Privacy Policy

Service Name: Profilecode

Version: 3.0

Last Updated: January 20, 2026

1. Introduction (Scope)

Welcome to Profilecode (the "Service"). We (the service operator) value your privacy. This Privacy Policy (the "Policy") explains how we collect, use, share, and protect personal information in the Service, and your rights under applicable laws (e.g., GDPR, CCPA/CPRA).

This Policy applies to the iOS/Android app and the Web (profilecode.codes) (subdomains excluded). By using the Service, you are deemed to agree to this Policy.

If you do not agree with this Policy, please stop using the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Email address (and information required for authentication). Passwords are managed by the authentication system so we cannot view them in plaintext.
User Input Data: Responses to personality questions, scores (raw/aggregate), response history, display name (if set), etc.
Generated Results: Profiles and match test results generated based on user input data
Inquiry Content: Email body and attachments provided when contacting support

2.2 Information Collected Automatically

Usage Data: Pages viewed, operation logs, session duration, crash information, etc. (for service improvement and security)
Device/Connection Information: IP address, device type, OS, browser type, language settings, time zone, etc.
Cookies/Similar Technologies: Used on the Web for analytics or to retain settings (see Section 8)
Advertising Identifiers: If ads are delivered in the app, ad IDs may be used by ad providers (see Section 8)

2.3 Information About Shared Links

Shared Link Tokens: Links (tokens) issued for compatibility tests, etc.
Information That May Be Provided to Recipients: User ID, display name (if set), scores, etc.
Access Method: Shared links may be viewable without login (see Section 6)

2.4 Children's Privacy

The Service is not intended for users under 16 years of age. If we learn that we have collected information from a user under 16 without guardian consent, we will delete it promptly within a reasonable scope.

3. Purposes of Use

We use the collected information for the following purposes:

Service Provision: Diagnostics, analysis, generation and display of Profiles/Match Test Results, feature delivery
Data Sync: Account creation and device transfer (sync of response history/scores, etc.)
Quality Improvement: Bug fixes, UX improvements, feature additions, usage analysis
Ad Delivery (App): Ad display, ad measurement, prevention of fraudulent ads
Security: Detection, prevention, investigation of misuse, spam countermeasures, access control
Legal Compliance: Compliance with legal obligations, dispute response, protection of rights

Legal Basis for Processing Under GDPR (Where Applicable)

Performance of Contract: Processing necessary to provide the Service requested by the user
Consent: Cookie consent, certain personalization, optional features (where applicable)
Legitimate Interests: Security, service improvement, operations maintenance (subject to users' rights)
Legal Obligation: Processing required to comply with laws

4. Data Sharing (Third-Party Disclosure/Processing)

We do not sell your personal information in principle. However, we may share information as necessary in the following cases:

4.1 Processors for Service Provision

Supabase: Authentication, database, hosting, etc. (account information, responses/scores/history, shared link tokens, group information, etc.)
Generative AI Services: For generating diagnostic text, we may send some user input data or scores (limited to the minimum necessary)

4.2 Analytics/Measurement

Google Analytics (Web): For analyzing web usage (may use cookies)

4.3 Ads (App)

AdMob (App): For ad delivery and measurement, fraud prevention (ad IDs may be used)

4.4 Legal Compliance and Safety

We may disclose information to authorities or professionals to comply with legal requests, ensure user safety, or protect rights.

4.5 Sharing Based on Your Consent

When a user shares information with third parties (e.g., issuing shared links), information will be provided to third parties to the extent necessary for that sharing (Section 6).

5. Data Storage and Retention

5.1 Anonymous Use (No Account)

Web: Diagnostic responses may be stored in browser storage (e.g., web memory/storage). They can be deleted by clearing browser data.
App: Diagnostic responses may be stored in local offline databases. They can be deleted by removing the app or via device operations.

5.2 Account Use (Account Creation/Linking)

When a user creates an account or converts from anonymous use, data is sent and stored on servers (e.g., Supabase) for data synchronization (e.g., device-to-device transfer).
Information Stored (Examples): Email address, user ID, diagnostic responses, scores (raw/aggregate), response history, shared link tokens, group information, etc.
Retention Period: In principle, until the user deletes the account

5.3 Shared Link Retention

Validity Period: In principle, 30 days from issuance
Revocation: Currently, shared links cannot be invalidated (revoked) at an arbitrary time

5.4 Account Deletion

When an account is deleted, we will delete user data, shared link tokens, group-related information, logs, etc. on the server within a reasonable period. Exceptions may apply where retention is required for legal compliance, security, or dispute response.

6. Sharing Diagnostic Results or Scores (Shared Links)

Sharing Is Optional: Issuing and sharing shared links is optional for the user.
Viewing Without Login: Shared links may be viewable without login.
Information That May Be Shared: User ID, display name (if set), scores, etc. may be synced to the recipient for compatibility tests.
Consent Concept: When a user provides a shared link to a third party, the user is deemed to consent to the necessary sharing of information.

Disclaimer: We are not responsible for third-party use of data shared outside the Service (e.g., on social media).

7. Your Rights

Rights Under GDPR (EU) (Where Applicable)

Access: Request a copy of personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of data under certain conditions
Restriction: Request restriction of processing
Data Portability: Receive data in a machine-readable format
Objection: Object to certain processing

Rights Under CCPA/CPRA (California) (Where Applicable)

Right to Know: Request disclosure of collected personal information
Deletion: Request deletion of personal information, subject to legal exceptions
Correction: Request correction of inaccurate personal information (where applicable)
Opt-Out: Opt out of processing that qualifies as a “sale” or “sharing” (where applicable)

To exercise your rights, contact privacy@profilecode.codes. We may request reasonable additional information to verify your identity.

8. Cookies, Tracking, and Ads

8.1 Web (Google Analytics)

We may use Google Analytics on the Web to understand usage and improve the Service. Google Analytics may collect data using cookies and similar technologies. You can disable cookies in your browser settings.

8.2 App (AdMob)

We use AdMob in the app for ad delivery and measurement. This may involve the use of ad IDs by ad providers. Ad-related settings (e.g., personalization) may be changed in your device OS settings.

8.3 Consent (Where Required)

In regions where consent is required by law, we may provide appropriate mechanisms to obtain consent for cookies and similar technologies.

9. Data Security

We implement reasonable technical and organizational safeguards (e.g., encryption in transit, access control).

However, no method can guarantee complete security. Users should understand this when using the Service.

10. Data Breach Notification

If a data breach occurs, we will notify affected users and relevant authorities in accordance with applicable laws, where required.

11. International Data Transfers

We or our processors (Supabase, analytics/ads/generative AI, etc.) may handle data in countries outside your residence. In such cases, we strive to implement appropriate safeguards (e.g., Standard Contractual Clauses) as required by applicable laws.

12. Updates to This Policy

This Policy may be revised from time to time. If there are material changes, we will notify you within the Service. Continued use after updates constitutes acceptance of the updated Policy.

13. Contact

If you have questions or concerns about this Policy, please contact:

Privacy Contact: privacy@profilecode.codes

General Contact: info@profilecode.codes

Address: 24-13-2, Asahi-cho, Minami-ku, Sagamihara, Kanagawa, Japan