Privacy Policy
Last Updated: April 7, 2026
Effective Date: March 23, 2026
Data Controller: Shearu Goudou Kaisha (Shareru), Kanagawa, Japan Contact: support@komo-app.com
Shearu Goudou Kaisha, operating as Shareru ("we," "us," or "our"), operates the Komo application and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service.
By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
When you create an account through Steam or Epic Games, we collect:
- User identifier (Steam ID or Epic Online Services account ID)
- Display name you choose for our Service
- Profile information you provide (biography, interests, personality, playstyle)
- Profile images (avatar and cover image, if uploaded)
1.2 Content You Create
When you use the Service, we collect content you voluntarily submit:
- Posts (text content, images, thumbnails)
- Comments and replies (text content)
- Likes (which content you liked)
- Reports (when you report other users' content)
- Block lists (users you choose to block)
1.3 In-Game Chat
- Text chat is transmitted directly between users in real-time and is not stored on our servers during normal use. Text chat messages are temporarily held in your local device's memory during a game session.
- When a report is submitted: The most recent messages (up to 30) from the relevant chat session are transmitted to our servers for content moderation purposes. These messages are stored as part of the report record.
1.4 Automatically Collected Information
We automatically collect certain information when you use the Service:
- Authentication data (login timestamps, authentication method used)
- Game session data (room IDs, session IDs when using in-game chat features)
- Content metadata (creation timestamps, language, region)
- Device information (user agent string transmitted with content moderation requests, which may include browser or application type, version, and operating system)
1.5 Information from Third-Party Platforms
We receive limited information from authentication providers:
- Steam: Your Steam ID and ownership/DLC verification data
- Epic Games: Your Epic Online Services account ID
- Firebase Authentication: Authentication tokens (for web-based access)
We do not receive or store your passwords from any third-party platform.
1.6 Website Analytics
Our website (not the game application) may use analytics services such as Google Analytics to collect anonymized usage data including page views, traffic sources, and geographic region. This data is used solely to improve our website experience.
2. How We Use Your Information
We use collected information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the Service (account creation, content posting, social features) | Performance of contract |
| Content moderation and safety enforcement | Legitimate interest |
| Automated content screening using AI | Legitimate interest |
| Processing user reports and enforcing sanctions | Legitimate interest |
| Sending notifications about activity on your content | Performance of contract |
| Preventing abuse, fraud, and ban evasion | Legitimate interest |
| Website analytics and improvement | Legitimate interest (or consent where required) |
3. Content Moderation and Automated Decision-Making
3.1 How Moderation Works
To maintain a safe environment, we use automated systems to review content:
- Text content (posts, comments, profile information, reported chat messages) is analyzed using OpenAI's moderation API
- Images are analyzed using OpenAI's image moderation API
- Content flagged by automated systems may be reviewed by administrators
When content is sent for moderation, the text and/or image URLs are transmitted to OpenAI. For details on how OpenAI processes this data, see OpenAI's Privacy Policy.
3.2 Automated Decision-Making
Our content moderation system uses automated processing to flag potentially inappropriate content and calculate sanction severity scores. Automated moderation may occasionally produce incorrect results (false positives or false negatives).
Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that significantly affect you. Our sanctions system includes human oversight, and you may request human review of any automated moderation decision by contacting support@komo-app.com or using the in-app appeals process.
4. How We Share Your Information
We do not sell your personal data. We share information only in the following circumstances:
4.1 Service Providers
| Provider | Data Shared | Purpose | Location |
|---|---|---|---|
| Google Cloud Platform | All Service data | Infrastructure hosting (Firestore, Cloud Storage, Cloud Functions) | Japan (Tokyo) |
| OpenAI | Post/comment/chat text, image URLs | Automated content moderation | United States |
| Cloudflare | API request metadata | CDN, WAF, DDoS protection, email routing | Global (primarily US) |
| Valve (Steam) | Steam ID, authentication tickets | User authentication and game ownership verification | United States |
| Epic Games | EOS tokens | User authentication | United States |
4.2 Cross-Border Data Transfers
Your data is primarily stored in Japan (Google Cloud, Tokyo region). However, certain data is transferred to service providers located outside Japan, including the United States, as described in Section 4.1. These transfers are necessary for the provision of the Service and are conducted pursuant to appropriate safeguards, including Standard Contractual Clauses (SCCs) where required under the GDPR and equivalent protections under Japan's Act on the Protection of Personal Information (APPI).
You may request information about the applicable transfer safeguards by contacting us at support@komo-app.com.
4.3 Other Disclosures
We may disclose your information:
- To comply with legal obligations or valid legal process
- To protect the rights, safety, or property of our users or the public
- In connection with a merger, acquisition, or sale of assets (with notice to affected users)
5. Data Storage and Security
- All data is stored on Google Cloud Platform servers in the Asia-Northeast 1 (Tokyo) region
- Images are stored in Google Cloud Storage with access controls
- Sensitive credentials (API keys) are managed through Google Cloud Secret Manager
- API endpoints are protected by Cloudflare WAF (Web Application Firewall)
- All data transmission uses HTTPS encryption
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours as required by the GDPR. We will also notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms. We will comply with breach notification requirements under Japan's Act on the Protection of Personal Information (APPI) and any other applicable data protection laws.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| User profiles | Until account deletion |
| Posts | 90 days (default), extendable |
| Comments | Until deleted by user or account deletion |
| Likes | Until removed or account deletion |
| Notifications (read) | 30 days |
| Notifications (unread) | Until read or account deletion |
| Moderation records | 5 years (reviewed periodically for continued necessity) |
| Sanctions (warnings) | 30 days |
| Sanctions (bans) | Retained for ban evasion prevention; reviewed at least every 5 years |
| Report records | 5 years (for legal and safety compliance) |
| Audit logs | 90 days |
| Account deletion logs | 7 years (for regulatory compliance verification) |
7. Account Deletion
You may delete your account at any time through the in-game settings. When you delete your account:
- Your profile is immediately deleted
- Your posts and associated images are permanently deleted
- Your comments on other users' posts are anonymized (author name replaced with "Deleted User," content removed)
- Your likes, notifications, and block lists are permanently deleted
- Your reports are anonymized (personal information removed, records retained for legal compliance)
- Ban information is retained if applicable, to prevent ban evasion (see Section 10.1)
Account deletion is immediate and irreversible. There is no grace period.
8. Children's Privacy
The Service is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If we discover that we have collected data from a child under 13, we will delete it promptly.
For users aged 13 to 16 in the European Economic Area, we rely on the age of digital consent applicable in your member state. Where required, parental or guardian consent must be obtained.
If you believe a child under the applicable age has provided us with personal data, please contact us at support@komo-app.com.
9. Cookies and Tracking
9.1 Game Application
The game application does not use cookies or tracking technologies.
9.2 Website
Our website may use:
- Firebase Authentication cookies for session management
- Analytics cookies if Google Analytics or similar services are enabled
Where required by law (e.g., in the EU/EEA), we will obtain your consent before setting non-essential cookies.
10. Regional Supplements
10.1 European Economic Area (EEA) Residents - GDPR
If you are located in the EEA, you have the following rights under the General Data Protection Regulation:
- Right of Access - Request a copy of your personal data
- Right to Rectification - Request correction of inaccurate data
- Right to Erasure - Request deletion of your data (subject to legal retention requirements)
- Right to Restriction - Request restricted processing of your data
- Right to Data Portability - Receive your data in a portable format
- Right to Object - Object to processing based on legitimate interest
- Right to Withdraw Consent - Where processing is based on consent
- Right Regarding Automated Decisions - Right to human review of automated decisions that significantly affect you (see Section 3.2)
Data Controller: Shearu Goudou Kaisha, Kanagawa, Japan
EU Representative: We are in the process of appointing an EU representative pursuant to GDPR Article 27. In the meantime, please direct all inquiries to support@komo-app.com.
Ban Evasion Prevention: Under GDPR Article 6(1)(f) (legitimate interest), we retain sanction records (user identifier, sanction status, and sanction history) after account deletion to prevent banned users from re-registering. We have conducted a legitimate interest assessment and concluded that this interest outweighs the minimal privacy impact, as personal information (display name, avatar, etc.) is removed from these records. Ban records are reviewed at least every 5 years to determine whether continued retention is necessary.
To exercise your rights, contact us at support@komo-app.com. We will respond within 30 days.
10.2 California Residents - CCPA/CPRA
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Delete your personal information
- Opt-out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
To exercise your rights, contact us at support@komo-app.com.
10.3 South Korean Residents
Under the Personal Information Protection Act (PIPA):
- We collect and process personal data as described in this policy
- Data is transferred to and stored on servers in Japan (Google Cloud, Tokyo region)
- Certain data is transferred to the United States for content moderation (OpenAI) and security (Cloudflare)
- You may request access, correction, or deletion of your personal data
- Contact: support@komo-app.com
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will provide at least 30 days' advance notice of material changes through the Service or our website. Your continued use of the Service after the notice period constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights:
- Email: support@komo-app.com
- Entity: Shearu Goudou Kaisha (Shareru)
- Location: Kanagawa, Japan
This policy is provided in English as the authoritative version. Translated versions are provided for convenience; in case of discrepancy, the English version prevails.