Privacy Policy

We collect the following categories of personal data within the scope necessary to provide the Service:

• Candidate information: name, gender, date of birth, nationality, hometown, family composition, religion (only if consented), desired industry, desired stay duration, photos, videos, signed consent form, language proficiency, education, work history
• Organization information: name, address, license number, representative name, contact (email/phone), training curriculum, achievements by industry, monthly reports
• Host company information: company name, invited email addresses, view history, feedback
• User information: login email, hashed password, operation logs, view logs, IP address, user agent
• Inquiry information: name, organization, role, email, phone, message

We use personal data for the following purposes:

• Providing, operating and maintaining the Service
• Supporting tripartite agreement formation among sending organizations, supervising organizations and host companies
• Presenting candidate information to supervising organizations and host companies
• Generating differentiated PDF materials such as Personality Cards and Trust Index Reports
• Preventing fraud and responding to security incidents via operation/view logs
• KPI aggregation and statistical analysis to improve service quality
• Responding to inquiries and sending notifications
• Disclosure or reporting required by law

We do not provide personal data to third parties except with the data subject's consent or as required by law.

By design, the following sharing occurs within the necessary scope. These constitute "business outsourcing" or "joint use" under Japanese law and are subject to confidentiality obligations and access controls.

• Sender → Viewer: candidate profile, photos, training records
• Viewer → Receiver: limited candidate profile via invitation link
• Us → cloud infrastructure providers: Supabase (Tokyo region), Vercel, Resend (email), Anthropic / Google (AI inference) — only the data necessary for service delivery

Service data is stored in the Tokyo region of Supabase.

Because sending organizations are located in Indonesia, the Philippines, Vietnam and other Southeast Asian countries, registration causes personal data to be transferred to Japan within the necessary scope. Multilingual consent forms explicitly disclose and obtain consent for this cross-border transfer.

When using AI inference features, parts of the input may be transmitted to servers operated by Anthropic (US) or Google (US). AI providers process the information only as necessary for service delivery and do not use it for model training (per each provider's terms).

The Service uses the following AI / LLM providers for productivity features:

• Anthropic Claude (claude-sonnet-4-6 etc.) — matching evaluation, web-search-augmented industry analysis (Admin-only)
• Google Gemini (gemini-2.5-flash etc.) — manual translation, supplementary statistical analysis
• Brave Search — pre-search for AI evaluation; designed not to send personal information

Inputs are limited to organization data subject to evaluation, aggregated candidate data, and inquiry contents — only what is necessary for the feature.

AI inferences identifying specific individuals are, in principle, not displayed to non-Admin users. Where retained for SBGG internal use, they are stored under SBGG's access controls.

Retention follows the schedule in Section 10 of the Terms of Service:

• Candidate photos and consent forms: auto-deleted 1 year after status becomes "Placed" or "Withdrawn"
• Operation and view logs: last 24 months
• Raw scraped data: not persisted
• Inquiry records: 3 years after resolution
• Other data subject to statutory retention is held for the required period

Data subjects may exercise the following rights regarding their personal data held by us:

• Right to disclosure of retained personal data
• Right to rectification, addition or deletion when content is factually incorrect
• Right to suspension of use or third-party provision
• Right to be informed of the purpose of use

After identity verification, we will respond within a reasonable period. Requests can be submitted via the in-app inquiry form or the contact below.

The Service uses the minimum cookies necessary for authenticated sessions, locale persistence and abuse prevention. We do not use third-party advertising or behavioral-tracking cookies.

If analytics are introduced in the future, we will revise this Policy and disclose accordingly.

The Service complies with the following laws depending on user location:

• Japan — Act on the Protection of Personal Information
• Indonesia — UU PDP (Personal Data Protection Law)
• Philippines — Data Privacy Act of 2012 (RA 10173)
• Vietnam — Decree 13/2023/ND-CP on personal data protection
• China — PIPL (where applicable to a sending organization)
• EU — GDPR (where EU users or data subjects are involved)

We implement the following measures to prevent leakage, loss or damage of personal data:

• Tenant isolation via Supabase Row Level Security (RLS)
• Hashed/encrypted storage of credentials
• HTTPS for all communications
• Tokenized invitation links with two-factor authentication
• Periodic backups
• Operation and view logs for unauthorized-access detection
• Employee training on personal data handling

For questions about handling of personal data, please use the in-app inquiry form or contact us at:

Operator: SBGG Co., Ltd.

Email: sbgg.ec.microtasking@gmail.com

We may amend this Policy when necessary. Material changes will be notified to data subjects via in-app posting or email.