Do. LLC, the operator of the mobile application "Ehon Plus" (the "Service"), establishes this Privacy Policy (the "Policy") to explain how personal information and personal-related information of users are handled in connection with the Service.
This Policy is intended to inform users, in accordance with the Act on the Protection of Personal Information of Japan (APPI), the European General Data Protection Regulation (GDPR), and other applicable laws, what information the Service collects, for what purposes, with whom it is shared, and how it is retained and deleted.
1. Core Principles for Data Handling
In the Service, we adopt the following principles:
- No account registration is required. The Service provides no sign-in UI and stores no user-identifying information on our servers.
- Per-user reading history, favorites, and language settings are stored only on the user's device. Such information is not transmitted to our servers.
- No advertisements are served. No third-party advertising components are bundled with the Service.
- No in-app purchases are offered. The Service does not collect any payment information such as credit card details.
- We collect only the minimum information necessary for quality maintenance, failure analysis, and usage analytics of the Service.
2. Information We Collect
2.1 Automatically Collected Information
| Category | Items | Collected Via | Recipient |
|---|---|---|---|
| Usage information | App launches, screen views, book opens / reading completion, interaction events | Firebase Analytics | Google LLC |
| Device & environment | OS version, device model, app version, language settings, country / region, screen resolution, anonymous random identifiers automatically generated by the analytics service (cannot identify individual users) | Firebase Analytics / Crashlytics | Google LLC |
| Crash information | Stack traces, crash locations, device state (memory, storage, etc.), logs immediately before a crash | Firebase Crashlytics | Google LLC |
| Receipt of distribution-control values | Display-control values delivered by Remote Config. This is a receive operation only and does not send user information to us | Firebase Remote Config | Google LLC |
Information we explicitly do NOT collect:
- Name, email address, phone number, postal address
- Location data (GPS or IP-based geolocation)
- Device contacts, photos, calendar, microphone, camera
- We do not directly collect device-level advertising identifiers used for ad delivery
- Payment information, credit card numbers
- User-submitted content (the Service does not offer user-generated content features)
2.2 Information Stored Only on the User's Device
The following information is stored only on the user's device and is not transmitted to our servers:
- Identifiers of books added to favorites
- Reading history (identifiers of books read and timestamps)
- Language settings
- Touch-effect (sparkle) ON/OFF preference
- Snooze state of the recommended-update prompt
This information is deleted when the user uninstalls the app.
3. Purposes of Use
We use the collected information for the following purposes:
- Providing the Service and improving its features
- Analyzing usage patterns (which books are read, where users drop off, etc.)
- Analyzing and addressing defects and failures
- Determining whether to enter maintenance mode or trigger a force-update when serious incidents occur
- Detecting and responding to unauthorized access or abnormal mass-access patterns that threaten the stable operation of the Service
- Compliance with legal obligations
We do not use the collected information beyond the scope of the purposes set out above.
4. Third-Party Disclosures and External Transmission
4.1 External Services We Use (Data Processors)
The Service transmits data to the following external services. These act as our data processors and handle information under our instructions.
| Service | Provider | Purpose | Data Transmitted | Policy |
|---|---|---|---|---|
| Firebase Analytics | Google LLC (US) | Usage analytics | The usage and device information described in §2.1 | Google's privacy policy |
| Firebase Crashlytics | Google LLC (US) | Crash analytics | The crash and device information described in §2.1 | Google's privacy policy |
| Firebase Remote Config | Google LLC (US) | Distribution-control values | Device and app-version information only | Google's privacy policy |
4.2 Disclosure to Third Parties
We will not disclose collected information to any third party other than those listed in §4.1, except in any of the following cases:
- The user has given consent
- Required by law (e.g., court order, lawful request by an investigative agency)
- Necessary to protect the life, body, or property of a person and obtaining the user's consent is difficult
- Cooperation with a national or local government agency executing duties prescribed by law
4.3 International Transfers
Google LLC is located in the United States, and Firebase's processing infrastructure is distributed across data centers around the world. By using the Service, user information may be transferred outside Japan — primarily to the United States, the European Union, the Asia-Pacific region, and other countries hosting Google-operated data centers. Please refer to Google LLC's privacy policy for details on its data-protection practices.
5. Retention Periods
| Data Type | Retention Period | Storage Location |
|---|---|---|
| Firebase Analytics usage data | Up to 14 months from collection. Automatically deleted after this period. | Google LLC |
| Firebase Crashlytics crash data | Up to 90 days from collection. Automatically deleted after this period. | Google LLC |
| On-device favorites, reading history, settings | As long as the app remains installed. Deleted upon uninstall. | User's device |
6. Your Rights
You have the following rights regarding your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Right of access / disclosure | The right to request disclosure of personal data we hold about you | Contact the address in §12 |
| Right to rectification / addition / deletion | The right to request correction, addition, or deletion of inaccurate or incomplete personal data | Same |
| Right to suspension of use / erasure | The right to request suspension of use or erasure when data is used beyond the necessary scope | Same |
| Right to data portability (GDPR) | The right to receive your data in a machine-readable format | Same |
| Right to object (GDPR) | The right to object to the processing of your data | Same |
| Right to lodge a complaint (GDPR) | The right to file a complaint with the supervisory authority in your jurisdiction | Contact the supervisory authority directly |
| Right to opt out of analytics | The right to stop Firebase Analytics collection | Toggle the setting at any time from "My Page > Privacy settings" in the app. Users in the EU can also decline at the first-launch consent screen |
| Right to opt out of crash reporting | The right to stop Firebase Crashlytics collection | Toggle the setting at any time from "My Page > Privacy settings" in the app, or contact us at §12 below |
We may take steps to verify your identity when it is difficult to identify the data subject of a request.
7. Consent and Withdrawal (For Users in the EU)
For users located in the EU, the Service obtains consent for the use of Firebase Analytics at first launch.
- How consent is obtained: A dedicated consent UI is shown at first launch and consent is recorded by an explicit "Allow" action.
- Withdrawal of consent: You may withdraw consent at any time from the in-app settings (My Page). After withdrawal, Analytics collection ceases immediately.
- Use without consent: Declining consent does not prevent you from using the Service's book-reading features.
For Firebase Crashlytics, we rely on our legitimate interests (GDPR Article 6(1)(f)) as the lawful basis, since crash analytics is essential for maintaining service quality. We will promptly act on requests to withdraw from this processing.
8. Cookies and Similar Technologies
The Service is a mobile application and does not use browser cookies. However, the analytics and crash-reporting components may store anonymous random identifiers on the device. These identifiers do not identify individual users and are not used for advertising purposes.
9. Security Measures
We implement the following measures to protect personal data from leakage, loss, or damage:
- Limiting the number of employees who handle personal data and providing them training
- Applying the principle of least privilege to access permissions
- Requiring multi-factor authentication (MFA) for access to the Firebase Console
- Encrypted communication with external services
- Maintaining incident-response procedures
10. Children's Use
The Service is a book-reading application intended for use by children, including preschool-age children. The Service is designed with consideration for children's privacy laws — including the U.S. Children's Online Privacy Protection Act (COPPA) and Article 8 of the EU General Data Protection Regulation (GDPR) — as follows:
- We do not require account registration or collect personally identifying information
- We do not serve advertisements or perform targeted advertising
- We do not provide user-submitted content features
- Firebase Analytics data is limited to device- and app-behavior information and is not used to identify individual children
Because the Service does not collect personally identifying information, we have determined that Verifiable Parental Consent (VPC) under COPPA and parental consent under GDPR Article 8 are not required. If we later add user-generated content or similar features, we will update this Policy and put a separate parental-consent mechanism in place as needed.
Minors should use the Service under the supervision and responsibility of a parent or guardian.
11. Changes to This Policy
We may revise this Policy from time to time in response to changes in law, service content, or other necessity. For material changes that affect users' rights or obligations, we will provide a reasonable advance notice period (typically 30 days before the effective date) and will notify users of the content and effective date of the revised Policy via in-app notification or by posting at the public URL above.
Users who do not agree to the revised Policy may discontinue use of the Service. Continued use of the Service after the effective date constitutes acceptance of the revised Policy. Minor changes — such as correcting typographical errors — that do not substantively affect users' rights or obligations may be made without the advance notice period described above.
12. Contact
For questions about this Policy or our handling of personal data, and to exercise the rights described in §6, please contact us at:
- Contact: Privacy Officer, Do. LLC
- Contact Email: support@do-tech.jp
- Operator: Do. LLC
Users in the EU also have the right to lodge a complaint directly with the supervisory authority in their country of residence.
Revision History
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2026-06-30 | Initial release |