Privacy Policy
Effective Date: December 18, 2025
Last Updated: December 18, 2025
Version: 1.0
KasamiWorks (Representative: Tomohisa Kasami,
hereinafter “the Developer”) establishes the following regarding the handling of user information in the mobile
application “NameMemory” (hereinafter “the App”).
1. Controller
Information
- Controller (Data Controller): KasamiWorks
(Representative: Tomohisa Kasami)
- Location: Japan
- Contact: contact.kasamiworks@gmail.com
- Inquiries will be responded to within 14 days
in principle (up to 1 month for complex cases).
2.5 Face Detection (Google ML Kit — On-Device Only)
- Processing: Face detection is performed entirely on-device using Google ML Kit.
Photos, face images, and biometric templates are not transmitted to the Developer or Google for this feature.
- Permissions: Camera and Photos/Storage permissions are used solely to capture and read images within the App. You may deny these permissions and still use the App (e.g., register without photos or use avatars).
- Model download: ML models may be downloaded to your device from Google (e.g., via Google Play services). This does not send your photos or personal data to servers.
- Retention: Detection results are computed in memory and are not stored by the Developer. Photos captured by you remain stored locally on your device until you delete them.
2. Information
We Collect
The App collects and processes the following
information.
2.1
On-Device Storage Data (Local Only)
- User-entered data (names, notes, photos, etc.)
→ Stored only on device (no cloud transmission)
- App settings information
- Review history data
2.2 Technical Information Sent to External
Services
The App sends technical information to external
services when executing the following functions:
Avatar Image Generation (Avataaars.io):
- Destination: https://avataaars.io/ (United States)
- Information sent:
- IP Address (considered
personal data under the laws of many countries)
- Image generation parameters (selected
hairstyle, clothing, etc.)
- Request date and time
- Purpose: SVG image generation
- Legal basis:
- Legitimate interests necessary for
service provision (GDPR Article 6(1)(f))
- Or explicit consent when using the
feature (GDPR Article 6(1)(a))
- Retention period: Subject to Avataaars.io server log policy (see Avataaars.io privacy policy for
details)
Terms and Policy Viewing
(Netlify):
- Destination:
namememory.netlify.app (United States)
- Information sent: IP address, access date and
time, browser information
- Purpose: Web page display
- Retention period: Subject to Netlify’s log
retention period (up to 30 days)
In-App Purchase Verification (Google/Apple/Our Verification Server):
- Destinations: Google Play Developer API / Apple VerifyReceipt API / Our verification server (jurisdiction follows the respective destination)
- Information sent: Purchase token/receipt, platform type, app version, request timestamp (including IP address inherent to network communication)
- Purpose: Validation of purchase legitimacy and fraud prevention
- Legal basis: Contract performance (GDPR Art. 6(1)(b)) / Legitimate interests (GDPR Art. 6(1)(f))
- Retention period: In principle within 90 days (including logs)
- International transfers: Appropriate safeguards (e.g., SCCs) applied as necessary
- Personal identifiers: We do not collect names, contact details, or location. Tokens are treated as pseudonymous technical information.
2.3 Automatically Collected Information
(On-Device Only)
- Device information (OS type, version, model
name)
- App usage statistics (launch count, feature
usage frequency)
- Crash reports (upon error occurrence)
Important: This information is
processed only on-device and is not independently collected or transmitted by the Developer. However, if
OS-level crash reports (provided by Apple/Google) are enabled, they may be transmitted to platform providers
(please check the privacy settings of each OS for details).
2.4
Information Not Collected
- Direct personally identifiable information
such as name, email address
- Location information
- Device data such as contacts, calendar
- Advertising ID
- Tracking data: The App does
not perform ad delivery or behavioral tracking
3. Purpose
of Information Use
- To provide and operate the App
- To verify app operation and address
malfunctions
- To comply with laws or respond to legitimate
requests from authorities
4. Third-Party Provision and
International Data Transfers
4.1 Principle of Third-Party Provision
The Developer does not provide user data to third
parties except in the following cases:
- When based on laws and regulations
- When user consent is obtained
- When necessary for executing app functions
(see Section 2.2)
4.2 International Data Transfers (For EU
Residents)
The App transfers data outside the EU (to the
United States) to use the following services:
Avataaars.io (Avatar Generation):
- Transfer destination: United States
- Safeguards:
- The avatar feature uses a
public API located in the United States. When you use this feature, your IP address will be
transmitted to servers in the United States. Please note that the United States may not
guarantee a level of data protection equivalent to the EU.
- IP addresses are transmitted only to
the extent technically necessary and are not stored after avatar image generation
- Risk notice: By using this feature,
you are deemed to have consented to data transfers outside the EU, including the above risks.
Netlify (Hosting):
4.3 EU Representative (GDPR Article 27)
The Developer is not required to designate an EU
representative for the following reasons:
- Based outside the EU (Japan)
- Does not engage in large-scale and
systematic monitoring of EU residents
- Does not engage in large-scale processing of
special categories of personal data (race, health information, etc.)
However, GDPR-related inquiries will be accepted
at contact.kasamiworks@gmail.com (Japanese and English
supported, response typically within 14 days).
5.
GDPR Compliance (For EU Users)
The following rights apply to EU residents.
5.1 Data
Subject Rights
- Right of access: Request
disclosure of stored data
- Right to rectification:
Request correction of inaccurate data
- Right to erasure (right to be
forgotten): Request deletion of data
- Right to restriction of
processing: Request temporary suspension of data processing
- Right to data portability:
Request transfer of data to other services
- Right to object: Object to
processing
5.2 How to
Exercise Rights
On-Device Data:
- Deletion: App Settings >
Data Management > “Reset”
- Export: App Settings >
Data Management > “Backup” (saved in ZIP format)
- Rectification: Can be
directly edited within the app
Data Sent to External Services:
5.3 Response
Deadline
The Developer will respond to requests to
exercise rights within 1 month of receipt.
(May be extended up to 3 months for complex cases, with notification provided)
5.4 Complaint to Supervisory Authority
EU residents have the right to lodge a complaint
with the data protection authority in their country of residence. (Typically, complaints are filed with
the supervisory authority in your country of residence)
6. CCPA/CPRA (California Law) Compliance
6.1 Categories of Personal Information
Collected
- Identifiers: IP address (only when sent to
external services)
- Internet activity information: App usage
statistics (on-device only)
6.2 Prohibition of Sale or Sharing
The Developer does not sell or
share personal information.
6.3 Rights of California Residents
- Right to know: Request disclosure of
collected information
- Right to deletion: Request deletion of
personal information
- Right to correction: Request correction of
inaccurate information
- Right to non-discrimination: Prohibition of
disadvantageous treatment for exercising rights
6.4 How to
Exercise Rights
Please contact contact.kasamiworks@gmail.com with “CCPA Request” clearly
stated.
7. Use by Minors
7.1
Reason for Age Restrictions
The App restricts use by persons of the following
ages:
- United States and many
countries: Under 13 years old
- EU member states and certain other
regions: Under 16 years old (13-15 years old in some member states)
Purpose of this restriction:
The App imposes age restrictions for the following reasons:
-
US COPPA Compliance
(under 13 years old)
- The App stores personal information
(names, photos) on the device
- COPPA regulates “online collection,”
but to avoid interpretive uncertainty, use by persons under the target age is restricted
-
EU GDPR Article 8
Compliance (under 16 years old or 13-15 years old under member state law)
- Because the App transmits data to
external services (Avataaars.io) when generating avatars, it may
qualify as an “information society service”
- Use by persons under the target age
is restricted to avoid the complexity of obtaining parental consent
-
Risk Management for Individual
Developers
- Avoiding implementation costs for
complex parental consent mechanisms
- Minimizing the risk of violating
child protection laws in various countries (high fines)
Important: The content of the
App is not harmful to children, but this is a preventive measure for legal compliance.
7.2 For
Parents and Guardians
If your child under the above age is using the
App:
7.3
Developer’s Response Measures
- Age restriction settings in app stores
- In-app age verification (requests
confirmation that the user is of the target age or older at first launch)
- If use by a person under the target age is
discovered, assistance with discontinuation of use based on reports from parents or guardians
8. Security
The Developer implements measures to prevent
unauthorized access and information leakage to a reasonable extent.
However, complete security of internet communications cannot be guaranteed.
9. Data
Retention Period
- User data (device storage): Retained until
deleted by the user themselves.
- Data retained by the Developer (inquiry
contents, etc.): Retained for the minimum necessary period only.
10.
Changes to This Policy
© 2025 KasamiWorks. All rights reserved.