Home

Privacy Policy

Forple Privacy Policy

Last Updated: April 5, 2026 Effective Date: April 5, 2026

Important Notice Regarding Language: The original and legally binding version of this Privacy Policy is written in Japanese. This English translation is provided for reference purposes only. In the event of any inconsistency or discrepancy between the Japanese version and this English translation, the Japanese version shall prevail.

Forple, Inc. (hereinafter referred to as "the Company") hereby establishes this Privacy Policy (hereinafter referred to as "this Policy") regarding the handling of personal information in the community platform "Forple" (hereinafter referred to as "the Service").

The Company complies with the Act on the Protection of Personal Information of Japan (hereinafter referred to as "APPI") and other related laws and regulations, and handles Users' personal information appropriately.

Article 1 (Information We Collect)

1.1 Information Provided Directly by Users

  1. Account Information: Email address, display name, date of birth (for age verification)
  2. Profile Information: Profile photo, biography, headline, gender, location (country and city)
  3. Professional Information: Current occupation, company name, work history, education, skills, qualifications and licenses
  4. Language Information: Languages used and proficiency levels
  5. Work Authorization Information: Type of work visa, expiration date, presence of work restrictions, need for sponsorship
  6. User Content: Discussion posts, learning recipes, comments, questions, answers, reactions
  7. Media: Profile photos, images and videos attached to posts

1.2 Sensitive Personal Information

The Company may collect the following information. These may constitute "Special Care-Required Personal Information" under the APPI and are collected and used only with the User's explicit consent.

  1. Nationality: As part of profile information
  2. Residency Status (Visa) Information: As part of work authorization information

The Company will not obtain sensitive personal information such as race, creed, medical history, or criminal record without the User's explicit consent, except as provided by law.

1.3 Information Collected Automatically

  1. Device Information: Device model, OS name and version, app version, unique device identifiers
  2. Push Notification Tokens: Device identifiers necessary for notification delivery (Expo Push Token)
  3. Usage Data: View counts, voting data, notification read status, feature usage frequency
  4. Error and Crash Logs: Log data for the purpose of improving app stability (via Sentry)
  5. Access Logs: IP address, access date and time, request content (when using the web version)

1.4 Cookies and Tracking Technologies

The Company may use the following cookies and similar technologies on the website (https://www.for-ple.com):

  1. Essential Cookies: Cookies that are indispensable for the provision of the Service, such as maintaining login status and security measures. These cannot be disabled.
  2. Analytics Cookies: Cookies used to analyze service usage and contribute to improvements.
  3. Functional Cookies: Cookies used to remember User settings (such as language selection).

Users can disable cookies other than Essential Cookies through their browser settings. However, some features may not function properly.

1.5 Information Obtained from Third Parties

Information related to the inviting User obtained through Invitation Codes (inviter's User ID, invitation date and time).

Article 2 (Purposes of Use)

The Company uses collected information for the following purposes:

  1. Provision, operation, and maintenance of the Service
  2. Authentication and management of User accounts
  3. Display of User profiles (based on visibility settings)
  4. Display, search, and sorting of Content
  5. Delivery of push notifications
  6. Automatic translation of Content (AI Features)
  7. Content moderation (detection of inappropriate content, AI Features)
  8. Service improvement and development of new features
  9. Creation of statistical data (in a non-personally identifiable format)
  10. Prevention of fraudulent use and ensuring security
  11. Response to violations of the Terms of Service
  12. Compliance with applicable laws (including reporting to the Personal Information Protection Commission)
  13. Responding to User inquiries

The Company will not handle personal information beyond the scope necessary to achieve the purposes of use described above. If the purposes of use are changed, the Company will publish or notify Users of the revised purposes.

Article 3 (Data Processing by AI Features)

[IMPORTANT] The Service uses AI technology (Anthropic's Claude API) to process User Content.

3.1 Data Subject to AI Processing

The following data may be sent to the AI API:

  1. Text of discussion posts (for translation and moderation purposes)
  2. Text of learning recipes (for translation purposes)
  3. Text of comments, questions, and answers (for moderation purposes)

3.2 Characteristics of AI Processing

  1. Data sent is processed on Anthropic's servers (primarily in the United States).
  2. In accordance with Anthropic's API terms of use, data sent via the API is not used for AI model training.
  3. However, Anthropic may retain logs for a certain period for the purpose of preventing misuse (up to 30 days).
  4. AI processing results are automatically generated, and their accuracy is not guaranteed.

3.3 Opt-Out

At present, the Company does not offer an individual opt-out function from AI processing. If you do not wish to have your data processed by AI, please refrain from using the Service. The Company will consider implementing an opt-out function in the future.

Article 4 (Sharing and Third-Party Disclosure of Information)

4.1 User Profile Visibility

Users can set the visibility of their profile information at three levels:

  1. "Public": Viewable by everyone
  2. "Community": Viewable only by logged-in Users
  3. "Private": Viewable only by the User themselves

4.2 External Service Providers

The Company uses the following external services for the provision of the Service. User data may be transmitted to these services.

| Service Name | Location | Purpose | Data Transmitted | |---|---|---|---| | Supabase, Inc. | United States | Database hosting, user authentication, file storage | Account information, profile information, Content, media files | | Anthropic, PBC | United States | AI Features (content translation and moderation) | Text Content posted by Users | | Expo / EAS | United States | Push notification delivery, app build and distribution | Push notification tokens, device information | | Google Firebase | United States | Android push notifications (FCM) | Push notification tokens | | Sentry | United States | Error monitoring and crash reporting | Error logs, device information (no personal information included) |

The Company has entered into data processing agreements with each external service provider and has implemented appropriate security measures.

4.3 Compliance with External Transmission Regulations

In accordance with Article 27-12 of Japan's Telecommunications Business Act, the Company discloses information about data transmitted from Users' devices to external servers as described in Section 4.2 above.

4.4 Disclosure Based on Laws and Regulations

The Company may disclose User information in the following cases:

  1. When required by laws and regulations
  2. When there is a request based on laws and regulations from courts, prosecutors' offices, police, tax authorities, bar associations, consumer centers, or other administrative agencies
  3. When necessary for the protection of life, body, or property, and it is difficult to obtain the User's consent
  4. When particularly necessary for improving public health or promoting the healthy development of children
  5. When necessary for a national agency to carry out duties prescribed by law

4.5 Business Succession

User information may be transferred to a successor in connection with the succession of the Company's business (merger, division, business transfer, etc.). In such cases, the successor shall handle personal information in accordance with this Policy.

Article 5 (International Data Transfers)

5.1 Destination Countries

The Service is operated from within Japan; however, as described in Article 4, User information may be processed and stored on servers in the United States, as external service providers are located in the United States.

5.2 Personal Information Protection System in the United States

There is no comprehensive federal law on personal information protection in the United States. However, sector-specific regulations (HIPAA, COPPA, CCPA/CPRA, etc.), enforcement by the Federal Trade Commission (FTC), and various state privacy laws exist. For details on the personal information protection system in the United States, please refer to the "Survey on Systems Related to the Protection of Personal Information in Foreign Countries" published by Japan's Personal Information Protection Commission (https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku).

5.3 Security Measures

The Company has implemented the following security measures for international data transfers:

  1. Data processing agreements have been entered into with external service providers, obligating them to handle personal data appropriately.
  2. Data transmission security is ensured through encrypted communications (TLS/SSL).
  3. External service providers have been verified to hold appropriate security certifications (SOC 2, etc.).

Article 6 (Data Retention and Security)

6.1 Retention Period

Users' personal information is retained during the period the account is active and during any retention obligation period required by law. After account deletion, personal information will be deleted within 30 days; however, if there is a retention obligation under law, retention will continue during the applicable obligation period.

6.2 Security Measures

The Company has implemented the following measures to prevent leakage, loss, and alteration of personal information:

  1. Encrypted Communications: TLS/SSL encryption
  2. Access Control: Row-level security (RLS) on databases
  3. Authentication Management: Automatic renewal and secure storage of authentication tokens
  4. Administrator Access Restrictions: Restricted administrator access and log management
  5. Employee Training: Regular training and education for employees who handle personal information

6.3 Response to Data Breaches

In the event that a breach, loss, or damage to personal data occurs (or there is a risk thereof), the Company will take the following actions:

  1. Promptly investigate the facts and take measures to prevent further damage.
  2. Report to the Personal Information Protection Commission in accordance with the APPI (preliminary report within approximately 3-5 days of becoming aware of the incident; full report within 30 days).
  3. Promptly notify affected Users. Notification will include an overview of the breach, the categories of personal data affected, the cause, measures to prevent secondary damage, and the Company's contact information.

6.4 Limitations of Security

The Company endeavors to ensure security to the fullest extent, but cannot guarantee complete security on the internet.

Article 7 (User Rights)

7.1 Right of Access and Right to Rectification

Users can view and correct their personal information through the profile editing screen of the Service.

7.2 Disclosure Requests

Users may request disclosure of personal data held by the Company.

  1. How to Apply: Please contact us through our contact page (https://www.for-ple.com/contact), specifying the categories of personal data for which disclosure is requested.
  2. Identity Verification: The Company will verify the User's identity when processing a disclosure request. Contact from the email address registered with the Service, or identity verification by other methods prescribed by the Company, is required.
  3. Response Period: The Company will respond to disclosure requests within two weeks from the date of receipt, as a general rule.
  4. Fees: No fee is charged for disclosure requests.

7.3 Right to Deletion

Users may request the deletion of their personal information by applying for account deletion. However, this does not apply to data that must be retained under law.

7.4 Right to Request Cessation of Use or Erasure

Users may request the cessation of use or erasure of personal information if it is being handled beyond the scope of the stated purposes of use, or if it was obtained through unlawful means.

7.5 Data Portability

Users may request the Company to provide their personal data in a structured, commonly used, and machine-readable format (such as JSON format). The Company will comply to the extent technically feasible.

7.6 Visibility Management

Users can set the visibility (Public, Community, or Private) for each item of their profile information.

7.7 Push Notification Controls

Users can toggle push notifications on or off through their device settings.

7.8 Inquiries

For questions or requests regarding personal information, please contact us through our contact page (https://www.for-ple.com/contact).

Article 8 (Regarding Minors)

  1. The Service is not intended for individuals under the age of 16. Individuals under the age of 16 may not use the Service.
  2. Individuals aged 16 or older but under 18 must obtain the consent of a legal guardian before using the Service.
  3. The Company requires the entry of a date of birth at the time of account registration and blocks registration by Users under the age of 16.
  4. If the Company becomes aware that it has collected information from a User under the age of 16, it will promptly delete such information.
  5. Parents or guardians who become aware that personal information of a child under the age of 16 has been provided to the Company should contact us through our contact page (https://www.for-ple.com/contact).

Article 9 (Understanding of the External Environment for Security Management Measures)

When handling personal data in a foreign country, the Company has assessed the personal information protection system of the relevant foreign country and has implemented necessary and appropriate security management measures.

For information regarding the personal information protection system in the foreign country (the United States) where personal data is handled in connection with the Service, please refer to Article 5, Section 5.2.

Article 10 (Changes to This Policy)

  1. The Company may revise this Policy as necessary due to changes in laws and regulations, changes to the Service, or other reasons.
  2. In the event of significant changes, the Company will notify Users through posting on the Service, email, or in-app notification. Notification will be provided a reasonable period before the effective date of the changes.
  3. The revised Policy shall take effect from the effective date posted on the Service.
  4. If Users continue to use the Service after the changes take effect, they are deemed to have agreed to the revised Policy.

Article 11 (Supplementary Provisions for Users in Specific Regions)

11.1 Users Residing in the European Economic Area (EEA)

For Users residing in the EEA, the following supplementary provisions apply in accordance with the EU General Data Protection Regulation (GDPR):

  1. Legal Basis for Processing: The Company processes personal data based on the following legal grounds:
    • Performance of a Contract: Processing necessary for the provision and operation of the Service
    • Consent: When the User has given consent (e.g., processing of sensitive personal information)
    • Legitimate Interests: Processing necessary for service improvement, security, etc.
    • Compliance with Legal Obligations: Processing necessary to fulfill obligations under law
  2. Additional Rights: Users residing in the EEA have the following rights in addition to those set forth in Article 7:
    • The right to request restriction of processing
    • The right to object to the processing of personal data
    • The right not to be subject to automated decision-making (including profiling)
    • The right to lodge a complaint with a supervisory authority (data protection authority)
  3. Withdrawal of Consent: Users may withdraw consent for processing based on consent at any time. The lawfulness of processing carried out prior to withdrawal shall not be affected.

11.2 Users Residing in Indonesia

For Users residing in Indonesia, the following supplementary provisions apply in accordance with Indonesia's Personal Data Protection Law (PDP Law, Law No. 27 of 2022):

  1. Users have the right to receive information about the processing of personal data, the right to request correction, updating, or deletion of personal data, and the right to request cessation or restriction of the processing of personal data.
  2. When transferring personal data of Indonesian Users outside of Indonesia, the Company will implement appropriate safeguards in accordance with the requirements of the PDP Law.

11.3 Other Countries and Regions

The Company will implement additional safeguards as necessary in accordance with the data protection laws of the countries and regions where Users are located. Compliance with regulations in each country will be developed on an ongoing basis.

Article 12 (Contact Information)

For inquiries or requests regarding the handling of personal information, please contact us through our contact page:

Forple, Inc. Contact: https://www.for-ple.com/contact

The Company will endeavor to respond to inquiries within a reasonable period.

End of Privacy Policy

Terms of Service·Privacy Policy·Contact Us
Privacy Policy | Forple