Privacy Policy
Privacy Policy
Re:Birth Stone (the “Service”) handles the personal information of its users with care. This Policy explains, as clearly as possible,what information the Service collects, why it uses that information, how long it retains it, and what rights users have.
By registering an account for the Service, including pre-registration, you are deemed to have agreed to this Policy.
1. Operator and Contact Information
The Service is provided by the following operator.
Operator:Re:BirthStone Project
Privacy inquiries: [email protected]
General inquiries and support: [email protected]
Please use the contact details above for requests to access, correct, or delete personal information, or for questions about its handling.
2. Current Stage of the Service
The Service is currently provided free of charge as apublic test (alpha version), and does not sell paid items or offer paid transactions. If paid features are introduced in the future, this Policy and the related terms will be revised in advance and users will be notified separately.
3. Information We Collect
(1) Information you provide directly
| Information | When collected | Purpose |
|---|---|---|
| Email address | When registering an account | Identity verification, login, and important notices |
| Login ID (optional) | When registering an account | An identifier that may be used instead of an email address |
| Password | When registering or changing it | Authentication (stored as a cryptographic hash; the original password is not stored) |
| Multi-factor authentication (MFA) settings | When MFA is enabled | Improving login security (stored in encrypted form) |
(2) Information generated automatically while using the Service
| Information | Purpose |
|---|---|
| Account ID / user ID | Internal system identification |
| Hashed IP address (SHA-256) | Detection of unauthorized access and session management |
| Hashed browser information (User-Agent, SHA-256) | Distinguishing devices and notifying users of login from a new device |
| Authentication events such as login and logout | Detection of misuse |
| Game progress data (character growth, owned items, story progress, and changes in in-game currency) | Saving game state |
4. Purposes of Use
We use collected information only for the purposes below and not for any other purpose.
- Account identification and authentication (login)
- Email verification and password-reset notices
- Detection of unauthorized access, session management, and notification of login from a new device
- Saving and providing game progress, including character growth, owned items, and story progress
- Detection and handling of misuse, inquiries, and objections
- Responding to requests from users for access, correction, deletion, and similar actions
- Retaining records of administrative actions for security investigations
5. Retention Periods
| Data | Retention period |
|---|---|
| Game progress data (currency, owned items, levels, and story progress) | While you use the Service, or until you request deletion |
| Authentication events (such as login history) | Up to 365 days |
| Administrative and audit logs | 60 days active, plus 365 days archived |
| Session information and other tokens | A short period (invalidated promptly after use) |
If paid features are introduced in the future, transaction records may be retained for a period required by accounting laws (for example, seven years). This Policy will be revised and users will be notified at that time.
6. Disclosure to Third Parties
The Service does notprovide or sell collected personal information to outside third parties. We also do not use SDKs or similar technologies for behavioral tracking by third parties.
The only exceptions are:
- When disclosure is required by law, such as by a court order
- When the user has consented
- When handling is entrusted to a service provider that operates servers or similar infrastructure under appropriate security controls (an entrustment under Article 27 of the APPI)
7. Cookies and Browser Storage
- Cookie:Used to maintain login sessions, with security attributes such as HttpOnly and Secure.
- localStorage:Used to store non-identifying preferences such as volume and display settings.
- Advertising and third-party tracking:Not used.
8. Security Measures
The Service generally takes the following measures to protect personal information.
- Passwords are hashed using Argon2id; the original values are not stored.
- MFA secrets are stored in encrypted form.
- Only hashed IP addresses and browser information are stored.
- All administrative actions are recorded in audit logs, and permissions are separated by role.
- All sessions are invalidated when a password or email address is changed, or suspected misuse is detected.
9. Your Rights
You may make the following requests regarding your personal information through the contact point above or through features provided in the app.
Request for access
You may request access to your personal data. Passwords and authentication secrets are excluded for security reasons.
Correction
You can change your email address, login ID, and password from the settings screen in the app. Contact us for any other correction.
Suspension of use and deletion
You may request deletion (anonymization) of your personal data. To allow for mistakes or a change of mind, we provide a 30-day grace period after a deletion requestduring which you may cancel the request. Records that must be retained by law, such as transaction records and audit logs, may continue to be retained for the required period after deletion.
Complaints
For concerns about the handling of personal information, you may contact us or submit a complaint to the Personal Information Protection Commission of Japan .
10. Children's Personal Information
The Service has a policy ofnot collecting personal information directly from children under 13. If we learn that a child under 13 has registered without parental consent, we will promptly delete the relevant account.
11. Changes to This Policy
This Policy may be revised in response to changes in law, changes to the Service, or improvements to security operations. We will notify users through in-app notices or email when making material changes.
Effective June 22, 2026 / Re:Birth Stone Project