APTO Ltd., hereinafter referred to as 'the Company', has formulated the following
privacy policy to foster the protection of personal information. By implementing a
system for safeguarding personal data, ensuring that every employee recognizes
the significance of protecting personal information, and actively engaging them in
the process, we are committed to advancing the cause of privacy protection.

Article 1: (Personal Information)
The term "Personal Information" shall have the same meaning as defined in the
Personal Information Protection Act (Act No. 57 of 2003). It pertains to information
concerning an identifiable individual, including but not limited to, name, date of birth,
or other particulars provided in the data, as well as any personal identification code.

Article 2: (Acquisition and Use of Personal Information)
We collect and utilize your personal data to the extent required for the following
purposes. Should we need to utilize your personal information beyond these
purposes, we will obtain your prior consent in an appropriate manner:

To deliver our services.

To enhance or create new services.

To notify you of new features, updates, promotions, etc., regarding our services
(including via emails, flyers, and other direct mailings).

To reach out to users as necessary for maintenance, important announcements, etc.

To address inquiries from users regarding our services
(including identity verification).

To provide usage reports to users regarding our services.

To solicit participation in surveys, interviews, etc., related to our services, to invite
engagement in various events, or to report outcomes of such events, among other
purposes.

To analyze and evaluate the usage patterns of our services, utilizing the findings to
enhance and develop our services and facilitate advertising.

To identify users who have violated our terms of service or are attempting to misuse
our services for unauthorized or unfair purposes, and to deny them access to our
services.

Article 3: (Management and Protection of Personal Data)
Personal information will be rigorously managed, and data will not be disclosed or
provided to third parties without the consent of the individual concerned, except in
the following circumstances. To ensure safety, measures are implemented to prevent
and rectify risks such as unauthorized access to personal information, loss,
destruction, falsification, and leakage of personal information:

In cases where it is necessary for protecting a person's life, body, or property, and
obtaining the consent of the individual concerned is difficult.

In situations where it is particularly crucial for enhancing public health or promoting
the healthy development of children, and acquiring the consent of the individual
concerned is challenging.

When cooperation with a government agency, local authority, or an individual or entity
entrusted by them is necessary for executing affairs prescribed by law, and obtaining
consent might hinder the execution of said affairs.

When outsourcing the handling of personal information, wholly or partially, to
facilitate the smooth conduct of business operations.

In cases where personal information is provided due to the succession of business
resulting from mergers or other reasons.

When personal information is jointly used with another party, the individual concerned
will be informed in advance or have easy access to information regarding the joint
use, including the specific items of personal information, the scope of joint users,
the purpose of use by the users, and the name of the person responsible for
managing the personal information.

If permitted by other laws and regulations.

Article 4: (Entrusting the Handling of Personal Information)
The Company reserves the right to entrust the handling of personal data, either
wholly or partially, as needed to fulfill the intended purpose of use. In such instances,
the Company will conduct a thorough assessment of the contractor's suitability,
establish confidentiality obligations within the contractual agreement, and implement
necessary and appropriate supervision over the contractor. Furthermore, the
Company may share all or a portion of the obtained personal information in
compliance with the regulations outlined in the Personal Data Protection Act.

Article 5: (Disclosure of Personal Data)
In the event that the Company receives a request for the disclosure of personal data
from the individual concerned, it will promptly provide such information. However,
the Company reserves the right to withhold all or part of the information if disclosure
may result in any of the following scenarios. In such cases, the Company will promptly
notify the individual concerned of its decision not to disclose the information:

If there is a risk of endangering the life, body, property, or other rights or interests of the individual concerned or a third party.

If there is a risk of significantly impeding the proper conduct of our business
operations.

If disclosure would violate any other applicable laws or regulations.

Article 6: (Correction and Deletion of Personal Information)
In the event that personal information held by the Company is found to be inaccurate, the Company shall promptly correct or delete such information upon the request of
the individual concerned, in accordance with the procedures established by the
Company.

Upon receiving a request from the individual concerned as described in the preceding paragraph, if the Company determines it necessary to comply with the request, it will promptly correct or delete the relevant personal information and notify the individual concerned accordingly.

Article 7: (Suspension of Use of Personal Information, etc.)
If an individual requests the suspension of use or deletion (here in after referred to as
"suspension of use") of their personal information on the grounds that it has been
handled beyond the scope of the intended purpose or obtained through improper
means, the Company shall promptly conduct an investigation and, based on the
findings, suspend the use of the personal information and notify the individual
accordingly. If a request is made for the suspension of use or deletion of personal
information (hereinafter referred to as "suspension of use") on the grounds that the
information is being handled beyond the scope of its intended purposes or has been
obtained unlawfully, the Company will promptly investigate the matter and, based on
the results, suspend the use of the information and inform the individual concerned.
However, if suspending the use of personal information is difficult due to significant
costs or other challenges, alternative measures to protect the rights and interests of
the individual concerned will be implemented where possible.

Article 8: (Procedure for Amending the Privacy Policy)
The Company will periodically review and enhance the content of this Privacy Policy.
The Privacy Policy may be amended, except where prohibited by law or stated
otherwise in this Privacy Policy. Any changes to the Privacy Policy will become
effective upon notification to the user through methods specified by the Company
or by posting on the Company's website.

Article 9: Handling of Complaints and Consultations
The Company will accept complaints and consultations from individuals regarding the
handling of their personal data and will respond to them promptly and appropriately.
Additionally, the Company will promptly and appropriately address requests from
individuals to disclose, correct, supplement, delete, stop using, or provide their
personal data.

Article 10: Contact Information for Inquiries
For inquiries regarding the handling of personal data by the Company, please contact:

APTO, Inc. Customer Service
〒150-0041　
Tokyo, Shibuya, Jinnan 1-5-14 Mifune Bldg. 4F
Mail: info@apto.co.jp

(Effective September 1, 2020)