Privacy Policy

Version 2025-02-01 · Japan

Scope

• This policy covers personal data processed by lgxpkf.
• It applies to the web UI, API, and supporting services.

Data We Collect

• Account data: Google subject identifier and email address.
• Content data: notes, associations, follows, account note id.
• Usage data: IP address, user agent, request metadata, timestamps.
• Security data: session tokens, CSRF tokens, auth logs.
• Client storage: session token, policy acceptance, redirect state.

Purpose of Use

• Authenticate users and secure sessions.
• Provide timelines, associations, and note retrieval.
• Prevent abuse, detect fraud, and investigate incidents.
• Maintain system reliability and performance.
• Comply with legal obligations and lawful requests.

Retention

• Data is stored in PostgreSQL.
• Retention windows are documented and enforced.
• Dormant accounts may be deleted after a defined period.

Sharing and Transfers

• Google Identity Services is used for authentication.
• Service providers may process data under contract.
• If data is hosted outside Japan, safeguards are disclosed.

Security

• Access controls and least-privilege for operational systems.
• Encrypted transport between clients and services.
• Monitoring for suspicious activity and abuse.

User Rights

• Access, correction, deletion, and usage suspension requests.
• Requests are verified and handled within reasonable timeframes.

Cookies and Local Storage

• Local storage is used for session tokens and policy acceptance.
• No third-party advertising cookies are set by the service.

Incident Response

• Security incidents are investigated and remediated.
• Notifications are made to the PPC and affected users when required.