Privacy Policy

Privacy
Policy

ROUNDIE (hereinafter "the Service") holds your privacy in the highest regard. This policy explains what information we collect, how we use it, and how we protect it.

Established: May 24, 2026 Last updated: May 26, 2026 Operated by: KANOPY Inc.

0101Basic Principles

KANOPY Inc. (hereinafter "we" or "our") considers the proper handling of users' personal information a core social responsibility in providing the golf community service "ROUNDIE" (hereinafter "the Service").

We comply with the Act on the Protection of Personal Information (APPI), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Korean Personal Information Protection Act (PIPA), and other applicable laws and guidelines, and we handle personal information in accordance with this Privacy Policy (hereinafter "this Policy").

ROUNDIE's privacy design ROUNDIE is built around the principle that "you don't have to show your score numbers to anyone". The visibility of each post (public / friends only / private) and whether or not your score numbers are displayed are choices you make yourself.

0202Information We Collect

We collect the following information for the operation of the Service.

2.1 Information you provide

CategoryItems
RequiredEmail address, display name, password (stored encrypted)
OptionalGender, age range, region, home course, play style, avatar image, profile bio
Posted contentRound scores, photos, videos, comments, Kudos history, competition history
PaymentSubscription status via App Store / Google Play (we do not collect or retain payment card information)

2.2 Information collected automatically

  • IP address, device type, OS version, app version
  • Access logs, usage time, feature usage
  • Crash reports, error logs (for service quality improvement)
  • Identifiers obtained through cookies and similar technologies (see Section 6)

2.3 Information we do not collect

We do not collect the following.

  • Continuous location tracking (no continuous background GPS collection)
  • Unauthorized access to contacts, calendar, or photo library (only obtained with explicit user permission when required for posting)
  • Microphone access (the Service does not provide audio recording features)

0303Purpose of Use

We use the personal information we collect for the following purposes.

  1. Providing, operating, and maintaining the Service
  2. User authentication, account management, and identity verification
  3. Providing subscriptions and managing billing
  4. Responding to user support and inquiries
  5. Improving the Service, developing new features, and quality analysis
  6. Preventing fraud and investigating violations of our terms
  7. Sending service announcements, maintenance notices, and important change notifications
  8. With user consent, informing users of new features and campaigns
  9. Creating, using, and publishing statistically processed, non-identifiable information
  10. Other purposes incidental to the above

If we wish to use personal information beyond the above purposes, we will obtain user consent in advance.

0404Third-Party Disclosure

We do not disclose personal information to third parties without user consent, except in the following cases.

  1. When required by law (formal requests from courts, police, or other public authorities)
  2. When necessary to protect a person's life, body, or property, and consent is difficult to obtain
  3. When particularly necessary to improve public health or promote the sound development of children
  4. When cooperation with a public authority is required for the performance of legal duties
  5. In the event of business succession (merger, corporate split, business transfer, etc.) — users will be notified in advance

0505Service Providers

In providing the Service, we may entrust part of our operations to trusted third parties (service providers). We require our providers to handle personal information appropriately by contract, and we supervise them.

Our primary service providers are listed below.

ProviderRoleLocation
Supabase Inc.Database, authentication, storageTokyo (ap-northeast-1 region)
Cloudflare, Inc.Web delivery, securityUnited States
Apple Inc.iOS app delivery, App Store billingUnited States
Google LLCAndroid app delivery, Google Play billingUnited States
Google LLC (Google Analytics)Statistical understanding of site usage (GA4 measurement ID: G-T8YSVSPZ7E)United States
Microsoft Corporation (Clarity)Session analytics for UX improvement (Clarity project ID: w8acp9qnxk)United States

Service providers handle personal information in accordance with their contracts with us and their own privacy policies.

0606Cookies & Tracking Technologies

The Service uses cookies and similar technologies (local storage, device identifiers, etc.) to analyze usage, improve user experience, and maintain authentication state.

6.1 Purposes

  • Maintaining login state
  • Saving user preferences (language, display mode, etc.)
  • Statistical understanding and improvement of Service usage
  • Crash reports and error analysis

6.2 Third-party tools

The Service uses the following industry-standard analytics tools for usage analysis and quality improvement. These tools do not collect directly identifying information; they provide only statistically processed data.

  • Google Analytics 4 (measurement ID: G-T8YSVSPZ7E) — page views, visitors, referrers, etc.
  • Microsoft Clarity (project ID: w8acp9qnxk) — session replay and heatmaps for UX improvement
  • Sentry — crash reports and error analysis
  • OS-standard analytics (iOS / Android)

For details, please also see our Cookie Policy.

6.3 Opt-out

You can restrict cookies and tracking through your browser or OS privacy settings. Note that some Service features may not function correctly as a result.

0707International Data Transfer

Among the service providers listed in Section 5, our primary user database, authentication, and storage system Supabase runs in the Tokyo (ap-northeast-1) region, and core data such as sign-ups, round records, and competitions is processed and stored on servers in Japan. Other service providers — Cloudflare (delivery / security), Apple (App Store), Google (Play Store / GA4), Microsoft (Clarity) — are primarily based in the United States, and data related to delivery, billing, and analytics may be processed and stored on servers outside Japan.

In accordance with APPI and other applicable laws, we verify the personal information protection systems in destination countries and the security measures taken by the recipients, and we maintain an appropriate level of protection. We will disclose details of destination countries upon request.

0808Retention Period

We retain personal information only for the period necessary to achieve the purpose of use. Specific retention periods are as follows.

Information categoryRetention period
Account informationUntil the user deletes the account
Posted contentUntil the user deletes the post or content
Access logs12 months from collection (in principle)
Crash reports6 months from collection (in principle)
Payment-related recordsAs required by law (e.g., 7 years under tax law)

Accounts inactive for extended periods (24 months or more since the last login) may be deleted after prior notice to the user.

0909Your Rights

You have the following rights regarding the personal information we hold about you.

9.1 Disclosure, correction, suspension of use, and deletion

  • Right to access: The right to request disclosure of the personal information we hold about you
  • Right to correction, addition, or deletion: The right to request correction when the content of personal information is inaccurate
  • Right to suspension or erasure: The right to request suspension of use or erasure of personal information
  • Right to suspend third-party disclosure: The right to request that we stop providing personal information to third parties

9.2 Account deletion

You can delete your account at any time from the Service's account settings screen. When you delete your account, all associated posted content, Kudos, competition history, and other related data will be deleted. Please note that recovery is not possible after deletion.

9.3 Data export

From the official release, you will be able to export the data you have registered and posted in JSON or CSV format (specifications will be finalized at release).

9.4 How to make requests

To exercise the above rights, or for inquiries about the handling of personal information, please contact us using the contact information at the end of this Policy. We will respond within a reasonable period after verifying your identity.

1010Security Measures

To prevent leakage, loss, or damage of personal information, and to maintain the security of personal information, we take appropriate measures including the following.

  • Organizational measures: Appointing a personal information protection manager, establishing internal regulations, providing regular training
  • Technical measures: Encrypted storage of passwords, TLS encryption for communications, principle of least privilege, intrusion detection
  • Physical measures: Physical security of server facilities (provided by our service providers)
  • Personnel measures: Confidentiality obligations for employees, information management including post-employment

1111Children's Use

The Service is not available to persons under 13. We do not knowingly collect personal information from children under 13.

Persons aged 13 to under 18 must obtain the consent of a parent or legal guardian before using the Service. We recommend that parents periodically check their child's use of the Service.

For users residing in the EU, in accordance with GDPR Article 8, consent of a parent or legal guardian is required for children under 16 (member states may lower the threshold to 13). We obtain consent confirmation for use of the Service from users in this age range, and we respond promptly to deletion requests from parents.

If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child's personal information has been registered, or if you are a parent who wishes to request deletion, please contact us using the contact information below.

1212Information for International Users

The Service is available in English and Korean as well, and may be used by residents of the EU, the United States, Korea, and other countries. The following describes our compliance with major personal data protection laws in each region.

12.1 EU users (GDPR compliance)

  • Legal basis: GDPR Article 6(1)(a) consent / Article 6(1)(b) contract performance / Article 6(1)(f) legitimate interest
  • Data subject rights: Right of access (Article 15), right to rectification (Article 16), right to erasure / right to be forgotten (Article 17), right to restriction of processing (Article 18), right to data portability (Article 20), right to object (Article 21)
  • Response period for deletion requests: Within 30 days of receipt (GDPR Article 12(3))
  • Data Protection Officer (DPO) contact: roundie@kanopy-inc.com
  • Transfer outside the EU: Supabase Tokyo (ap-northeast-1) region is the primary processing location. For transfers outside the EU, we apply Adequacy Decisions and Standard Contractual Clauses (SCC) as necessary.
  • Filing with supervisory authorities: You may file complaints with the personal information protection authority in your country of residence (e.g., the Irish DPC, Germany's BfDI).

12.2 California users (CCPA / CPRA compliance)

  • Data subject rights: Right to know what is collected and used, right to delete, right to correct, right to opt out of the sale or sharing of data
  • Sale or sharing of data: We do not sell or share personal information for monetary or other valuable consideration to third parties.
  • Contact: roundie@kanopy-inc.com
  • Supervisory authority: California Privacy Protection Agency (CPPA)

12.3 Korean users (PIPA — Personal Information Protection Act)

  • Personal information processing policy: Follows the provisions of this Policy
  • Personal Information Protection Officer: KANOPY Inc., Representative Director Kazushige Shiba
  • Contact: roundie@kanopy-inc.com
  • Supervisory authority: Personal Information Protection Commission (PIPC) — https://www.pipc.go.kr/

1313Complaints

Complaints, feedback, and inquiries regarding the handling of personal information are accepted at the following contact (the dedicated contact required under APPI Article 40).

ContactKANOPY Inc., Personal Information Protection Team
Emailroundie@kanopy-inc.com
HoursWeekdays 10:00–18:00 JST (excluding weekends and Japanese holidays)
Response timeWithin 14 days of receipt (if reasonable investigation is required, we will notify you of that fact within 14 days and respond as promptly as possible)

If we cannot resolve your concern, or if you are dissatisfied with our response, you may contact the Personal Information Protection Commission (PPC) of Japan.

AuthorityPersonal Information Protection Commission (PPC), Japan
Websitehttps://www.ppc.go.jp/en/
Hotline (Japan)+81-3-6457-9849 (weekdays 9:30–17:30 JST)

1414Revisions & Contact

14.1 Revisions to this Policy

We may revise this Policy from time to time, in response to legal changes, changes to the Service, or other necessary reasons. For material revisions, we will notify users in advance via in-app notifications, our website, or email.

14.2 Contact & Personal Information Protection Manager

CompanyKANOPY Inc.
AddressTokyo, Japan
RepresentativeKazushige Shiba
Personal Information Protection ManagerRepresentative Director Kazushige Shiba
Contactroundie@kanopy-inc.com

Revision history

  • Established (initial version)
  • Added GDPR Article 8 provisions to Section 11 (Children's Use). Introduced new Section 12 (Information for International Users: GDPR/CCPA/PIPA) and Section 13 (Complaints: APPI Article 40 compliance).