Privacy Policy

1. Introduction

ZAWA SYSTEM ("the Operator"), the operator of StackNow ("the App"), respects your privacy. The App is a game library manager and cross-platform game information aggregator covering Steam, PlayStation, Xbox, and Nintendo Switch. The App does not require user registration (sign-in); user-specific data such as your library (wishlist / owned / cleared), theme, and layout is, in principle, stored on your device only. This policy explains how the App handles personal information and usage data.

2. Information We Handle

To provide the service and improve quality, the App collects and uses the following information.

• Information stored on the device: list of canonical IDs in your wishlist / owned / cleared library, per-platform status flags, theme, layout (grid/list), search filter selections, and other app settings. These are stored in the device's SharedPreferences and are not sent to the Operator's servers.
• Usage analytics (Firebase Analytics): launch counts, screen views, feature usage, and other data used to improve the service. Includes pseudonymous identifiers (App Instance ID, etc.) assigned by Firebase and basic device information (OS version, language, region, model).
• Crash reports (Firebase Crashlytics): technical information necessary to analyze app failures (device model, OS version, stack traces, logs, etc.). Does not include directly identifying information such as name or email address.
• Abuse-prevention information (Firebase App Check): to verify that calls to the Operator's servers (Cloud Functions) and access to Firestore originate from the genuine App, the App temporarily obtains attestation information generated by Apple App Attest or the Google Play Integrity API and transmits it to Firebase App Check.

Game information itself (titles, synopses, cover art, screenshots, scores, etc.) is fetched from external APIs and stored in the Operator's Firestore as a shared cache; this is not information that identifies any individual user.

3. Purposes of Use

Collected information is used for the following purposes.

• Providing core features such as game search, discovery feeds, library management, and detail pages
• Analyzing usage to improve quality, detect bugs, and inform new features
• Crash and bug analysis and stability improvements
• Detecting abusive use, enforcing rate limits, and operating the App and its backend safely
• Responding to inquiries

4. Third-Party Services

The App uses the third-party services listed below. They fall into two categories: (a) processors that handle user personal data on the Operator's behalf under a service-provider relationship, and (b) external data sources that the Operator's server queries for game information without sending user personal data.

(a) Processors

• Firebase (Google LLC): Cloud Firestore (delivering game information), Cloud Functions (calling external APIs and translation), Hosting (this page), Analytics, Crashlytics, App Check. Firebase processes pseudonymous identifiers, usage statistics, device information, crash data, and App Check attestation information on the Operator's behalf.
  Firebase privacy information
• Google AI (Gemini API) (Google LLC): English-to-Japanese translation of game titles and descriptions (server-side only). Source text (English titles, overviews, storyline information, etc.) is sent from the Operator's server (Cloud Functions) to Google AI. No user-identifying information is sent.
  Gemini API Terms

The Operator exercises necessary and appropriate supervision over its processors as required by Japan's Act on the Protection of Personal Information (APPI).

(b) External Data Sources (no personal data shared)

• IGDB (Internet Game Database, by Twitch / Amazon.com, Inc.): retrieving game metadata (titles, overviews, genres, themes, developer / publisher, scores, time-to-beat, screenshots, trailers, etc.).
  IGDB Privacy Policy

This external data source is queried only by the Operator's server (Cloud Functions) for game metadata. No user-identifying information is sent.

(c) App Distribution

• Apple App Store / Google Play Store: distribution of the App

Please also review the privacy policies of each service.

5. Cross-Border Transfers

Through the third-party services listed above, your personal data may be transferred to the following recipients located outside Japan:

• Google LLC (United States): Firebase services, Google AI (Gemini API)
• Apple Inc. (United States): App Store distribution; App Attest processing for App Check
• Amazon.com, Inc. / Twitch Interactive, Inc. (United States): game information retrieval via IGDB (server-side only; no user-identifying information is sent)

For information on the U.S. personal-information protection regime, see the Personal Information Protection Commission of Japan's "Information on personal-information protection systems in foreign countries" (https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/). Each recipient applies safeguards equivalent to Japan's APPI under their respective privacy policies and standard contractual clauses (SCCs).

6. Security Measures

In line with the guidelines of Japan's Personal Information Protection Commission, the Operator takes the following measures to prevent leakage, loss, or alteration of personal information.

• Basic policy: this Privacy Policy publicly states our handling of personal information.
• Organizational measures: a person responsible for handling personal information has been designated and an inquiry channel established.
• Personnel measures: persons handling personal information are required to comply with this Policy.
• Technical measures: API keys (IGDB / Gemini) are stored in Firebase Secret Manager and not exposed to clients; clients access Firestore in read-only mode and writes are performed only via Cloud Functions; calls to Cloud Functions and Firestore access are protected by Firebase App Check (Apple App Attest and the Google Play Integrity API), which rejects requests from non-genuine clients; communications are encrypted with TLS; Firebase access privileges are minimized.
• Physical measures: cached game information and usage analytics are stored in Google Cloud / Firebase data centers.
• Cross-border safeguards: as noted in Section 5, when entrusting personal data handling to overseas recipients, we verify the relevant country's protection regime and confirm appropriate contractual safeguards.

7. Retention and Deletion

• User-specific data such as your library, theme, layout, and search filter selections is stored only on the device. It is fully removed by uninstalling the App or clearing the App's data via the OS.
• Usage analytics and crash reports collected by Firebase Analytics and Crashlytics are retained according to Firebase's default retention periods (Analytics up to 14 months, Crashlytics up to 90 days), after which they are deleted.
• Attestation information obtained by Firebase App Check is processed temporarily to verify request authenticity and is discarded after a short period.
• The translation cache stored in the Operator's Firestore (Japanese translations of game information) uses a content-addressed cache keyed by SHA-1 of the source text plus an optional title hint; it does not identify any individual user and is shared across all users.

8. Adult Content

The App does not display adult content (CERO Z / ESRB AO / PEGI 18, etc.).

9. Advertising

The App does not display advertising.

10. Children's Privacy

The App is not directed to children under 13 and does not knowingly collect personal information from anyone under 13. Minors aged 13 to 17 should obtain consent from a parent or legal guardian before use. If we become aware that a user is under 13, we will delete usage information related to that user as promptly as practicable.

11. Cookies

The mobile app does not use cookies. Web pages associated with the App (including this page) do not use cookies for analytics or advertising tracking. Operationally necessary cookies may be issued temporarily by infrastructure services such as Firebase Hosting.

12. Disclosure and Other Requests

Under Japan's Act on the Protection of Personal Information (APPI), you may request notification of the purpose of use, disclosure, correction, addition, deletion, suspension of use or erasure, or suspension of third-party transfer, with respect to personal data the Operator holds about you.

Please contact us using the contact information in the next section. After verifying your identity (or that of your authorized representative) by reasonable means, we will respond promptly in accordance with the APPI and other applicable laws. For requests for disclosure or notification of the purpose of use, we may charge a fee within the scope of actual costs incurred, as permitted by Article 38 of the APPI.

Because the App does not require sign-in and user-specific data is stored only on the device, you can review and delete your library and settings yourself at any time via in-app operations and uninstallation. For information collected by Firebase Analytics and similar services, opt-out mechanisms provided by each service (e.g., Google account ad settings, Android advertising-ID reset) may be used.

13. Changes to This Policy

The Operator may amend this Policy from time to time. Material changes (e.g., adding categories of personal information collected, significant changes to recipients of data, or substantive expansion of purposes of use) will be announced via in-app notice or by updating this page a reasonable period before they take effect. Minor changes (such as editorial corrections, typo fixes, or updates to reference links) take effect upon posting. Continued use of the App after the effective date of any change constitutes acceptance of the amended Policy.

14. Contact / Complaints

For questions, disclosure requests, or complaints regarding privacy, please contact us:

Operator: ZAWA SYSTEM
Email: info@zawasystem.com

If you are not satisfied with our response regarding the handling of personal information, you may also contact the Personal Information Protection Commission of Japan (https://www.ppc.go.jp/en/).