletes their account
Posted contentUntil the user deletes the post or the relevant data
Access logsIn principle, 12 months from collection
Crash reportsIn principle, 6 months from collection
Payment-related recordsThe period required by law (e.g., 7 years under tax law)

Accounts that have not used the Service for an extended period (24 months or more since the last login) may be deleted after prior notice to the user.

09Users' Rights

Users have the following rights with respect to their own personal information held by the Company.

9.1 Requests for disclosure, correction, suspension of use, and deletion

9.2 Account deletion

Users can delete their own account at any time from the account settings screen in the Service. Upon deletion, all posted content, reactions, competition participation history, and other data tied to the account will be deleted. Please note that deleted accounts cannot be restored.

9.3 Data export

A feature for exporting the data you have registered and posted in JSON or CSV format is currently under development. We will announce its availability in this Policy when it launches. Until then, if you send a request to the contact listed at the end of this Policy, we will verify your identity and disclose the data we hold within a reasonable period.

9.4 How to make a request

To exercise any of the rights above, or for inquiries about the handling of personal information, please contact us at the address listed at the end of this Policy. We will respond within a reasonable period after verifying your identity.

10Security Measures

The Company takes appropriate measures, including the following, to prevent the leakage, loss, or damage of personal information and to otherwise manage personal information securely.

11Use by Children

The Service may not be used by anyone under the age of 13. The Company does not knowingly collect personal information from children under 13.

If you are between 13 and 17 years of age, you must obtain the consent of a parent or legal guardian before using the Service. We recommend that parents and guardians check their child's use of the Service from time to time.

If you reside in the EU, under Article 8 of the GDPR the consent of a parent or legal guardian is required for children under 16 (member states may lower this age to 13). The Company confirms consent from users in the applicable age range when they use the Service and responds without delay to deletion requests from parents or guardians.

If we discover that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child's personal information has been registered, or if you wish, as a parent or guardian, to request its deletion, please contact our inquiry desk.

12Additional Information for Overseas Users

The Service also supports the EN and KO languages and may be used by users residing overseas, including in the EU, the United States, and South Korea. The following describes the Company's compliance with the principal data protection laws of each region.

12.1 EU users (GDPR)

12.2 California (US) users (CCPA / CPRA)

12.3 South Korean users (개인정보 보호법 / Personal Information Protection Act)

13Where to File Complaints

Complaints, opinions, and inquiries regarding this Policy or the handling of personal information are accepted at the following contact point (the contact point under Article 40 of the APPI).

Contact pointKANOPY Inc., Personal Information Protection Desk
Email addressroundie@kanopy-inc.com
HoursWeekdays 10:00–18:00 JST (excluding weekends and public holidays)
Response deadlineWithin 14 days of receipt (if a reasonable investigation is required, we will notify you to that effect within 14 days and respond as promptly as possible)

If the Company is unable to resolve your complaint, or if you are dissatisfied with our response, you may consult the Personal Information Protection Commission of Japan.

AuthorityPersonal Information Protection Commission (Japan)
Websitehttps://www.ppc.go.jp/
APPI consultation line+81-3-6457-9849 (hours: weekdays 9:30–17:30 JST)

14Revisions to This Policy and Contact

14.1 Revisions to this Policy

The Company may revise this Policy in response to changes in laws and regulations, changes to the Service, or as otherwise necessary. In the case of material revisions, we will notify users before the effective date via the Service's app, the website, email, or other means.

14.2 Contact and personal information protection manager

Business nameKANOPY Inc. (株式会社KANOPY)
LocationTokyo, Japan
RepresentativeKazushige Shiba
Personal information protection managerKazushige Shiba, Representative Director
Contactroundie@kanopy-inc.com

Revision History