Security Measures
Reliable Data Management and Security
We operate our systems on Google Cloud Platform (GCP), which complies with standards such as ISO 27001 (ISMS certification), ISO 27017 (Cloud Service Security), ISO 27018 (Personal Information Protection), SOC 2, SOC 3, and PCI DSS. Regular audits are conducted to ensure thorough personal information protection and security management, providing our customers with safe and secure services.
Robust Data Center Infrastructure
All servers that form the foundation of our services are built and operated on GCP. In addition to disaster and crime prevention measures, robust facilities and comprehensive safety protocols ensure stable system operations. GCP maintains a 99.95% SLA, while Google BigQuery and Google Cloud Storage standard storage maintain a 99.9% SLA. Google implements highly redundant infrastructure in its data centers to minimize service interruptions due to hardware failures, natural disasters, or other incidents. G Suite offers zero RPO (Recovery Point Objective) and instant failover (zero RTO, Recovery Time Objective).
Domestic Data Center Usage for Peace of Mind
Our system infrastructure is built in the GCP Japan region, with data centers located within Japan.
Ensuring Server Environment Redundancy
GCP has established 11 data centers across North America, South America, Europe, and Asia, ensuring redundancy at the data center level. Even if an entire data center encounters trouble, our services and data remain unaffected. Data centers are interconnected via a powerful network infrastructure and the latest network virtualization platform, "Andromeda," enabling seamless operations regardless of physical distance. Redundancy across regions is also ensured, so if a disaster affects one data center, operations can be switched to another region's data center.
Auto-Scaling Model for Optimal Connectivity
We employ an auto-scaling model, automatically expanding server instances in response to increased access and user numbers. This allows us to flexibly adjust server processing capacity according to fluctuations in usage.
Robust Account Management
By adopting Google Authentication, email addresses and passwords are securely managed and kept confidential during account registration. Even our company cannot obtain user email lists or view passwords. Passwords are encrypted and kept confidential, minimizing the risk of leakage.
Minimizing Personal Information
The only personal information we collect is email addresses and profile names (we do not collect addresses or phone numbers). Email addresses and profile names are managed separately within our system. Email addresses are kept confidential through Google Authentication. Even in the unlikely event of a database breach, user email addresses will not be leaked, nor will email addresses and profile names be linked and leaked together.
Summary
Our internal operations are also managed in accordance with ISO 27001. We minimize the registration of personal information, requiring only the minimum necessary for users to recognize each other. Information is managed to prevent linkage. Even if such information were leaked, we believe there would be no actual harm, and it would not be considered valuable to hackers. In the unlikely event of a leak, our monitoring system will minimize any damage. Of course, we do not have a mechanism to view customer email addresses. Only specific personnel can access such information, and only in response to customer requests or official instructions. System upgrades are thoroughly tested in the development environment before deployment.