StockClub

Privacy Policy

Established and effective as of January 9, 2026

Wacore Shinjuku Dai-ichi Bldg., 7-7-26 Nishi-Shinjuku, Shinjuku-ku, Tokyo Crabgrass Inc. Sohei Taniguchi, Representative Director (Personal Information Protection Manager)

Crabgrass Inc. (the "Company") deeply recognizes that the protection of all personal information and usage information of customers (collectively, the "Customer Information") handled in connection with the use of services provided by the Company is an important social responsibility, and the Company complies with the Act on the Protection of Personal Information and other related laws and regulations. The Company establishes and complies with this Privacy Policy to ensure the proper and safe handling of Customer Information.

Article 1 (Scope of Application)

This Privacy Policy applies to all customers who use "Stock Club" (the "Services") provided by the Company. All Customer Information acquired by the Company in connection with the Services shall be handled appropriately in accordance with this Privacy Policy.

Article 2 (Basic Policy)

The Company complies with laws, regulations, and guidelines regarding the protection of Customer Information, and continuously reviews and improves its internal systems for personal information protection, employee education, and safety management measures.

Article 3 (Definition of Personal Information)

In this Policy, "Personal Information" refers to "personal information" as defined in the Act on the Protection of Personal Information (Act No. 57 of 2003; the "Personal Information Protection Act"), which means information about a living individual that can identify a specific individual by name, date of birth, or other description contained in such information, or that includes a personal identification code. In addition, information acquired in connection with the use of the Services, such as access logs and cookies, will be appropriately managed as Customer Information.

Article 4 (Information to be Acquired)

The Company acquires the following information in order to provide the Services:

1. Information provided by Users

  • Username
  • Email address

2. Information acquired automatically

  • Access logs
  • IP addresses, browser information, and terminal information

3. Information acquired based on user consent

  • Cookie information (collected only when the user consents to analytics and/or marketing cookies via the cookie consent banner displayed on the Services)

4. Information acquired through external service integration (if applicable)

Article 5 (Handling and Purpose of Use of Information)

The Company uses the acquired information for the following purposes:

  • To provide and operate the Services (Account registration, provision of login functions, management and display of user stock holding information and dividend results, execution of various service functions, data viewing, report generation, etc.)
  • For identity verification, prevention of unauthorized use, and ensuring security (Detection of unauthorized access, prevention of account hijacking, security audits using access logs, etc.)
  • To improve the Services and analyze usage conditions (Access analysis for functional and UI improvements, statistical analysis for service quality improvement, etc.)
  • To deliver notices and notifications (Notification of important service updates and changes to terms, contact for maintenance information, etc.)
  • To respond to inquiries and provide support (Response to inquiries, providing support information, etc.)
  • For billing processing and contract management (Payment processing for paid plans (Standard/Premium), renewal management, confirmation of payment status, issuance of receipts and billing information, etc.)
  • To respond based on laws and regulations (Responding to disclosure requests based on laws, cooperation in investigations of fraud or trouble, etc.)

Article 6 (Provision to Third Parties)

The Company will not provide Personal Information among the Customer Information to a third party (including those located outside of Japan) without obtaining the prior consent of the User, except in the following cases:

  • (11) Using the ID or password of other Users;
  • (12) Providing false Registration Information;
  • (13) Attempting any of the aforementioned acts;
  • (14) Any other acts the Company deems inappropriate.
  • (15) Violation of rules regarding the use of the Service posted on our website (https://stock-club.net/en/rule)
  • ① Based on laws and regulations
  • ② When necessary for the protection of a person's life, body, or property, and it is difficult to obtain the consent of the person
  • ③ When particularly necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the consent of the person
  • ④ When necessary to cooperate with a national government organ or a local government (or a person entrusted by them) in performing affairs prescribed by laws and regulations, and obtaining the consent of the person may impede the performance of such affairs
  • ⑤ In addition to the preceding items, when it is unreasonable to obtain consent from the person

Article 7 (Safety Management Measures)

The Company takes the following measures to protect Customer Information:

  • Appropriate access control
  • Encryption of data
  • Construction of a management system based on internal regulations
  • Implementation of employee education
  • Supervision of external contractors

Article 8 (Supervision of Contractors)

The Company may entrust the whole or part of the handling of personal information within the scope necessary to achieve the purpose of use. In such cases, the Company will sufficiently screen the eligibility of the contractor, stipulate matters regarding confidentiality obligations in the contract, and perform necessary and appropriate supervision of the contractor.

Article 9 (Disclosure, Correction, and Deletion of Personal Information)

Customers may request the disclosure, correction, or deletion of their own personal information held by the Company. If such a request is made, the Company will respond appropriately in accordance with laws and regulations.

Article 10 (Use of Cookies, etc.)

1. Cookies

The Company may use Cookies, local storage, access logs, and other technologies to improve the convenience of the Services, analyze usage, and prevent unauthorized acts.

The information acquired by these technologies may include the User's browser information, access date and time, pages viewed, IP addresses, etc., but these alone do not identify a specific individual.

Users may accept or refuse each category of Cookies via the cookie consent banner displayed on the Services. Users may also refuse Cookies through browser settings, but in such case, some functions of the Services may not be used normally.

The Company uses the acquired information for the following purposes:

  • To stabilize the operation of the Services and improve convenience
  • To analyze service usage and help with improvements
  • To prevent unauthorized access and use, and ensure security

The Company handles information acquired through Cookies, etc., appropriately in compliance with the Personal Information Protection Act and other related laws and regulations.

2. Use of IP Addresses

An IP address is an identifier automatically recorded on the server side when a customer's browser or the like requests data from the Company's server.

The Company may use IP addresses for purposes such as technical problem-solving, prevention of unauthorized acts, grasping service usage, and statistical analysis.

3. Use of Third-Party Services

The Company uses the following third-party services to provide the Services. These services act as data processors on behalf of the Company, and the information collected is handled in accordance with each service's privacy policy.

(1) Google Analytics (Google LLC)

The Company uses Google Analytics, provided by Google LLC, to analyze how the Services are used and to improve service quality.

Google Analytics uses Cookies to collect access information (pages viewed, time on site, referral URLs, device information, etc.), but does not collect personally identifiable information.

The data collected is managed in accordance with Google's Privacy Policy (https://policies.google.com/privacy). To opt out of data collection by Google Analytics, please use the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout).

(2) Amazon Cognito (Amazon Web Services, Inc.)

The Company uses Amazon Cognito, provided by Amazon Web Services, Inc. ("AWS"), for user authentication and account management.

Amazon Cognito securely manages authentication information such as email addresses, usernames, and passwords (encrypted). This information is protected in accordance with AWS security standards and handled in accordance with the AWS Privacy Notice (https://aws.amazon.com/privacy/).

(3) Paddle.com Inc.

The Company uses Paddle.com Inc. for payment processing and billing management of paid plans. Personal information related to payments (name, email address, billing information, etc.) is handled in accordance with Paddle's Privacy Policy (https://www.paddle.com/legal/privacy).

4. Data Retention Period

The Company retains Users' personal information only for the period necessary to fulfill the purposes of use.

When a User deletes their account, the Company will promptly delete all personal information and usage data associated with that User. However, if retention is required by law, the minimum necessary information may be retained for the period prescribed by such law.

Article 11 (Amendment to this Policy)

The Company may amend this Policy as necessary. The amended content shall become effective at the time it is posted on the Services.

Article 12 (Inquiries Regarding Protection of Personal Information)

In accordance with the Personal Information Protection Act, customers may request the Company to disclose, correct, or suspend the use of their own personal information. If you wish to make a request, please contact the inquiry desk below.

■Fees for Disclosure or Notification of Purpose of Use

A fee of 1,100 yen (tax included) will be charged for each application. Note: The Company charges the above fee only for requests for disclosure of personal information and notification of the purpose of use. No fee is required for requests for correction, suspension of use, deletion of personal information, or complaints/consultations regarding the Privacy Policy or opt-out requests.

■Payment Method for Fees

Fees shall be paid by the method separately designated by the Company.

■Inquiry Desk

To: Personal Information Protection Manager, Crabgrass Inc. Stock Club Inquiry Desk: [email protected]

Complaints and consultations regarding the Privacy Policy, as well as opt-out requests within the "Handling of Customer Information," can also be made via the above.

Article 13 (Contact for Inquiries)

For inquiries regarding the Company's handling of personal information or other matters related to this Privacy Policy, please contact the following:

Wacore Shinjuku Dai-ichi Bldg., 7-7-26 Nishi-Shinjuku, Shinjuku-ku, Tokyo 160-0023 Crabgrass Inc., To: Personal Information Protection Manager Stock Club Inquiry Desk: [email protected]