Privacy Policy
Last updated: February 11, 2025
1. Introduction
Prizd ("we," "us," or "our") is a platform for collectors operated under the laws of Japan. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
For information about our business entity as required under Japanese law, please see our Commercial Transaction Act Disclosure (特定商取引法に基づく表記).
By using Prizd, you consent to the data practices described in this policy. If you do not agree with the practices described here, please do not use the Service.
2. Information We Collect
Account Information
When you create an account, we collect:
- Name and display name
- Email address
- Profile picture (if provided)
- Authentication credentials (hashed passwords or OAuth tokens)
Profile Information
You may choose to provide additional profile information such as:
- Bio or description
- Country or region
- Preferred language
- Social media links
- Collecting interests and categories
Content You Create
We collect and store the content you upload, including:
- Photos and images of your collectibles
- Item descriptions and metadata
- Vault names and descriptions
- Comments and interactions with other users
Usage Data
We automatically collect information about how you use the Service:
- Pages and items viewed
- Likes, follows, and other interactions
- Search queries
- Time spent on the platform
- Device information (browser type, operating system)
- IP address and approximate location
Payment Information
When you make purchases, payment information is processed by our payment provider, Stripe. We receive limited information such as the last four digits of your card, card type, and billing address, but we do not store complete payment card numbers.
3. Legal Basis for Processing
We process your personal information based on the following legal grounds, as applicable under GDPR and other data protection laws:
- Contract Performance: Processing necessary to provide the Service you requested (account management, content hosting, payments).
- Consent: Where you have given explicit consent, such as opting into AI-powered features or marketing communications. You may withdraw consent at any time.
- Legitimate Interests: Processing necessary for our legitimate business interests, including improving the Service, fraud prevention, and security, where these interests are not overridden by your rights.
- Legal Obligation: Processing necessary to comply with applicable laws and regulations, including tax, accounting, and law enforcement requirements.
4. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Create and manage your account
- Process transactions and send related information
- Send administrative messages, updates, and security alerts
- Respond to your comments, questions, and customer service requests
- Personalize your experience and provide content recommendations
- Monitor and analyze trends, usage, and activities
- Detect, investigate, and prevent fraudulent or unauthorized activities
AI-Powered Features
We use artificial intelligence services (including Google Gemini, OpenAI, and Anthropic Claude) to power certain features:
- Automatic description generation for your items
- Content categorization and tagging
- Personalized recommendations
- Content moderation
When using these features, your content may be processed by these third-party AI providers. You can opt out of AI-powered features in your account settings.
5. Information Sharing
We may share your information in the following circumstances:
With Other Users
Your profile information and public content (Vaults, Items) are visible to other users as determined by your privacy settings.
Service Providers
We share information with third-party service providers who perform services on our behalf:
- Stripe (payment processing)
- Cloud storage providers (Amazon Web Services, Google Cloud, or similar)
- AI service providers (for content features)
- Analytics providers (Vercel Analytics)
- Email service providers
Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities, including law enforcement.
Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
With Your Consent
We may share your information for other purposes with your explicit consent.
No Sale of Personal Information
We do not sell your personal information to third parties. We do not share personal information for cross-context behavioral advertising.
6. International Transfers
Prizd is operated from Japan. Your information may be transferred to and processed in countries other than your country of residence. Specifically, your data may be processed in:
- United States — Cloud infrastructure (AWS, Google Cloud), payment processing (Stripe), AI service providers (OpenAI, Anthropic)
- Japan — Primary operations and data storage
When we transfer your information internationally, we take appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EU/EEA.
- Japan's adequacy decision from the European Commission, which recognizes Japan as providing an adequate level of data protection.
- Ensuring that our service providers maintain appropriate security measures and contractual obligations.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service.
After you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes.
Some information, such as content you shared publicly or with other users, may remain visible even after account deletion if other users have saved or interacted with it.
9. Your Rights (General)
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate personal information
- Deletion: Request deletion of your personal information
- Portability: Request a copy of your data in a portable format
- Restriction: Request that we restrict processing of your information
- Objection: Object to processing of your personal information
- Withdrawal: Withdraw consent where processing is based on consent
To exercise these rights, please contact us at privacy@prizd.app. We will respond to your request within 30 days.
10. Your Rights (CCPA — California)
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:
Right to Know
You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collecting your information, and the categories of third parties with whom we share your information.
Right to Delete
You have the right to request that we delete your personal information, subject to certain exceptions provided by law.
Right to Correct
You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt-Out of Sale or Sharing
We do not sell your personal information. We do not share personal information for cross-context behavioral advertising purposes. As such, there is no need to opt out of these practices.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge different prices, or provide a different level of quality for exercising your rights.
To exercise your CCPA rights, please contact us at privacy@prizd.app. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.
11. Your Rights (APPI — Japan)
Under Japan's Act on the Protection of Personal Information (APPI), residents of Japan have the following rights:
Notification of Purpose of Use
You may request that we notify you of the purpose for which your personal information is used. The purposes are described in Section 4 of this policy.
Disclosure
You may request disclosure of your personal information that we hold. We will respond to your request within 30 days.
Correction
If your personal information is inaccurate, you may request that we correct, add to, or delete such information.
Cessation of Use and Deletion
You may request that we cease using or delete your personal information if it was obtained unlawfully or is being used beyond the scope of the stated purpose.
Third-Party Provision Records
You may request access to records of any third-party provision of your personal information.
To exercise your APPI rights, please contact us at privacy@prizd.app. We will respond to your request within 30 days.
12. Children's Privacy
Prizd does not knowingly collect personal information from children under the age of 13. If you are under 13, please do not use the Service or provide any personal information.
If you are between the ages of 13 and 18, you may use the Service only with the consent and supervision of a parent or legal guardian. Your parent or guardian must agree to these terms on your behalf.
If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 13, please contact us at privacy@prizd.app.
13. Data Breach Notification
In the event of a data breach that affects your personal information, we will take the following steps:
- Notify affected users via email and in-app notification within 72 hours of becoming aware of the breach.
- Report to relevant supervisory authorities as required by applicable law (including Japan's Personal Information Protection Commission and other relevant authorities).
- Provide details about the nature of the breach, the types of data affected, and the measures we are taking to address the breach and mitigate potential harm.
- Recommend steps you can take to protect yourself.
14. Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
These measures include:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of sensitive data at rest
- Regular security assessments
- Access controls and authentication requirements
- Secure development practices
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
For material changes, we will provide additional notice via email or in-app notification at least 30 days before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.
16. Contact Us
If you have any questions about this Privacy Policy, please contact us:
Email: privacy@prizd.app
Mailing Address: Available upon request. To request our physical address, please email legal@prizd.app.
For details about our business entity, see our Commercial Transaction Act Disclosure.