1. JULA Inc. (hereinafter referred to as "the Company"), which operates the web service "smfans" (hereinafter referred to as "the Service"), respects the privacy of users of the Service (hereinafter referred to as "Users") and performers appearing in content posted by Users on the Service (hereinafter referred to as "Performers"; Users and Performers are collectively referred to as "Users, etc."), and exercises the utmost care in managing Users' personal information and other privacy-related information (hereinafter referred to as "Privacy Information"). 2. The Company handles personal information collected from Users, etc. in compliance with the Act on the Protection of Personal Information (hereinafter referred to as the "Personal Information Protection Act") and all other applicable laws and regulations. The Company also strives for continuous improvement in its handling of Users' personal information, including strengthening its information management systems and implementing SSL/TLS encryption technology.

1. When Users, etc. provide their Privacy Information to the Company through inquiries or account registration, they shall carefully read this Policy and agree to its contents. 2. Users, etc. may withdraw their consent to the Company's use of their Privacy Information. In such cases, they will no longer be able to continue using the Service. 3. Consent to this Policy and the withdrawal of consent under this Article shall be made through the means prescribed by the Company. 4. The Company uses Cookies for authentication and session management of the Service. These cookies qualify as 'strictly necessary cookies' essential for the provision of the service and are therefore exempt from the consent requirement under Article 5(3) of the ePrivacy Directive. When Users, etc. use the Service, the Company shall deem that such Users, etc. have consented to the Company's use of Cookies. The Company also uses an access analytics tool (Google Analytics) for service improvement; details are set forth in Article 10.

1. The Company collects or obtains the following information from Users, etc. in the course of providing the Service. (1) Information provided by Users, etc. through forms and similar means - At registration: email address, password (stored in hashed form) - When setting up a profile: display name, username, bio, profile image, cover image, external links - When setting personal information: full name, date of birth, address (required for creator applications; optional for general members) - When applying for creator verification: identity verification documents (front and back images of official identification such as a driver's license), description of activities - When registering a bank account (creators only): financial institution name, branch name, account type, account number, account holder name - When making an inquiry: email address, phone number (optional), inquiry details, attachments (2) Information automatically collected through the use of the Service - IP address - User agent information (information about the device, OS, browser, and other connection environment) - Authentication session information (Cookies) - Service usage history (content viewing history, purchase history, like and bookmark history) (3) Physical appearance of Users, etc. (photographs on identity documents, appearance of Performers in posted content) (4) Payment-related information - Wallet charge and usage history - Payment method information (last 4 digits and brand of credit card, etc. The full card number is not stored by the Company and is managed by the payment processing company.) 2. The Company obtains Privacy Information through lawful and fair means and does not acquire information against the will of Users, etc.

The Company uses Privacy Information collected from Users, etc. for the purpose of operating the Service. The main purposes of use are as follows: (1) For billing, identity verification, and authentication (2) For processing payments for user-posted content (3) For transferring sales proceeds (4) For sending important notices such as changes to the Terms of Service or policies (5) For improving the content and quality of the Service (6) For marketing research, statistics, and analysis (7) For system maintenance and troubleshooting (8) For providing technical support and responding to customer inquiries (9) For preventing fraudulent or potentially illegal activities (10) For handling complaints, disputes, and litigation (11) For content moderation of posted content (detecting prohibited content, reviewing legality and compliance with terms) (12) For determining the necessity of mosaic processing on the appearance of Users, etc. (13) For delivering notifications and announcements related to the Service (14) For the proper operation of messaging between members (including determining whether prohibited conduct has occurred)

1. When the Company discloses or provides Users' personal information to third parties, it shall disclose the recipient and the content of the information provided, and obtain the consent of the Users, etc. The Company shall not disclose or provide personal information to third parties without the prior consent of the Users, etc., except in the following cases: (1) When disclosure is required by law or regulation (2) When disclosure is requested by attorneys, prosecutors, police, or other authorities to the extent necessary for an investigation (3) When information is shared among the Company's affiliated companies (4) When part of the operations is outsourced to a third party to the extent necessary for providing the Service (5) When it is necessary to provide information to a payment processing company (Stripe, Inc., PayPal, Inc., NOWPayments) to the extent necessary for providing the Service (6) When it is necessary to provide information to a remittance service provider (such as Wise Payments Limited) to the extent necessary for processing payouts to creators of the Service 2. The Company uses the following third-party services in providing the Service and may share information to the extent necessary for providing the Service: (1) Payment processing service (Stripe, Inc.): Payment-related information is provided for processing credit card charges to wallets. Credit card numbers are processed and stored by the payment processing company's system and are not stored on the Company's servers. (2) Payment processing service (PayPal, Inc.): User ID, payment amount and other payment-related information are provided for processing PayPal payments. (3) Cryptocurrency payment service (NOWPayments): Payment-related information such as user ID and charge amount is provided for processing cryptocurrency charges to wallets. (3) Cloud infrastructure service (Amazon Web Services, Inc.): Media data posted by users, system logs, and other data are stored for content storage, delivery, and system operations. (4) Database and authentication platform service (Supabase, Inc.): Account information is stored for user authentication and data management. (5) Email delivery service (Resend, Inc.): Email addresses and notification content are provided for sending notification emails. 3. When the Company outsources the handling of personal information to a third party, it shall exercise necessary and appropriate supervision over the outsourced party in accordance with the Personal Information Protection Act. 4. In the event that the Company transfers its business to a third party through a merger, split, or other means, or transfers part or all of the Service to a third party, the Company shall provide the personal information of Users, etc. related to the Service to such third party.

1. During the period in which Users, etc. are using the Service, the Company shall take necessary and appropriate security measures in accordance with the current level of technology to prevent leakage, alteration, or other compromise of Privacy Information disclosed or provided by such Users, etc. The main security measures taken by the Company are as follows: (1) Data protection during transmission through encryption (SSL/TLS) (2) Minimization of database access permissions and recording of access logs (3) Hashed storage of passwords (4) Non-retention of credit card numbers (outsourced to the payment processing company) (5) Regular security audits and vulnerability response 2. When the Company no longer needs to use Privacy Information it retains, it shall endeavor to delete such Privacy Information without delay. 3. The handling of data when a User withdraws from the Service shall be as follows: (1) 90 days from the withdrawal date: Account data will be retained as a recovery period. (2) After 90 days from the withdrawal date: Personal information (email address, display name, avatar image, bio, contact information, etc.) will be anonymized or deleted. Chat messages will be deleted after 90 days from the withdrawal date. Regarding post media data: if a creator voluntarily withdraws, post media data will be retained and not deleted for the protection of purchasers. If an administrator imposes a suspension or deletion action, post media data will be immediately deleted on the date of the action. (3) Payment records (wallet charge and usage history): Retained for 7 years after withdrawal as required by the Income Tax Act and other applicable laws, after which they will be deleted. (4) Content subject to administrative deletion: Physically deleted immediately on the date of the deletion action, including all related media data. 4. When Users, etc. request the deletion of Privacy Information, the Company shall respond without delay, except for information that must be retained under the laws described in the preceding paragraph.

1. The Service includes adult content, and Users' usage history, browsing history, and purchase history may constitute special care-required personal information (Article 2, Paragraph 3 of the Personal Information Protection Act) or equivalent sensitive information, as they relate to sexual preferences. 2. The Company shall take the following security measures with respect to the information described in the preceding paragraph: (1) The purpose of use shall be strictly limited to the scope necessary for providing and operating the Service. (2) Access permissions shall be limited to the minimum necessary personnel. (3) Disclosure to third parties shall be limited to cases required by law or where the explicit consent of the Users, etc. has been obtained. (4) When used for statistical analysis, the information shall be processed in a manner that does not identify specific individuals.

1. In the event that a leakage, loss, or damage (hereinafter referred to as "Breach") of personal data occurs or is suspected to have occurred, the Company shall take the following actions in accordance with Article 26 of the Personal Information Protection Act. 2. Upon becoming aware of a Breach, the Company shall promptly take the following measures: (1) Investigation of the facts and determination of the cause (2) Identification of the scope of impact (3) Emergency measures to prevent further damage (4) Examination and implementation of measures to prevent recurrence 3. When the situation falls under Article 26, Paragraph 1 of the Personal Information Protection Act, the Company shall report to the Personal Information Protection Commission with a preliminary report (within approximately 3 to 5 days of becoming aware of the situation) and a full report (within 30 days of becoming aware of the situation, or within 60 days in cases of unauthorized access, etc.). For data breaches involving personal data of EU/EEA residents, we will endeavor to notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. 4. In cases falling under the preceding paragraph, the Company shall promptly notify the affected individual of the facts of the Breach, the categories of personal data affected, the cause, measures the individual can take to prevent secondary damage, the Company's response, and the contact point for inquiries. However, if notification to the individual is difficult, the Company shall take alternative measures necessary to protect the rights and interests of the individual.

1. Users, etc. may request the Company to disclose, correct, add to, delete, or suspend the use of their Privacy Information held by the Company. 2. Users, etc. shall make requests for disclosure and other actions as described in the preceding paragraph through the means prescribed by the Company. Such requests may only be made by the Users, etc. themselves, their legal representatives (if the User is a minor or an adult ward), or agents authorized by the Users, etc. 3. Upon receiving a request for disclosure or other actions, the Company shall verify the identity of the requester through the means prescribed by the Company and respond within a reasonable period. If the Company decides not to disclose information pursuant to applicable law, it shall notify the Users, etc. to that effect. 4. Users, etc. may be required to pay a fee prescribed by the Company for the disclosure of Privacy Information. If a fee applies, the Company will inform the Users, etc. in advance at the time of the request.

1. The Company uses Cookies in the Service for the following purposes: (1) User authentication and session management (maintaining login status) (2) Ensuring security (preventing unauthorized access) (3) Access analytics (understanding usage patterns to improve the Service) 2. The Service uses Google Analytics, provided by Google LLC, as an access analytics tool. Google Analytics uses Cookies to collect user access information (page view history, time spent on pages, referral sources, etc.), but does not include personally identifiable information. The collected data is managed in accordance with Google's Privacy Policy (https://policies.google.com/privacy). 3. Users, etc. who wish to opt out of data collection by Google Analytics may do so by installing the opt-out add-on provided by Google (https://tools.google.com/dlpage/gaoptout). 4. Users, etc. may disable Cookies through their browser settings. However, if Cookies are disabled, logging in to the Service and using certain features may not be possible. 5. Changes to Cookie settings are made at the sole responsibility of the Users, etc., and the Company shall bear no liability for any effects of such changes, including the inability to use certain parts of the Service.

1. The Service is provided from within Japan, but access from overseas is also anticipated. 2. Users, etc. residing in the EU/EEA shall have the following rights under the General Data Protection Regulation (GDPR): (1) Right of access to their personal data (2) Right to rectification of personal data (3) Right to erasure of personal data (right to be forgotten) (4) Right to restriction of processing of personal data (5) Right to data portability (6) Right to object to processing 3. The lawful bases for the Company's processing of personal data of EU/EEA users under the GDPR are as follows: (1) Consent (Article 6(1)(a) GDPR): Account registration, marketing communications (2) Performance of a contract (Article 6(1)(b) GDPR): Service delivery, payment processing, account management (3) Legitimate interest (Article 6(1)(f) GDPR): Fraud prevention, platform security, content moderation, service improvement (4) Legal obligation (Article 6(1)(c) GDPR): Retention of financial records as required by tax law, compliance with law enforcement requests 4. Users, etc. who wish to exercise the above rights should contact us at the contact point described in Article 13. 5. The Company's Data Protection Officer (DPO) can be contacted at: Email: support@smfans.jp 6. When transferring personal data internationally, the Company shall take appropriate protective measures based on the European Commission's adequacy decision (Japan received an adequacy decision on January 23, 2019), Standard Contractual Clauses (SCCs), or other appropriate safeguards under applicable laws. 7. Users, etc. residing in the State of California, United States, shall have the following rights under the California Consumer Privacy Act (CCPA): (1) The right to know the categories and purposes of use of the personal information the Company has collected (2) The right to request the deletion of the personal information the Company has collected (3) The right to opt out of the sale of personal information (Note: The Company does not sell Users' personal information.) (4) The right not to be subject to discriminatory treatment for exercising the above rights 8. Users, etc. who wish to exercise the rights described in the preceding paragraph should contact us at the contact point described in Article 13.

1. The Company may revise this Policy at its own discretion. When revising this Policy, except in cases of urgency, the Company shall notify Users, etc. in advance through means the Company deems appropriate. 2. Revisions to this Policy shall take effect upon posting the revised Privacy Policy on the website of the Service. 3. If Users, etc. are unable to agree to revisions to this Policy, they may request the Company to delete their Privacy Information through the means described in Article 9.

The Company has designated the following person as the data protection officer responsible for the proper management of personal information and the continuous improvement of personal information protection measures. This contact information also serves as the point of contact for inquiries, consultations, and requests for disclosure under Article 9 regarding personal information.

1. This Policy shall be governed by and construed in accordance with the laws of Japan. 2. Users, etc. agree in advance that in the event of any dispute arising in connection with this Policy, the Tokyo District Court shall have exclusive jurisdiction as the court of first instance.