**Note:** The Service may collect information such as height, weight, and position. However, this information is **not collected for the purpose of dating or sexual relationships**. In particular, **position** is collected because it serves as useful reference information for mutual understanding and smoother communication during events where many members of the gay community gather.
This Privacy Policy (hereinafter referred to as the **Policy**) sets forth the handling of personal information by **GREATEARTH CO., LTD.** (hereinafter referred to as the **Company**) with respect to the **PONGE** service operated and provided by the Company (hereinafter referred to as the **Service**). Personal information in this Policy shall have the meaning defined in Article 2, Paragraph 1 of the *Act on the Protection of Personal Information of Japan*.
## 1. Collection of Personal Information
The Company may collect the following personal information from users in connection with the provision of the Service.
### (1) Information Provided Directly by Users
The Company may collect personal information from users when they register for the Service, set up their profiles, or contact the Company, as described below.
* **For General Users:**
* Required information for Service registration (email, password, SNS login token)
* Information voluntarily registered in profile settings (e.g., profile photo, height, weight, **position** (self-reported sexual orientation), hobbies and interests, region of residence, nationality, etc.)
* Any and all information posted or transmitted by users on the Service (posts, photos, videos, messages, event participation information, etc.)
* Information necessary for inquiries (e.g., information required for identification)
* **For Business Users:**
* Information required to post information (store name, name of contact person, location, contact information, payment-related information, etc.)
* Any and all information (posts, photos, videos, messages, event information, etc.) posted or transmitted by users on the Service
### (2) Information Collected During Use or Browsing
The Company collects the following information through the user's device or Company servers. Collection methods and purposes are limited to the minimum necessary, with full consideration for user privacy.
* **Stored on Company servers:**
* Device information (device type, browser information, OS, language settings, etc.)
* Token for push notifications obtained by Firebase Cloud Messaging (FCM)
* Browser or app language preference information
* Message content between users (chat logs)
* History of **PONGE** and other activities in which users have participated
* History of use of the Service, including postings, reactions, blocking, reporting, etc.
* **Stored locally on user device (Local Storage):**
* User authentication token (to maintain login)
* **Location information:**
* The app obtains location data via GPS **only when the user permits location access** while using the map feature. Location acquisition and display occur only when the user manually initiates it. The app does not collect or share location data automatically or continuously. **Even if location permission is denied, users can manually select an area to use the Service.**
* **When using the Shouting feature**, if the user has permitted location access, the user's last known location is stored on the server to provide location-based services such as nearby Shouting notifications. This location data is used only for the following purposes:
* Sending nearby Shouting notifications (when the user has enabled this in settings)
* Displaying location when posting a Shouting
* Stored location data is deleted when the user's account is deleted. Users can stop location data collection by disabling nearby Shouting notifications in the app settings or by revoking location permissions in their device settings.
### (3) Information Collected Through External Services
The Company may collect user information through the following external services.
* **Social Login (Google, Apple)**
* When users choose to use social login, the Company may obtain the following information from the relevant service:
* User ID (identifier unique to each service)
* Email address (if permitted by the user)
* Profile information (if permitted by the user)
* **Supabase**
* Authentication information (Supabase UID)
* Chat message storage
* **Firebase (Google)**
* Push notification token (Firebase Cloud Messaging only)
* Crash reports and diagnostic information
### (4) Information Collected During PONGE Listing Verification
* Public information from external SNS (Instagram, Facebook, X, TikTok, etc.) registered by Business Users
* Screenshots or text data from such SNS pages (for AI verification purposes)
## 2. Purposes of Use of Personal Information
Collected information may be used for the following purposes:
* Provision and operation of the Service
* Functionality improvements and service enhancement
* Advertising, promotion, and effectiveness measurement by the Company or partners
* Delivery of newsletters
* Notifications regarding campaigns or events
* Communications related to terms revisions and important matters
* Verification of registration and service usage
* **Prevention and response to misuse or misconduct**
* Responding to user inquiries
* **Verification of PONGE listing information reliability**
* **Operation of report/block functions and ensuring community safety**
## 3. Outsourcing of Personal Information Handling
The Company may outsource the handling of personal information to third parties. In such cases, the Company will supervise contractors as necessary and appropriate.
## 4. Provision of Personal Information to Third Parties
The Company may provide collected information to third parties in the following cases. Please note that content voluntarily posted or shared by users may be visible to other users.
* When necessary for investigating or addressing violations or fraud, or to protect the rights and interests of users or third parties
* When required by law
* When necessary to protect life, body, or property, and obtaining user consent is difficult
* When required for public health or child development, and obtaining user consent is difficult
* When cooperation is needed with government agencies or local authorities performing legal duties, and obtaining consent may hinder such duties
* When user consent has been separately obtained
## 5. Use of External Services
The Company uses the following external services to analyze usage trends for service improvement.
### (1) Google Analytics
Google Analytics collects anonymous usage data through cookies and sends it to Google servers. Users may opt out via Google's Opt-Out Add-on.
* Google Analytics Terms of Service: `https://www.google.com/analytics/terms/jp.html`
* Google Privacy Policy: `https://policies.google.com/privacy?hl=ja`
* Opt-Out Add-on: `https://tools.google.com/dlpage/gaoptout?hl=en`
### (2) Supabase
The Company uses the following Supabase services:
* **Supabase Authentication**: User authentication
* **Supabase Database**: Chat message storage
Supabase Privacy Policy: `https://supabase.com/privacy`
### (3) Firebase (Google)
The Company uses Firebase Cloud Messaging (FCM) **for push notification delivery purposes only**.
* **Firebase Cloud Messaging**: Push notification delivery
* **Firebase Crashlytics**: App crash report collection
Firebase Privacy Policy: `https://firebase.google.com/support/privacy`
### (4) Google Maps
The Company uses Google Maps SDK to provide map functionality. Google Maps is used in compliance with the SDK license, and the Google logo is displayed within the app.
Google Maps Privacy Policy: `https://policies.google.com/privacy`
### (5) Google Gemini AI
The Company uses Google Gemini AI for PONGE information verification. Portions of PONGE information may be sent to Google for AI processing.
Google AI Privacy Policy: `https://policies.google.com/privacy`
### (6) Sentry
The Company uses Sentry for app error monitoring and performance analysis. Crash reports and diagnostic information may be collected.
Sentry Privacy Policy: `https://sentry.io/privacy/`
### (7) Social Login Providers
The Company uses the following social login services. Please also review each service's privacy policy.
* **Google**: `https://policies.google.com/privacy?hl=en`
* **Apple**: `https://www.apple.com/legal/privacy/`
### (8) Regarding Ad Tracking
**This Service does not use ad tracking SDKs.** Therefore, Apple's App Tracking Transparency (ATT) permission is not required.
## 6. User Requests
Users may request disclosure, correction, suspension of use, or deletion of their personal information, to the extent permitted by law. The Company will verify the user's identity and respond within a reasonable time.
**Users can delete their account and all related data anytime from the in-app "Delete Account" menu.**
## 7. Security Management of Information
The Company will appropriately manage collected information and strive to prevent unauthorized access, leaks, alterations, or losses. Specifically, the following measures are implemented:
* Data encryption (during transfer and storage)
* Strict access control and authentication
* Regular security audits
* Information security training for employees
## 8. Use by Minors
Use of the Service by individuals **under 18 years old is not permitted**. If such information is confirmed, the Company will immediately delete the data or take appropriate action.
## 9. Data Retention Period
The Company retains user personal information for the following periods:
* **Account information**: Period required by law or deemed necessary by the Company after account deletion
* **Chat messages**: Period necessary for service operation
* **Report/block information**: Retained for a certain period to prevent misuse
* **Service usage logs**: Period required by law
## 10. International Use
If users access the Service from outside Japan (including but not limited to Korea, Taiwan, China, and Thailand), their data may be stored on **servers in Japan**. If additional protections are required by local laws, the Company will comply appropriately. Users must use the Service at their own discretion and are responsible for confirming any applicable data protection laws in their jurisdiction.
### Cross-Border Data Transfer
User personal information may be transferred outside Japan for the following purposes:
* **Google Cloud Platform (USA)**: Data backup and AI processing
* **Supabase (USA)**: Authentication, chat data storage
* **Firebase (USA)**: Push notifications
These service providers implement appropriate data protection measures.
## 11. Push Notification Settings
Users may change the following push notification settings from the app's settings screen:
* **General notifications**: Likes, comments, bookmarks, etc.
* **Marketing notifications**: Events, campaigns, promotions
To completely disable push notifications, please disable app notifications from your device settings.
## 12. Amendments to the Policy
This Policy may be updated from time to time. In the event of material changes, the Company will notify users via the website or application.
## 13. Contact
For inquiries about this Policy or personal information, please contact:
* **GREATEARTH CO., LTD.** – PONGE Operations Office
* Email: `admin@ponge.app`
---
### Established: June 6, 2025
### Revised: January 28, 2026
### Revised: April 6, 2026
