LINE User Data Policy

Those persons (“Developers”) using the LINE Software Development Kit and Application Programming Interface (“the Platform”) must comply with matters prescribed in this policy when they handle information relating to the users of LINE-affiliated services (“LINE Services”) provided by LY Corporation (“the Company”).


1. LINE User Information

“LINE User Information” refers specifically to the following information related to users of LINE Services.

1.1 User-related information the Company, under users’ consent, provides to Developers (including but not limited to LINE profile name, icon image, Company internal identifiers for identifying users and status messages).

1.2 Information Developers directly receive from users from within LINE Services (including but not limited to messages from users sent to a Developer’s Official Account).

Any information Developers directly receive from users within their own services is not LINE User Information, even in instances where they have integrated a LINE Login feature to their service.


2. General Privacy Principles related to Services Using the Platform (“Relevant Services”)

2.1 Developers must abide by laws and regulations related to personal information and privacy.

2.2 Developers must create privacy policies for Relevant Services.

2.3 Developers must conduct development and operation of the Relevant Services with consideration for privacy and in accordance with the privacy principles below.

2.3.1 Developers must notify users of the personal information that will be collected, and seek users’ consent to collect, use, or disclose users’ personal information.

2.3.2 Developers must identify the purposes of use for collecting users’ personal information.

2.3.3 Developers must collect only information that is necessary to carry out the identified purposes of use.

2.3.4 Developers must use and disclose users’ personal information only for the purposes for which it is collected, except with users’ consent or as required or permitted by law. Developers must keep users’ information only as long as necessary to fulfill those purposes.

2.3.5 Developers must endeavor to make sure that users’ personal information is accurate, complete, and up-to-date.

2.3.6 Developers must protect users’ personal information by appropriate security safeguards.

2.3.7 Developers must make the policies and practices for the handling of users’ personal information as transparent as possible.

2.3.8 Developers must allow users to access their own personal information and correct their personal information as appropriate.

2.3.9 Developers will be accountable to users. Developers must always be receptive to hearing users’ opinions regarding Developers’ compliance with these principles, privacy policies, and applicable laws. Developers must always exert their best efforts to fulfill their accountability to users. Users will be able to express their opinions regarding the compliance with these principles and the privacy policies at any time.

2.4 Developers shall disclose and ensure that Relevant Service-related privacy policies are easily viewable to anyone at any time (including before and after a user starts to use the Relevant Service).


3. Protection of LINE User Information

3.1 Developers must properly protect LINE User Information against unauthorized access and use. Developers should enact the best possible measures for information protection, with potential measures including the implementation of security training, the signing of non-disclosure agreements between the employees and the company, the establishment of rules for the handling of confidential and personal information, the implementation of internal audits and third-party audits, the establishment of incident response procedures, the implementation of monitoring for unauthorized access, and physical access control.

3.2 Developers must collect, maintain and use LINE User Information in line with the following:

3.2.1 Developers shall only be able to collect, maintain and use LINE User Information necessary for providing Relevant Services.

3.2.2 Developers must obtain LINE User Information in a fair and legal manner.

3.2.3 When storing any LINE User Information other than Company internal user identifiers for more than 24 hours, Developers must notify users that LINE User Information will be stored by Relevant Services. However, regardless of whether or not users have been notified, Friend and Group information must not be stored for more than 24 hours.

3.2.4 LINE User Information collected for the provision of Relevant Services must not be used for any other purposes.

3.2.5 When using the Platform for various services, LINE User Information obtained from various services must not be linked together. However, this does not apply when approved by the Company.

3.2.6 LINE User Information must not be purchased or sold.

3.2.7 Developers must not obtain or request to provide users’ LINE account passwords.

3.2.8 Friend information and Group information can only been used while users are using the Relevant Services.

3.2.9  The audience of LINE User Information must be equivalent to that within the Company’s services (for example, a user’s Friend information/Group information may only be viewable to the user him/herself) or must be even more restricted.

3.2.10 When linking a Relevant Service account and a LINE account (“LINE Link”), Developers must provide a feature to unlink from LINE and a feature to withdraw from the Relevant Service.

3.2.11 When using contact information included in LINE User Information (phone number, email address, home address, etc.) to contact a user, Developers must first receive the approval of the individual. They must also comply with applicable laws and guidelines related to spamming.

3.3 When using proxy sending features (features for sending messages in place of a user using that user's account) and proxy posting features (features for posting to Timeline as a user using that user's account), Developers must not send/post anything against the volition of users. Specifically Developers must comply with the following:

3.3.1 Clearly indicate to the user the following every time before sending or posting by proxy. The fact that the message will be sent or Timeline post will be made by proxy via the user's account The content to be sent or posted by proxy The recipient(s) of the message sent by proxy, or the reach of the post made by proxy

3.3.2 To not perform sending or posting by proxy unless users explicitly indicate their desire for the content indicated in 3.3.1 to be sent or posted by proxy.

3.3.3 To promptly perform the sending or posting by proxy when users explicitly indicate their wishes in accordance with 3.3.2.

3.4 LINE User Information must not be disclosed to third parties except in the following cases:

3.4.1 When required under laws and regulations.

3.4.2 When disclosing to contractors to the extent necessary for contracted work.

When disclosing to contractors, said contractors must also comply with obligations imposed on Developers by the Company. In instances where violations or other issues arise involving a contractor, the Developer shall bear responsibility.

3.5 Developers must delete LINE User Information in line with the following. Anonymized statistical data created based on LINE User Information shall not be subject to deletion.

3.5.1 When terminating Platform usage, Developers must immediately delete Company internal identifiers for identifying users and any other User Information excluding that which users have been informed will be stored for more than 24 hours. However, continued storing is possible in instances where an obligation for storing information has been provided by laws or regulations or a separate agreement with the Company.

3.5.2 After a Relevant Service is closed, or a user withdraws from the Relevant Service, all LINE User Information including Company internal identifiers for identifying users must be deleted, except: When the deletion of such information causes violation of laws or ordinances; or In limited instances when, in the presence of LINE user’s consent, storing temporarily after a Relevant Service is closed or a user withdraws from the Relevant Service for legitimate purposes such as handling inquiries.

3.5.3 Developers must comply when users make a request for disclosure, correction, deletion or the suspension of use of LINE User Information obtained by Developers. However, this shall not apply in instances when such compliance causes violation of laws or regulations.

3.5.4 Developers must comply when requested by the Company to submit a proof of disposal of LINE User Information.


4. Other Important Matters

4.1 Developers must keep security in mind when conducting system development and operation.

4.2 Developers must comply with industry standards and meet all METI System Management Standards or equivalent standards.

4.3 Developers must allow the Company to audit Relevant Services in order to confirm service safety and that there are no violations.

4.4 Developers must quickly respond when receiving requests from the Company for Relevant Service improvement. If a request cannot be accommodated, said reason must be reported.

4.5 In instances where a security incident related to LINE User Information, such as the leakage of personal information, arises, Developers must promptly notify the Company of the incident, implement necessary investigations, responses and prevention measures and report on the results.

4.6 The Company may on occasion change this policy. Developers must recognize that they will be deemed to have accepted the changes when they continue to use the Platform.

4.7 The Company may stop providing the Platform to Developers in the following cases:

4.7.1 when they have violated this policy

4.7.2 when they have not followed the Company's instruction for improvement

4.7.3 when they have performed any action that the Company otherwise deems inappropriate

Latest revision: October 1, 2023