Privacy Policy

ACTUAL Inc. (the “Company”) understands the importance of protecting personal information, will observe the Act on the Protection of Personal Information (the “Act”), and endeavors to handle and protect personal information in an appropriate manner in accordance with this Privacy Policy (the “Privacy Policy”). Unless otherwise provided herein, the definitions of the terms used herein shall be as defined in the Act.

Article 1 - DEFINITION OF PERSONAL INFORMATION

For the purpose of this Privacy Policy, “Personal Information” means information about a living individual that falls into any of the following categories:

(1) Includes a name, date of birth or other identifying details (including any and all matters stated, recorded or otherwise expressed using voice, movement, or other methods in a document, drawing, or electromagnetic record) that can be used to identify a specific individual (including information which can be easily cross-referenced with other information and thereby identify a specific individual); or
(2) Contains an individual identification code.

Article 2 - PURPOSE OF USE OF PERSONAL INFORMATION

The Company will use Personal Information for the following purposes:

(1) To provide the Company’s service (the “Service”);
(2) To send notifications and respond to customer inquiries related the Service;
(3) To announce or promote the Company’s products or services;
(4) To address violations of the Company’s terms of use and policies (the “Terms”) relating to the Service;
(5) To notify users of amendments to the Terms;
(6) To analyze usage data to improve the Service and develop new services;
(7) To manage internal labor and personnel matters, including (i) employment-related procedures for the Company’s directors, officers, and employees, and (ii) recruitment, selection, and communication with job applicants;
(8) To comply with shareholder procedures required under the Companies Act and other applicable laws;
(9) To create statistical data which is processed so that individuals cannot be identified, in connection with the Service
(10) To improve the accuracy of the Service’s algorithm outputs, enhance functionality, and conduct model training and retraining; or
(11) To fulfill other purposes reasonably related to those listed above.

Article 3 - CHANGE OF PURPOSE OF USE OF PERSONAL INFORMATION

The Company may change the purpose for which Personal Information is used, provided that the new purpose is reasonably recognized to be related to the original purpose. In the event of such a change, the Company shall notify each individual to whom the Personal Information pertains (the “Principal”) or publicly announce the updated purpose.

Article 4 - USE OF PERSONAL INFORMATION

4.1 - The Company shall not use Personal Information, without the consent of the Principal, beyond the scope necessary for the achievement of the purpose of use, unless permitted by the Act or other applicable laws or regulations; provided, however, that this restriction shall not apply if such use:

(1) Is permitted under applicable laws and regulations;
(2) Is necessary to protect the life, body, or property of an individual, and obtaining the Principal’s consent is difficult;
(3) Is specifically necessary to improve public health or promote the sound development of children, and obtaining the Principal’s consent is difficult;
(4) Is necessary to cooperate with a national or local government agency, or a person or entity entrusted by such agencies, in carrying out duties prescribed by law, and obtaining the Principal’s consent may impede the execution of those duties; or
(5) Is necessary in cases where the Company provides personal data to an academic research institution to handle such personal data for the purpose of academic research (including cases where academic research is only part of the purpose, but excluding cases that risk unjustified infringement of the rights or interests of individuals).

4.2 - The Company shall not use Personal Information in a manner that may encourage or induce illegal or unjust acts.

Article 5 - PROPER ACQUISITION OF PERSONAL INFORMATION

5.1 - The Company shall acquire Personal Information through appropriate and lawful means, and shall not acquire it through deception or other wrongful means.

5.2 - The Company shall not acquire Sensitive Personal Information (defined in Paragraph 3 of Article 2 of the Act) without obtaining the prior consent of the Principal, except in the following cases:

(1) Where such acquisition falls under items 1 through 4 of Article 4.1;
(2) Where the Company acquires Sensitive Personal Information from an academic research institution for the purpose of academic research, and such acquisition is necessary for academic research (including cases where academic research is only part of the purpose, but excluding cases that risk unjustified infringement of the rights or interests of individuals) (limited only to cases where a business operator handling Personal Information and such academic research institution are jointly conducting such research);
(3) Where the Sensitive Personal Information has been made publicly available by the Principal, a government agency, a local government, an academic research institution, a person specified in Article 57, Paragraph 1 of the Act, or other persons as prescribed by the rules of the Personal Information Protection Commission;
(4) Where the Sensitive Personal Information is clearly observable from the Principal's appearance, including through photographs or visual observation; or
(5) Where the Company receives Sensitive Personal Information from a third party, and such provision by the third party falls under any of the items in Article 8.1.

5.3 - When the Company receives Personal Information from a third party, the Company shall confirm the following matters pursuant to the rules of the Personal Information Protection Commission, except where such receipt falls under any of the items in Article 4.1 or Article 8.1:

(1) the name and address of the third party, and if the third party is a legal entity, the name of its representative (or, in the case of an unincorporated entity with an appointed representative or administrator, such individual); and
(2) the circumstances under which the third party originally acquired the Personal Information.

Article 6 - SECURITY CONTROL OF PERSONAL INFORMATION

The Company shall adequately and appropriately supervise its employees to ensure the secure management of Personal Information and to protect it against the risk of loss, destruction, alteration, or leakage. When the Company entrusts a third party with the handling of Personal Information in whole or in part, the Company shall adequately and appropriately supervise the third party to ensure that adequate security measures are in place. The specific security control measures applied to personal data retained by the Company or such third parties include the following:

Establish a basic privacy policy

The Company has adopted this Privacy Policy as its foundational policy for the proper handling of personal data, addressing topics such as compliance with applicable laws and guidelines, and procedures for submitting inquiries and complaints.

Develop internal rules for handling personal data

The Company establishes basic internal rules governing the acquisition, use, storage, and disposal of personal data.

Implement organizational security control measures

A designated privacy officer oversees compliance with internal rules for handling personal data.
The Company maintains internal reporting protocols for employees to report issues or concerns related to data handling to the privacy officer.

Implement information security measures

The Company provides regular training to employees on matters to be considered in handling personal data
The Company includes matters regarding the confidentiality of personal data in its employment rules.

Implement physical security measures

The Company takes measures to prevent persons, excluding authorized employees and the Principal, from accessing personal data.
The Company implements measures to prevent theft or loss of equipment, digital media, and documents that handle personal data, and to prevent access to such personal data when such equipment, digital media, and documents are in transport or movement within the place of business.

Install technical safeguards

The Company defines which devices and employees are permitted to access personal data, and restricts access accordingly.
The Company installs mechanisms to protect equipment that handle personal data against unauthorized external access or unauthorized software.

Understanding the external environment

The Company implements security measures after understanding the legal and regulatory framework of Japan, where the Company stores personal data.

Article 7 - REPORTING OBLIGATIONS

In the event of a leak, loss, or other compromise of Personal Information in the Company’s possession, the Company shall report the incident to the Personal Information Protection Commission and notify the Principal to the extent such reporting and notification are required by the Act.

Article 8. DISCLOSURE TO A THIRD PARTY

8.1 - The Company shall not disclose Personal Information to any third party without the prior consent of the Principal, except in cases permitted under Article 4.1. However, the following cases shall not be regarded as disclosure to a third party:

(1) When the Company entrusts a third party with the handling of Personal Information within the scope necessary to fulfill the purpose of use;
(2) When Personal Information is disclosed as a result of the succession of business in a merger or otherwise; or
(3) When Personal Information is used jointly with others in accordance with the provisions of the Act.

8.2 - Notwithstanding Article 8.1, in cases where the Company discloses Personal Information to a third party (excluding a party establishing a system conforming to the standards specified by the rules of the Personal Information Protection Commission based on Article 28 of the Act) in a foreign country (excluding countries specified by the rules of the Personal Information Protection Commission based on Article 28 of the Act), the Company shall obtain the Principal's prior consent, explicitly approving such disclosure. This requirement does not apply when the disclosure falls under any of the items of Article 4.1.

8.3 - When obtaining the consent of the Principal to disclose Personal Information to a third party in a foreign country in accordance with Section 8.2, the Company shall provide the following information to the Principal:

(1) Name of the foreign country;
(2) Information on the system for the protection of Personal Information in the foreign country; and
(3) Information on measures taken by the third party to protect Personal Information (if such information cannot be provided, a statement to that effect and the reason). In cases where item (1) cannot be specified, the Company shall provide, in lieu of items (1) and (2), the fact that item (1) cannot be specified and the reason therefor, and any information that can be used as a reference for the Principal in lieu of item (1).

8.4 - If the Company has disclosed Personal Information to a third party, the Company shall make and maintain a record pursuant to Article 29 of the Act.

8.5 - If the Company receives Personal Information from a third party, the Company shall perform the necessary verification procedures pursuant to Article 30 of the Act, and shall create and retain records of such verification.

Article 9 - DISCLOSURE OF PERSONAL INFORMATION

9.1 - In cases where a Principal requests under the Act that the Company disclose its Personal Information, the Company shall, after confirming that the request is made by the Principal itself, disclose the Personal Information to the Principal without delay (in cases where the Company does not have such Personal Information, the Company shall notify the Principal to that effect); provided, however, that this provision shall not apply to cases where the Company is not obliged to disclose such Personal Information under the Act or other applicable laws or regulations.

9.2 - The preceding paragraph shall apply with the necessary changes to records of disclosures made to third parties under Section 8.4, and records of receipt from third parties under Section 8.5 with respect to Personal Information that identifies the Principal.

Article 10 - CORRECTION OR DELETION OF PERSONAL INFORMATION

In cases where a Principal requests under the Act that the Company correct, add, or delete its Personal Information on the ground that such Personal Information is contrary to the fact, the Company shall, after confirming that the request is made by the Principal itself, conduct a necessary investigation without delay within the scope necessary to achieve the purpose of use, and on the basis of the result, correct, add, or delete the Personal Information and notify the Principal to that effect (in cases where the Company decides not to make such correction, addition, or deletion, the Company shall notify the Principal to that effect). However, this provision shall not apply to cases in which the Company is not obliged to make such correction, addition, or deletion under the Act or other applicable laws or regulations.

Article 11 - DISCONTINUANCE OF THE USE OF PERSONAL INFORMATION

If a Principal submits a request under the Act for the Company to take any of the following actions:

(i) Stop using or delete its Personal Information because: • it is being used beyond the publicly announced purpose in advance, • it is being handled in a way that may facilitate or induce unlawful or improper conduct, or • it has been obtained through deception or other wrongful means;
(ii) Stop providing its Personal Information because it is being disclosed to a third party without the Principal’s consent; or
(iii) Stop using or providing its Personal Information because:
- it is no longer necessary for the Company to utilize its Personal Information,
- a circumstance prescribed in the main clause of Article 26, Paragraph 1 of the Act has occurred, or
- the handling of the Principal’s Personal Information is likely to harm the rights or legitimate interests of the Principal;

and if the Company determines that the request has a valid reason, the Company shall, after confirming that the request is made by the Principal itself, promptly take the requested action, and notify the Principal to that effect. This provision shall not apply where the Company is not required to take such action under the Act or other applicable laws or regulations.

12.1 - If the Company reasonably assumes that a third party will receive Information Related to Personal Information (which means what is set forth in Article 2, Paragraph 7 of the Act and is limited to those that constitute the database or the equivalent of information related to personal information set forth in Article 16, Paragraph 7 of the Act; The same applies hereinafter.) as personal data, the Company shall not provide any Information Related to Personal Information to the third party—except in the cases specified in Article 4.1—without first confirming the following matters in accordance with the rules of the Personal Information Protection Commission:

That the Principal’s consent has been obtained, expressly permitting the third party to receive from the Company Information Related to Personal Information, as personal data that can identify the Principal.
In cases of disclosing such information to a third party located in a foreign country, that the Principal has been provided in advance—with the intent of obtaining its consent—with information required under the rules of the Personal Information Protection Commission, including:
- the relevant foreign country’s legal framework for the protection of Personal Information,
- the measures taken by the third party for the protection of Personal Information, and
- other information that is to serve as a reference to the Principal.

12.2 - When providing Information Related to Personal Information pursuant to the preceding paragraph, the Company shall prepare and retain records in accordance with Article 31 of the Act.

12.3 - When receiving Information Related to Personal Information from a third party as personal data , the Company shall perform the necessary verifications and prepare and retain records in accordance with the Act.

Article 13 - TREATMENT OF PSEUDONYMIZED PERSONAL INFORMATION

13.1 - The Company shall process Personal Information pursuant to the standards set forth in the rules of the Personal Information Protection Commission when producing Pseudonymized Personal Information (as defined in Article 2, Paragraph 5 of the Act, and limited to information that constitutes a pseudonymized Personal Information database or equivalent under Article 16, Paragraph 5 of the Act; the same applies hereinafter).

13.2 - If the Company has produced Pseudonymized Personal Information or acquired Pseudonymized Personal Information and Deleted or Other Related Information (as defined in Article 41, Paragraph 2 of the Act; the same applies hereinafter), the Company shall implement appropriate security control measures to protect such Deleted or Related Information in accordance with the standards prescribed by the rules of the Personal Information Protection Commission as needed to prevent any unauthorized disclosure of Deleted or other Related Information

13.3 - With respect to Pseudonymized Personal Information (limited for purposes of Article 13.3 to information that still qualifies as Personal Information), the following conditions shall apply:

(1) Notwithstanding Article 4.1, the Company shall not use Pseudonymized Personal Information beyond the scope necessary to achieve the purpose of use, unless permitted by applicable laws and regulations.
(2) When applying Article 3 regarding Pseudonymized Personal Information, the clause “The Company may change the purpose for which Personal Information is used, provided that the new purpose is reasonably recognized to be related to the original purpose” is deemed to be replaced with “The Company may change the purpose for which Personal Information” and the phrase “the Company shall notify each individual to whom the Personal Information pertains (the “Principal”) or publicly announce the updated purpose” is deemed to be replaced with “the Company shall publicly announce the updated purpose”.
(3) Notwithstanding Articles 8.1 through 8.3, the Company shall not provide personal data which is Pseudonymized Personal Information to a third party except as permitted by law. However, disclosures falling under any of the exceptions listed in Article 8.1 shall not be considered provision to a third party as stipulated above.
(4) If the Company handles Pseudonymized Personal Information, the Company shall not combine Pseudonymized Personal Information with other information in an attempt to identify the Principal whose Personal Information was used to produce the Pseudonymized Personal Information.
(5) In cases where the Company handles Pseudonymized Personal Information, the Company shall not use contact information or other such information, including Pseudonymized Personal Information, to call, send mail or letters, send telegrams, transmit by facsimile or electronic means to contact the Principal or visit the Principal’s residence.
(6) Articles 7 and 9 through 11 of this Privacy Policy shall not be applied to Pseudonymized Personal Information.

Article 14 - TREATMENT OF ANONYMIZED PERSONAL INFORMATION

14.1 - When the Company produces Anonymized Personal Information (as defined in Article 2, Paragraph 6 of the Act and limited to information constituting an Anonymized Personal Information database or its equivalent as set forth in Article 16, Paragraph 6 of the Act; the same shall apply hereinafter), the Company shall process Personal Information in accordance with the standards prescribed by the rules of the Personal Information Protection Commission.

14.2 - When the Company has produced Anonymized Personal Information, the Company shall implement appropriate security control measures in accordance with the standards prescribed by the rules of the Personal Information Protection Commission.

14.3 - When the Company has produced Anonymized Personal Information, the Company shall disclose to the public the categories of information relating to the individuals represented in Anonymized Personal Information pursuant to the rules of the Personal Information Protection Commission.

14.4 - When the Company provides a third party with Anonymized Personal Information (including Anonymized Personal Information either produced by the Company or received by the Company from a third party; the same shall apply hereinafter unless otherwise provided in this Privacy Policy), the Company shall, in advance and in accordance with the rules of the Personal Information Protection Commission, disclose to the public

(1) the categories of information concerning the individuals represented in Anonymized Personal Information to be provided to a third party, and
(2) the method of provision thereof. The Company shall also state to the third party explicitly that the information being provided is Anonymized Personal Information.

14.5 - When handling Anonymized Personal Information, the Company shall not

(1) combine Anonymized Personal Information with other information; or
(2) acquire descriptions or individual identification codes deleted from Personal Information, or information relating to the processing method carried out pursuant to Article 43, Paragraph 1 of the Act, in order to identify the individuals represented in Personal Information used to produce Anonymized Personal Information. (Item (2) applies only to Anonymized Personal Information received from a third party.)

14.6 - The Company shall endeavor to take necessary and appropriate measures to ensure the proper handling of Anonymized Personal Information, including implementing security control measures for Anonymized Personal Information and responding to complaints related to the handling or producing of Anonymized Personal Information. The Company shall also endeavor to disclose to the public the content of such measures taken.

Article 15 - USE OF COOKIES AND OTHER TECHNOLOGIES

15.1 - The Service may use cookies or similar technologies. Such technologies help the Company understand how the Service is being used, and support efforts to improve the Service’s functionality. Users may disable cookies through their web browser’s settings. Please note that disabling cookies may make parts of the Service unavailable.

15.2 - The Company’s website uses Google Analytics, a service provided by Google, Inc., to track the use of its website by visitors. For more information on how data is collected and processed by Google Analytics, please refer to the following link: https://www.google.com/intl/ja/policies/privacy/partners

Article 16 - CONTACT

For disclosure requests, comments, questions, complaints, or other inquiries related to the handling of Personal Information, please contact:

ACTUAL Inc.
[email protected]

Article 17 - CONTINUOUS IMPROVEMENT

The Company shall endeavor to review regularly the handling of Personal Information, and strive to improve it continuously. The Company may amend this Privacy Policy as necessary.

Effective as of January 13, 2026

PreviousTerms of Use

Last updated 23 hours ago

Good night

hashtagArticle 1 - DEFINITION OF PERSONAL INFORMATION

hashtagArticle 2 - PURPOSE OF USE OF PERSONAL INFORMATION

hashtagArticle 3 - CHANGE OF PURPOSE OF USE OF PERSONAL INFORMATION

hashtagArticle 4 - USE OF PERSONAL INFORMATION

hashtagArticle 5 - PROPER ACQUISITION OF PERSONAL INFORMATION

hashtagArticle 6 - SECURITY CONTROL OF PERSONAL INFORMATION

hashtagEstablish a basic privacy policy

hashtagDevelop internal rules for handling personal data

hashtagImplement organizational security control measures

hashtagImplement information security measures

hashtagImplement physical security measures

hashtagInstall technical safeguards

hashtagUnderstanding the external environment

hashtagArticle 7 - REPORTING OBLIGATIONS

hashtagArticle 8. DISCLOSURE TO A THIRD PARTY

hashtagArticle 9 - DISCLOSURE OF PERSONAL INFORMATION

hashtagArticle 10 - CORRECTION OR DELETION OF PERSONAL INFORMATION

hashtagArticle 11 - DISCONTINUANCE OF THE USE OF PERSONAL INFORMATION

hashtagArticle 12 - THIRD PARTY PROVISION OF INFORMATION RELATED TO PERSONAL INFORMATION

hashtagArticle 13 - TREATMENT OF PSEUDONYMIZED PERSONAL INFORMATION

hashtagArticle 14 - TREATMENT OF ANONYMIZED PERSONAL INFORMATION

hashtagArticle 15 - USE OF COOKIES AND OTHER TECHNOLOGIES

hashtagArticle 16 - CONTACT

hashtagArticle 17 - CONTINUOUS IMPROVEMENT