Privacy Policy

GRANNET Inc. (hereinafter referred to as the "Company") has established this Privacy Policy to implement a framework for protecting personal information. By ensuring that all employees recognize the importance of personal information protection and are committed to its implementation, the Company promotes the protection of personal information.
Where an individual privacy policy has been established or where the user has provided separate individual consent, the content of such policy and individual consent shall take precedence.

Definition of Personal Information

"Personal information" as used in this policy refers to personal information as defined by the Act on the Protection of Personal Information (hereinafter referred to as the "Personal Information Protection Act").

Collection of Personal Information

The Company collects your personal information (including name, place of employment, department, title, telephone number, and email address) through the methods set forth in the following items, to the extent necessary for the provision and improvement of the businesses and services operated by the Company, or the websites operated by the Company (hereinafter collectively referred to as the "Services").

1. (1) Information provided directly by customers through the Services or similar channels
2. (2) Information provided by external services when customers authorize integration between the Services and such external services
3. (3) Information collected from publicly available databases maintained by third parties or from the Internet based on personal information already acquired by the Company
4. (4) Other lawful and fair means of collection

Purpose of Use of Personal Information

The Company uses the acquired personal information to the extent necessary to achieve the following purposes.

1. (1) To provide various information related to the Services
2. (2) To provide the Services
3. (3) To monitor and analyze the usage of the Services
4. (4) To provide information regarding maintenance and service disruptions of the Services
5. (5) To provide information about seminars, events, campaigns, and similar matters
6. (6) To confirm and respond to inquiries from customers
7. (7) For the Company's recruitment and selection process
8. (8) To provide information regarding the Company's recruitment
9. (9) To carry out other marketing and customer support activities

Consent to Data Collection via Google APIs

The Company may request users of its cloud-based software "GRAN SEARCH" (hereinafter referred to as the "Software") to grant permission to access Google Analytics and Google Search Console data through Google API services. Users may decide whether to consent to such access, and may revoke such consent at any time after granting it.

Handling of Data Collected via Google APIs

Based on the user's consent, the Company accesses, uses, and stores the data specified in item (1) below, which is collected via Google APIs, for the purposes specified in item (2) below. In accessing, using, and storing such data, the Company shall comply with the Google API Services User Data Policy, including its Limited Use requirements.

1. (1) Data subject to access, use, and storage
   • ・Google Analytics data
     •   ・Report data including all dimensions and metrics (including sessions, conversions, users, page views, and engagement rate)
     •   ・Data from the customer's websites or applications that is processed and integrated with other Google products
     •   ・Google account information
   • ・Google Search Console data
     •   ・Search Console data (including clicks, impressions, and average position)
     •   ・Google account information
2. (2) Purpose of access, use, and storage
   • To generate content provided through the Software
3. (3) Regarding provision of data to third parties
   • Data collected via Google APIs is used solely for the purpose of providing the Software, and will not be shared with any third-party tools, including AI models.

Disconnecting and Deleting SNS Integration Data

Customers using GRAN SEARCH's SNS management support features (Instagram integration) may disconnect and delete their SNS integration data as follows.

For customers using this feature

1. (1) In-app: Settings → Delete Data (immediate deletion)
2. (2) Facebook: Settings → Business Tools → Business Integrations → Remove "GRAN SEARCH"
3. (3) Instagram: Settings → Apps and Websites → Remove "GRAN SEARCH"

When the integration is removed via methods (2) or (3), Meta sends a removal notification to the Company, and the Company will delete all access tokens and associated data within a maximum of 60 days of receiving such notification.

If a data deletion request is initiated through Meta, Meta will provide a URL for checking the deletion status. Immediate deletion may also be performed from the same URL, without waiting for the 60-day period.

The 60-day grace period is provided to allow recovery from unintended disconnections.

For contract administrators

The Company will delete the account and all associated data upon contract termination. For individual data deletion requests, please submit via the Company's inquiry form. Please include "Data Deletion Request" in the message.

Handling of Meta Platform Data

The Company obtains the following data from customers' Instagram Business Accounts via Instagram Graph API and Facebook Graph API for the purpose of providing SNS operations analytics:

• ・Profile basic information (username, account type, etc.)
• ・Post information (feed posts, reels, and stories): caption, media URL, timestamp, permalink, media type, etc.
• ・Post insights: views, reach, likes, comment count, shares, saves, total interactions, replies, and reels/feed-specific metrics
• ・Account insights (follower count, reach, impressions, etc.)
• ・Follower demographics (age range, gender, region, online hours)

Acquired data is stored encrypted on the Company's managed servers and retained only during the contract period. Such data is used to provide the Company's SNS operations analytics services, and the Company does not sell or transfer such data to any third party, except for service providers engaged by the Company under obligations of confidentiality (such as cloud infrastructure or technology service providers).

Provision of Personal Information to Third Parties

The Company shall not disclose acquired personal information to third parties, except in any of the following cases.

1. (1) When the user has given consent
2. (2) When disclosure is made to a service provider engaged by the Company to provide the services requested by the user
3. (3) When disclosure is required by law
4. (4) When permitted under the Personal Information Protection Act or other laws and regulations

Management of Personal Information

The Company ensures the rigorous management of personal information by implementing necessary measures — including maintenance of security systems, establishment of management structures, and thorough employee training — and by carrying out security measures to prevent unauthorized access to, loss, damage, alteration, or leakage of the collected personal information.

Disclosure, Correction, and Deletion of Personal Information

Where a user requests disclosure, correction, or deletion of the user's own personal information, the Company shall comply with such request after confirming that the request was made by the user concerned.

Compliance with Laws and Standards

The Company shall comply with Japanese laws, regulations, and other standards applicable to the personal information it holds, and shall review the contents of this policy as appropriate and strive for its improvement.

Contact

For inquiries regarding the Company's handling of personal information, please contact the following.

GRANNET Inc.
Yamato Jisho Minamimorimachi Bldg. 7F, 5-1-9 Nishi-Tenma, Kita-ku, Osaka-shi, Osaka 530-0047, Japan
TEL. +81-6-6365-0077

Established on November 1, 2022
Revised on July 8, 2024
Revised on April 23, 2026