Privacy Policy

1. In this Policy, the term "User" means any person who uses the Service (including Athlete Users, Coach Users and any other persons who view or use the Service). 2. In this Policy, the term "Personal Information" means information about a living individual as defined in Article 2, Paragraph 1 of the Personal Information Protection Act that can identify a specific individual by name, email address or other description, etc. (including information that can be easily collated with other information and thereby identify a specific individual), as well as information that contains personal identification codes. 3. In this Policy, the term "Sensitive Personal Information" (yohairyo kojin joho) means personal information that requires special consideration so as not to cause unfair discrimination or prejudice against the individual, as defined in Article 2, Paragraph 3 of the Personal Information Protection Act, such as information on race, creed, social status, medical history, criminal record and criminal victimization. 4. In this Policy, the terms "Personal Data," "Retained Personal Data" and other similar terms shall have the meanings as defined in the Personal Information Protection Act. 5. In this Policy, "User Information" means, in addition to the Personal Information and Sensitive Personal Information described above, all information relating to Users, including cookie identifiers, advertising IDs, device information and usage history information.

In providing and operating the Service, the Provider may mainly collect the following types of User Information:

1. Account Information - Name or nickname - Email address - Password (stored in hashed form) - Profile image, self-introduction and other optional information entered by the User

2. Training, Competition and Body-related Data - Training logs (training content, distance, time, events, menu details, etc.) - Competition results (competition name, event, record, ranking, etc.) - Body composition data (weight, body fat percentage, muscle mass, BMI, etc.) - Information related to condition (fatigue level, subjective condition, sleep duration, health notes, etc.) - Other sports and health-related notes that Users voluntarily record

3. Images, Videos and Other Content - Photos and videos of training and competitions and other image and video data uploaded or linked through the Service - Other content uploaded by Users

4. Information Related to the Team Plan - Team name and group name - Linkage between Coach Users and Athlete Users (affiliation relationships within a team) - Comments, feedback and other information shared within a team

5. Information Related to Contracts and Payments - Information on individual Paid Plans (among the App Store account information, such information as can be obtained by the Provider, purchase history, type of plan, contract start and end dates, etc.) - Information on Team Plans (name of contracting party, billing name, contact person's name, remitter name, contract period, pricing plan, etc.) The Provider may obtain bank account numbers and other information necessary for payment.

6. Device Information, Log Information, etc. - Device type, OS version, app version - IP address - Browser information (when using the web version) - Access dates and times, operation history within the Service (screens viewed, button operations, error logs, etc.) - Crash logs, performance logs and similar data

7. Cookies, Advertising IDs, etc. - Identifiers stored in cookies, local storage and similar technologies - Advertising identifiers such as Apple's IDFA - Usage history information associated with these identifiers

8. Information Related to Inquiries and Support - Content of inquiries - Email address and other contact information necessary for replies - Information regarding the situation at the time of a malfunction (such as screenshots and provided log information)

1. Due to the nature of the Service, the Provider may handle information that may constitute Sensitive Personal Information, such as Users' health status, body composition, presence or absence of injuries and notes regarding physical condition. 2. Unless permitted by laws and regulations, the Provider will treat the User's actions of recording or transmitting such information within the Service as the User's consent to the handling of such information. Where necessary, the Provider will endeavor to clearly indicate the purposes of collection and use and obtain consent through explanatory screens or consent screens within the app. 3. The Provider will handle Sensitive Personal Information with appropriate safety control measures, in the same manner as other information, and with due care.

The Provider shall use the User Information obtained within the scope necessary for the following purposes. If the Provider uses User Information beyond these purposes, it shall obtain the User's prior consent or do so only to the extent permitted by laws and regulations.

1. To Provide and Operate the Service - To provide account registration, authentication and login functions - To provide functions for storing, displaying and editing training records, competition results, body composition data, etc. - To provide functions for storing, viewing and managing images and videos - To provide functions for Coach Users to view and manage Athlete Users' data in the Team Plan - To perform data synchronization, backup and related processes

2. To Improve the Service, Develop New Features and Enhance Quality - To analyze usage, create statistical data - To analyze logs for functional improvements and bug fixes - To plan and develop new features and new services

3. To Provide User Support and Respond to Inquiries - To respond to inquiries and resolve problems - To provide important notifications (such as changes in specifications, maintenance and information on failures)

4. To Handle Billing, Payments and Contract Management - To process billing and payments for individual Paid Plans (including those processed through App Stores) - To issue invoices and manage payments for Team Plans - To manage Free Trial periods and contract renewal status

5. To Respond to Misconduct and Violations of the Terms of Use - To investigate, detect and prevent unauthorized access, unauthorized use, violations of the Terms and other misconduct - To implement measures such as suspension of use and deletion of accounts, where necessary

6. To Comply with Laws and Regulations and Handle Legal Matters - To disclose, report and respond as required by laws and regulations - To handle dispute resolution, lawsuits and other legal proceedings

7. For Other Purposes Incidental to the Above Purposes of Use

The Provider mainly obtains User Information through the following methods:

1. Information Entered or Transmitted by Users - Information entered in account registration screens and profile editing screens - Recorded training logs, competition results, body composition data and similar information - Uploaded images and videos - Information sent via inquiry forms, email and other communication channels

2. Automatic Collection Accompanying Use of the Service - Access logs, operation history, device information, cookies and similar information - Crash reports, error logs and similar data

3. Acquisition of Payment and Store Information - Purchase information, within the scope available to the Provider, obtained through the payment systems of App Stores - Payment information related to bank transfers (for Team Plans)

1. For the purposes of improving convenience in the Service, analyzing usage, preventing fraudulent use and similar objectives, the Provider may use cookies, local storage, advertising identifiers (such as IDFA) and similar technologies to obtain and use User Information. 2. Users may restrict or disable the use of cookies by changing the settings of their devices or browsers. However, in such cases, some functions of the Service may not operate properly. 3. If the Provider introduces analysis tools, advertising distribution services or similar services provided by third parties in the future, the names of such services, the names of their providers, the purposes of use and other relevant information will be announced within the Service, on the Provider's website or by other appropriate means as necessary.

1. The Provider will not provide Personal Data to third parties, except in the following cases: (1) When the User's consent has been obtained. (2) When required by laws and regulations. (3) When it is necessary for the protection of the life, body or property of a person and it is difficult to obtain the User's consent. (4) When it is particularly necessary for improving public health or promoting the sound growth of children and it is difficult to obtain the User's consent. (5) When it is necessary to cooperate with a national government agency, a local government or an individual or entity entrusted by such agency in executing affairs prescribed by laws and regulations, and obtaining the User's consent may impede the execution of such affairs. (6) In other cases where provision to third parties is permitted under the Personal Information Protection Act.

2. In the Team Plan, Athlete Users' training data and other information may be viewed by Coach Users and others within the same team. However, such viewing is performed as a function of the Service based on the contract with the User and is handled within the scope that does not constitute "provision to a third party" under the Personal Information Protection Act.

1. The Provider may outsource part of its operations to external service providers within the scope necessary for the provision and operation of the Service, and may provide Personal Data to such contractors. 2. In such cases, in accordance with the standards set forth in Article 22 of the Personal Information Protection Act, the Provider will appropriately select and supervise contractors, clearly stipulate in contracts and similar documents the safety control measures for Personal Data, confidentiality obligations, conditions for sub-outsourcing and other matters, and exercise necessary and appropriate supervision. 3. Examples of contractors include the following types of businesses:

• Providers of cloud infrastructure and storage services (e.g., Supabase, etc.)
• Email delivery service providers
• Providers of access analytics and error log analysis services
• Businesses involved in payment processing (including App Stores)

1. In providing the Service, the Provider may use cloud service providers located outside Japan (such as Supabase, etc.) and transfer User Information to the countries or regions where the servers of such providers are located.

2. In accordance with the Personal Information Protection Act and related guidelines, the Provider will: - Confirm the personal information protection systems of the destination countries; and - Confirm the measures taken by such providers to protect Personal Data, and will endeavor, where necessary, to ensure the safety management of Personal Data through contracts and other measures.

3. Upon the User's request, the Provider will provide information on the details of such cross-border transfers (such as the names of destination countries and major service providers) to the extent reasonable.

1. The Provider will take necessary and appropriate security control measures to prevent the leakage, loss or damage of Personal Data and to otherwise ensure its safe management, in accordance with the Personal Information Protection Act and related guidelines.

2. The main security control measures are as follows: - Organizational security control measures: Appointment of a person responsible for handling Personal Data, clarification of the scope of handling, establishment of reporting lines in the event of leakage, etc. - Human security control measures: Education and awareness-raising for relevant parties as necessary, agreements or undertakings regarding confidentiality, etc. - Physical security control measures: Prevention of unauthorized access to devices and servers, management of access permissions, etc. - Technical security control measures: Access control, authentication, encryption, protection of communications, log collection and monitoring, etc.

3. In the event of a leakage or similar incident involving Personal Data, the Provider will make reports to the Personal Information Protection Commission, notify the User and take other actions as required by laws and regulations, as well as implement measures to prevent recurrence.

1. The Provider will retain User Information only within the scope necessary to achieve the purposes of use. 2. When an account is deleted, the Provider will delete or anonymize information that can identify individuals within a reasonable period, except where retention is necessary for the fulfillment of legal obligations, dispute resolution or similar purposes. However, backups, logs and similar data may be retained for a certain period due to system constraints and from the perspective of security control measures. 3. In the Team Plan, the handling of data when an Athlete User leaves a team shall be governed by rules or contractual conditions separately established by the Provider.

1. The Service may be used by minor Users. When a minor User uses the Service, such use shall be based on the consent of their parent or other legal representative. 2. Minor Users represent and warrant that they have obtained the consent referred to in the preceding paragraph in connection with their use of the Service. 3. The Provider will handle the personal information of minor Users appropriately in accordance with this Policy and the Personal Information Protection Act.

1. When the Provider receives from a User a request regarding the User's Retained Personal Data held by the Provider for any of the following, the Provider will appropriately respond in accordance with the Personal Information Protection Act: - Request for disclosure - Request for notification of purposes of use - Request for correction, addition or deletion of content - Request for suspension of use or erasure - Request for suspension of provision to third parties

2. To make a request as set forth in the preceding paragraph, the User shall contact the inquiry desk specified in Article 16 in the manner designated by the Provider. The Provider will provide individual guidance regarding methods of identity verification, the presence or absence of handling fees, methods of response and other matters.

3. If, in accordance with the Personal Information Protection Act or other laws and regulations, the Provider is not obligated to comply with a request for disclosure, etc., the Provider will notify the User to that effect.

The Provider may create statistical information processed into a format that does not identify individuals, and may use such information for purposes including improvement of the Service, analysis and research on sports and health, and other objectives. In such cases, the Provider will appropriately process such statistical information so that it does not constitute personal information.

1. The Provider may amend this Policy in response to changes in the content of the Service, amendments to relevant laws, regulations and guidelines, changes in operational status and other circumstances. 2. When amending this Policy, the Provider will notify Users of the content of the amendment and the effective date by posting within the Service or by other appropriate means within a reasonable period prior to the effective date. 3. If a User uses the Service after the amendment of this Policy, the User shall be deemed to have agreed to the amended Policy.

For inquiries regarding this Policy, the handling of User Information in the Service, requests for disclosure, etc., and other matters related to personal information, please contact the following: - Business Name: Kyosuke Watanabe - Contact: TrackNote - Contact Form (Effective Date: 13 November 2025)