Privacy Policy

Privacy Policy

Cybozu, Inc., Cybozu Labs, Inc., and Cybozu Connect.C, Inc. (“Cybozu”) appropriately handle personal information collected in the course of providing products and services, holding events, and conducting other business activities, in accordance with the policy described below. In this policy, "personal information," "personal data," and "retained personal data" are used in accordance with the terminology used in the Act on the Protection of Personal Information (Act No. 57 of 2003. Hereinafter, the "Personal Information Protection Act"). Please note that the handling of personal information in recruitment activities is specified separately here.

1. Information that we collect

In the course of conducting our business activities, Cybozu collects personal information, including the following:

Information including: name, address, place of employment, department, position, telephone/fax number, e-mail address, bank account details, credit card number, facial photograph, video, shareholder number, and subscriber information for products and services (refers to "Customer Information" as defined in the Terms of Use.)

※ Cybozu may collect the My Number (national identification number) of individuals, such as sole proprietors, speakers, etc., for use in the preparation of payment statements and withholding tax certificates.

2. How we use your information

Cybozu uses the collected personal information to the extent necessary to achieve the purposes described below. If Cybozu uses personal information beyond the extent necessary to achieve the purposes described below, we will do so only after obtaining the consent of the individual concerned.

(1) Purposes personal information of people who have purchased or used our products and services, or who have an interest in our products and services ("Customers") is used for:

  • 1

    to provide a range of information on products and services (new products and services, new features, feature improvements, case studies, etc.)

  • 2

    to provide information on, and to run, seminars and events

  • 3

    to manage customer transaction information, such as subscription applications for our products and services, changes to Customer Information, subscription renewals and cancellations, etc.

  • 4

    to estimate and/or bill for products, services, and subscription fees

  • 5

    to send thank you letters for purchasing our products and services

  • 6

    to advise that we are conducting a survey on products and services, as well as to notify winners, and to send out prizes

  • 7

    to provide information on product and service maintenance, failures, etc.

  • 8

    to reply to inquiries received and to provide customer support

  • 9

    to manage certification programs, user communities, and developer communities

  • 10

    to utilize as basic data to enhance and improve our products and services; and

  • 11

    to measure the effectiveness of marketing and customer support initiatives.

(2) Purposes personal information of people in charge at Cybozu business partners is used for:

  • 1

    to manage business partner information

  • 2

    to engage in the necessary communications to enter into contracts and carry out transactions; and

  • 3

    to carry out billing and payment operations.

(3) Purposes personal information of people who have reported vulnerabilities in our products and services, or information security incidents at our company ("Reporter") is used for:

  • 1

    to contact the Reporter

  • 2

    to pay a bounty if the Reporter is participating in a Bug Bounty Program, and to administer said program; and

  • 3

    if the Reporter is participating in a Bug Bounty Testing Environment Program, to provide the vulnerability verification environment and to administer said program.

(4) Purposes personal information of shareholders and people who are interested in becoming a shareholder is used for:

  • 1

    to exercise Cybozu’s rights and fulfill our obligations under the Companies Act

  • 2

    to implement various IR (Investor Relations) measures; and

  • 3

    to manage shareholders, including the preparation of shareholder data as per the prescribed standards under the various laws and regulations.

(5) Purposes personal information of media representatives and other individuals not included in (1) through (4) above is used for:

  • 1

    to contact the person; and

  • 2

    to provide information on, and to run, seminars and events.

(6) Common purposes of using personal information in (1) through (5):

  • 1

    to comply with applicable laws and regulations

  • 2

    to exercise or defend Cybozu’s legal rights; and

  • 3

    in the event of a merger, acquisition, sale, or other transaction involving the business or its assets, to support or give effect to the transaction.

3. How we Share your Information with Third-parties

Cybozu will not provide personal data to third parties without the prior consent of the individual, except in the following cases:

  • when providing the Customer Information, to the provider of a billing and/or payment collection service for the payment of products and services or subscription fees
  • when co-hosting a seminar or event with another company, and providing the co-host with the participants’ personal data
  • When you go against the terms of use and/or guidelines, and disclosing your information is considered necessary to protect the rights, property, and/or the services of other customers and/or Cybozu
  • when required by law
  • when it is necessary for the protection of the life, body, or property of a person and it is difficult to obtain the consent of the individual
  • when it is particularly necessary to improve public health or promote the sound development of children, and it is difficult to obtain the consent of the individual; and
  • when it is necessary to cooperate with a national government agency or a local government, or a person entrusted by either of the aforementioned in performing duties prescribed by laws and regulations, and obtaining the consent of the individual concerned is likely to impede the performance of such duties.

4. Outsourcing

Cybozu may outsource some of the handling of personal data. When Cybozu outsources, we will select a contractor on the condition that the company has secured a sufficient level of personal data protection, and will do so only after having entered into a contract pertaining to personal data. In addition, Cybozu will conduct the necessary and appropriate supervision in relation to the management of said contractors.

5. Joint Use

Cybozu will jointly use personal data between Cybozu and our subsidiaries (the "Cybozu Group") only when necessary within the scope described below.

  • (1)

    Items of personal information to be jointly used Items stated in “1 Information that we Collect”

  • (2)

    Scope of joint users The Cybozu Group

  • (3)

    Purpose of use Items stated in “2 How we Use your Information”

  • (4)

    Chief Administrator Cybozu, Inc.

6. Security Control Measures

Cybozu takes necessary and appropriate measures, including those described below, to prevent the leakage, loss of, or damage to personal data handled by the company and to otherwise securely manage personal data.

(1) Formulation of basic policy/Establishment of rules on handling of personal data

  • Cybozu has established internal regulations for each stage of collection, use, and provision of personal data, including handling methods, responsible persons and persons in charge, and their duties, in order to ensure the proper handling of personal data.

(2) Systematic security control measures

  • Cybozu has a system in place for reporting and communicating with the person in charge for when signs of, or actual violations of laws, or internal regulations are identified.
  • Cybozu conducts regular self inspections on the status of personal data handling.

(3) Human security control measures

  • Cybozu conducts regular training for employees on the important points regarding the handling of personal data.
  • Matters relating to maintaining the confidentiality of personal data are stated in the Work Rules.

(4) Physical security control measures

  • In areas where personal data is handled, employee access is controlled and restrictions imposed on devices brought into the area, and measures are implemented to prevent unauthorized persons from viewing personal data.
  • In addition to taking measures to prevent the theft or loss of equipment, electronic media, documents, etc., that handle personal data, Cybozu takes measures to ensure that personal data is not easily revealed when such equipment, electronic media, etc., are transported, including within the business premises.

(5) Technical security control measures

  • Cybozu implements access controls limiting the range of people in charge and extent of the personal information database, etc., they can handle.
  • Cybozu has implemented systems to protect information systems that handle personal data from unauthorized access from outside and from unauthorized software.

(6) Understanding the external environmentIn the case of storing personal data in a cloud service, if either, the country where the cloud service provider of the cloud service is located, or the country where the server where the personal data is stored is located, is a foreign country, Cybozu takes the necessary and appropriate measures for the safe management of personal data based on an understanding of said foreign country's legal systems, etc., for the protection of personal information.

7. How to request disclosure, correction, suspension of use of your Data

Cybozu will respond to requests for disclosure of your retained personal data, correction, addition or deletion of the content of your retained personal data, cessation of use, or deletion of your retained personal data, or cessation of provision of your retained personal data to third parties ("Requests for Disclosure, etc.") to the extent permitted by the Personal Information Protection Act. If you wish to make Requests for Disclosure, etc., or to make a complaint regarding our handling of personal information, please contact us at the inquiries desk listed in "9 Contact Us.”

8. Revision of this Policy

This policy is subject to revision without notice in response to changes in laws and regulations, changes in business activities, etc. Your understanding is appreciated.

9. Contact Us

For all inquiries regarding this policy, please contact us at: Personal Information Inquiries Desk, Cybozu, Inc.

Revised on February 12, 2017
Revised on July 28, 2017
Revised on March 31, 2022
Revised on July 3, 2023

Privacy Policy for Thailand

Privacy Policy - English

นโยบายความเป็นส่วนตัว ไทย

Cookies Policy

Last Updated: August 24, 2022

This Cookies Policy explains what cookies are and how we use them.

A cookie is a small amount of data consisting of character strings that is sent to your browser from a web server. This information acts like a user’s ID card that enables you to record your password and/or configuration information on it, thereby identifying you when you revisit the website and enabling to have setting status reappear.

We use analytics tools to help us understand how you get to and use our site. To do this, 3rd party services we deploy may use cookies and other similar technologies such as tags, web beacons to track your activity when you use visit our sites.

If you do not wish to accept cookies, you can block or restrict cookies through your browser settings. Please note though, in that case you may not be able to use all or a part of our website.

You can modify the settings of cookies on our site through the ”Cookie Settings” page.

Cybozu may at our sole and absolute discretion, update its Cookies Policy from time to time. The update shall be effective as of the date it is posted on our website.

If you have any questions about this Cookies Policy, You can contact us: