CLOSM i Privacy Policy

CLOSM LLC (hereinafter referred to as the "Company") hereby establishes this Privacy Policy (hereinafter referred to as the "Policy") regarding the handling of Users' personal information in connection with the CLOSM i service (hereinafter referred to as the "Service").

Article 1 (Scope)

This Policy applies to the relationship between the Company and Users regarding the use of the Service.

Article 2 (Authentication and Personal Information)

The Service uses Auth0 (an authentication platform service provided by Okta, Inc.) for user authentication. Information obtained through Auth0 (email addresses, social login profiles, etc.) is handled in accordance with Auth0's privacy policy. The Company uses information obtained from Auth0 for the purposes of user identity verification and account management.

Article 3 (Information Collected)

The Company may collect the following information in the course of providing the Service:

1. User registration information: email address, username, nickname, profile image, etc.
2. Profile information: bio text, custom color settings, etc.
3. Posting and usage data: posted content, usage history, favorites, follow relationships, log information
4. Payment-related information: purchase history, plan subscription status, payment status (Note: Credit card information is managed directly by the payment processor; the Company does not retain sensitive information such as card numbers)
5. Shipping information (for merchandise purchases): name, address, phone number, email address
6. Blockchain information (for NFT usage): wallet address, transaction history
7. Device information: IP address, browser type, access date and time, and other log information

Article 4 (Purpose of Use)

The Company uses collected information for the following purposes:

1. To provide, operate, and improve the Service
2. To provide user support and respond to inquiries
3. To process billing and payments for paid plans
4. To ship merchandise (goods) and communicate delivery status
5. To mint, manage, and display transaction histories of NFTs
6. To prevent and respond to violations of the Terms of Service
7. To analyze and improve the usage of the Service

Article 5 (Cookies and External Data Transmission)

1. The Service may use cookies and similar technologies to enhance user experience and improve the Service.
2. In accordance with the Telecommunications Business Act, the Service transmits user information to the following external services:

Recipient	Information Transmitted	Purpose of Use
Auth0 (Okta, Inc.)	Authentication tokens, session information	User authentication and login management
Stripe, Inc.	Information necessary for payment processing (card information, name, email address, etc.)	Payment processing and subscription management
Google LLC (Google Analytics)	Pages viewed, interaction data, device information, etc.	Analysis and improvement of service usage

1. Users may refuse to accept cookies through their browser settings. However, refusing cookies may prevent some features of the Service from being available.

Article 6 (Third-Party Disclosure, Outsourcing, and Provision to Third Parties Located in Foreign Countries)

1. The Company will not disclose personal information to third parties without the prior consent of the User, except in the following cases:
   • When required by law
   • When necessary to protect a person's life, body, or property
   • When particularly necessary for the improvement of public health or the promotion of the healthy upbringing of children
   • When it is necessary to cooperate with a national or local government body or a person entrusted by such body in performing duties prescribed by law
2. The Company may outsource all or part of the handling of personal information to external service providers to the extent necessary for the provision of the Service. In such cases, the Company shall exercise appropriate supervision over the outsourced parties. The principal outsourced parties, countries of transfer, purposes of use, and data security measures are as follows:

Outsourced Party	Country	Purpose of Use	Data Security Measures
Auth0 (Okta, Inc.)	United States	User authentication and account management	SOC 2 Type II certified, ISO 27001 certified
Stripe, Inc.	United States	Processing payments for subscription fees and merchandise	PCI DSS Level 1 compliant, SOC 2 certified
Printful, Inc.	United States / EU	Manufacturing and shipping of merchandise	EU GDPR compliant
Cloudflare, Inc.	United States, etc.	Delivery and storage of image data	SOC 2 Type II certified, ISO 27001 certified

1. The outsourced parties listed in the preceding paragraph include those located REMOVED of Japan. By using the Service, Users consent to the transfer and processing of data to the countries listed in the preceding paragraph. Note that the United States does not have a comprehensive data protection law equivalent to Japan's Act on the Protection of Personal Information; however, each outsourced party implements the data security measures described above.
2. Users may inquire with the Company for detailed information regarding the provision of data to third parties located in foreign countries.

Article 7 (Characteristics of Blockchain Information)

Users acknowledge in advance that information recorded on the blockchain in connection with the use of NFT features (wallet addresses, transaction histories, etc.) is, due to its technical characteristics, permanently recorded and difficult to delete or modify, and is of a nature that is publicly accessible.

Article 8 (Information Management)

1. The Company shall take the following measures for the security management of Users' personal information, including the prevention of leakage, loss, or damage: (1) Encryption of communications: Communications with the Service are encrypted using SSL/TLS (2) Access control: Access to personal information is limited to personnel who require it for business purposes (3) Security of external services: Payment information is managed by a PCI DSS-compliant payment processor, and authentication information is managed by an authentication platform that has obtained international security certifications (4) Periodic review: The implementation status of security management measures is periodically reviewed and improved as necessary

Article 9 (Retention Period of Personal Information)

1. The Company shall retain personal information for a reasonable period within the scope necessary to achieve the purposes of use.
2. Upon a User's withdrawal, the Company shall delete account information and posted content within a reasonable period. However, information required to be retained by law (order history, transaction records, etc.) shall be retained for the period prescribed by law.
3. Information recorded on the blockchain cannot be technically deleted as provided in Article 7.

Article 10 (Minors)

The Service is intended for users aged 13 and older. Individuals under 13 years of age may not use the Service.

Article 11 (User Requests for Access or Deletion)

Users may request the Company to disclose, correct, add, delete, suspend the use of, or erase their personal information.

If you wish to make such a request, please contact us at the address provided below. Note that this does not apply to information that is technically impossible to delete, such as information recorded on the blockchain.

Article 12 (Revisions to This Policy)

The Company may revise this Policy as necessary. The revised Privacy Policy shall take effect upon publication on the Service.

Article 13 (Contact Information)

For inquiries regarding this Policy, please contact the following:

CLOSM LLC Email: contact+Inquiry-i@closm.llc Contact Form: https://forms.gle/wm2nWxD9setSTH2s7

Enacted on February 16, 2026