Polymemo

詳しく知る

Polymemo Privacy Policy

Last updated: April 1, 2026

Polymemo Management (hereinafter “our company”) hereby establishes the following privacy policy (hereinafter “this policy”) regarding the handling of personal information in our service “Polymemo” (hereinafter “this service”).

1. Definition of Personal Information

In this policy, “personal information” means personal information as defined in the Personal Information Protection Act.

2. Personal Information Collected

Our company collects the following personal information:

2.1 When registering an account

  • Mobile phone number (used for SMS OTP authentication)
  • Social login information (name and email address provided by your Apple/Google/Microsoft account)
  • Display name and user ID
  • Profile picture
  • Date of birth (optional)
  • Country of residence
  • Preferred language

2.2 When using the service

  • Posted content (notes, comments, chat messages)
  • Points transaction history (purchases, redemptions, and redemptions)
  • Browsing history, likes, and bookmarks
  • Location information (optional, used for the local feed feature)
  • Device information, IP address, and browser information
  • Passkey authentication information (WebAuthn public key)

2.3 When making a payment

  • PayPal account information (as provided by PayPal)
  • Subscription contract information

2.4 When connecting to external services

  • Authorization tokens for Google Drive/Gmail/Calendar (stored with AES-256-GCM encryption when using MCP integration)
  • World ID authentication information (when optional identity verification is used)

3. Purpose of use of personal information

Collected personal information will be used for the following purposes:

  1. Provision, operation, and improvement of the Service
  2. Account authentication and identity verification
  3. Processing and management of points transactions
  4. Content translation and distribution
  5. Provision of AI chat functionality (content search and answer generation using RAG)
  6. Provision of personalized feeds and recommendations
  7. Notification sending (in-app notifications, web push notifications, email notifications)
  8. Prevention and detection of fraudulent use
  9. Content safety checks (AI scanning of images and videos)
  10. Provision of customer support
  11. Service-related statistics and analysis
  12. Compliance with laws and regulations

4. Provision of personal information to third parties

We will not provide personal information to third parties without the user’s consent, except in the following cases:

  1. When required by law
  2. When necessary to protect human life, body, or property
  3. When necessary to improve public health or promote the healthy development of children
  4. When cooperation with national agencies is required

4.1 Subcontractors

We share information with the following services to the extent necessary to provide the services.

  • Supabase: Database and authentication infrastructure (PostgreSQL, Auth, Storage)
  • PayPal: Payment processing (point purchase and redemption)
  • Google Translation API: Content translation
  • Anthropic (Claude AI): AI chat function
  • Google Cloud: Content safety scanning (Vision API, Video Intelligence API)
  • Voyage AI: Content vector embedding (for RAG search)

5. Content Translation and Publishing

  1. Titles of notes posted by users are automatically translated into approximately 200 languages upon posting.
  2. The body of the note is translated on demand using the translation investments of other users.
  3. Translated content will be published on the Service.
  4. Public notes will be searchable by the AI chat feature (RAG). Users can opt out of this, but it is searchable by default.

6. Data Storage and Management

  1. Personal information is encrypted and stored on Supabase’s infrastructure.
  2. Authorization tokens for external services are encrypted and stored using AES-256-GCM.
  3. Row Level Security (RLS) policies ensure that users can only access their own data.
  4. Uploaded images and files are stored in a private bucket and are only accessible to authenticated users.

7. Use of Cookies and Local Storage

  1. Cookies are used to manage authentication sessions.
  2. Local storage is used to store user settings (language, theme, etc.).
  3. Web Push notification subscription information is stored.

8. Data Deletion

  1. Users can request the deletion of all personal data by canceling their account.
  2. Data deleted upon cancellation:
  3. Profile information
  4. Posted content
  5. Chat history
  6. Points balance and transaction history
  7. Notification history
  8. External service connection information
  9. Cancellation processing will be processed immediately.
  10. Information required to be retained by law (such as cancellation records) will be deleted after retaining it for the required period.

9. Security Measures

We take the following measures to protect your personal information.

  1. Communication encryption (HTTPS/TLS)
  2. Database row-level security
  3. Passkey authentication (WebAuthn/FIDO2)
  4. OTP transmission rate limit (60-second cooldown)
  5. Content security scanning
  6. Unauthorized access detection and prevention
  7. CORS control (whitelist method)
  8. CSRF countermeasures
  9. XSS/SSRF countermeasures
  10. Periodic security audits

10. User rights

Users have the following rights.

  1. Request for Disclosure of Personal Information
  2. Request for Correction, Addition, or Deletion of Personal Information
  3. Request for Suspension of Use or Deletion of Personal Information
  4. Push Notification Settings (On/Off)
  5. Location Information Provision Settings
  6. Canceling Account (Deleting All Data)

11. Use by Minors

  1. This Service is intended for individuals aged 16 or older.
  2. This Service is not available to individuals under the age of 15.
  3. Those under the age of 18 must obtain parental consent to use this Service.

12. International Data Transfer

  1. This Service is provided globally, and user data may be stored on servers overseas.
  2. Data transfers will be subject to the same level of protection as set forth in this Policy.

13. Policy Changes

  1. We reserve the right to change this Policy as necessary.
  2. Important changes will be notified via the Service.
  3. Use of the Service after changes are made will be deemed acceptance of the revised Policy.

14. Contact Us

For inquiries regarding the handling of personal information, please contact us via the in-service contact form or support function.

Established April 1, 2026