Privacy Policy
Last updated: May 9, 2026 / Effective date: May 9, 2026
BrickWall Inc. (the "Company") establishes this Privacy Policy (this "Policy") as set out below regarding the handling of users' personal information (meaning "personal information" as defined in Article 2, Paragraph 1 of the Act on the Protection of Personal Information; the same applies hereinafter) in AXE THROW HUB (the "Service") provided by the Company.
1. Name, Address, and Representative of the Business Operator
- Business operator name: BrickWall Inc.
- Address: B1F, 1-15-9 Nishi-Shinjuku, Shinjuku-ku, Tokyo 160-0023
- Representative Director: Makoto Kato
- Personal Information Protection Manager: Makoto Kato (see the end of this Policy for contact details)
2. Personal Information We Collect
In providing the Service, the Company collects the following personal information.
(1) Account Information
- Email address
- Social login authentication information (public profile and email address of your Google account)
- Username and display name
- Password (stored after one-way hashing)
(2) Profile Information (Optional)
- Avatar image
- Home venue
- Dominant hand
- Experience level
- Date of birth (for age-group rankings)
- Gender
(3) Competition Data
- Practice scores, match scores, tournament records
- Ranking battle results, certificate acquisition history
- Measurement time, opponents, rules used
(4) Certificate Application Information
- Applicant's real name
- Date of birth
- Storage location equivalent to an address, telephone number
- Information and photographs of the axe, knife, or shuriken subject to certification
(5) Communication and Community Information
- Friend requests, follow relationships
- Community posts, comments, replies, images, videos
- Content submitted through the inquiry form
(6) Usage Logs and Technical Information
- Access date and time, referring URL, referrer
- IP address, user agent, device information, screen size
- PIN attempt history, login history, operation logs
- Web Push notification endpoints, encryption key information
(7) Cookies and Similar Technologies
- Session management Cookies (required)
- OAuth token storage Cookies (required)
- Analytics identifiers (Vercel Analytics, no personal identification)
3. Purposes of Use
The Company uses the personal information it collects for the following purposes.
- Provision and operation of the Service, identity verification, and authentication
- Detection and prevention of violations of the Terms of Use, unauthorized access, and fraudulent measurement (including PIN attempt history, IP addresses, etc.)
- Recording of scores, tournament records, rankings, and certificates, and their publication on the Service
- Web Push notifications and email notifications (tournament notices, certificate approvals, reply notifications, announcements from the operator, etc.)
- Responding to inquiries and providing support
- Improving the Service, developing new features, and creating usage statistics (in a statistical format that does not identify individuals)
- Use of aggregated data for marketing purposes (in a statistical format that does not identify individuals)
- Notification of changes to the Terms of Use of the Service, this Policy, and other rules and regulations
- Billing of participation fees for paid events, payment processing, sending receipts, and processing refunds
- Provision of the direct messaging feature (handled as secrecy of communications, and viewed only when investigating reports or responding to legal requests)
- Confirming compliance with laws, guidelines, and the Terms of Use, and handling disputes
- Responding to requests for disclosure of sender information and inquiries from investigative authorities
- Other purposes incidental to the above purposes of use
3.1 Secrecy of Communications in the Direct Messaging Feature
The content of communications exchanged through the direct messaging (DM) feature of the Service is handled as secrecy of communications as defined in Article 4 of the Telecommunications Business Act.
- In principle, the Company does not view the content of DMs.
- As an exception, the Company may review the content to the minimum extent necessary only in the following cases:
- When a report is received from a user and review is deemed necessary for the investigation
- When there is a court warrant or an inquiry from an investigative authority based on laws and regulations
- When the situation constitutes an emergency evacuation (such as a warning of suicide, self-harm, or serious harm to a third party)
- When technically unavoidable for system failure analysis or fraud investigation
- DM message logs are retained for a reasonable period in order to respond to requests for disclosure of sender information and to comply with laws and regulations.
- Even when the sender performs a "deletion" (soft delete), the operator's system records are retained for the purpose of legal compliance.
4. Handling of Public Information
Due to the nature of the Service, the following information may be disclosed to other users and to the general public. By using the Service, a user is deemed to have consented to the disclosure of such information.
- Username, display name, avatar image, self-introduction
- Competition scores, tournament results, ranking positions, certificate acquisition status
- Community posts, comments, replies, hashtags, attached media
- Player names, scores, and spectator comments during live streaming
In principle, date of birth (birth month and day), email address, telephone number, address, PIN, and the like are not publicly disclosed.
5. Provision to Third Parties
The Company will not provide personal information to third parties without the user's consent, except in the following cases.
- When based on laws and regulations (including formal requests from courts, police, prosecutors, tax authorities, etc.)
- When necessary for the protection of a person's life, body, or property, and it is difficult to obtain the consent of the individual
- When particularly necessary for improving public health or promoting the sound development of children, and it is difficult to obtain the consent of the individual
- When it is necessary to cooperate with a national government agency, a local government, or a party entrusted by either in carrying out affairs prescribed by laws and regulations, and obtaining the consent of the individual is likely to impede the performance of such affairs
- When personal information is provided in connection with the succession of business due to a merger, company split, business transfer, or other reason of the Company (including a business transfer based on Article 28 of the Terms of Use of the Service)
6. Outsourcing (External Services)
In order to provide the Service, the Company entrusts the handling of personal information to the following external service providers. For each of these contractors, the Company carries out appropriate contracts and supervision regarding the safe management of personal information.
| Contractor | Purpose | Country of location | Data handled |
|---|---|---|---|
| Supabase, Inc. | Database, authentication, and storage | United States / Japan (Tokyo region) | All items in Article 2 |
| Vercel, Inc. | Hosting, delivery, and analytics | United States (CDN worldwide) | Usage logs, technical information |
| Resend, Inc. | Email delivery | United States | Email addresses, email body content |
| Sentry (Functional Software, Inc.) | Error monitoring | United States | Usage logs at the time of errors (personally identifiable information excluded) |
| Google LLC | OAuth authentication, Push notification delivery (Android) | United States | Google account identifiers, Push identifiers |
| Apple Inc. | Push notification delivery (iOS) | United States | Push identifiers |
| Stripe Payments Japan 株式会社 / Stripe, Inc. | Payment processing, receipt issuance, and refund processing for paid events | Japan / United States / Ireland | Email address, payment information (the Company does not directly collect or store card numbers), payment amount, payment status, receipt recipient |
When providing information to third parties located in foreign countries, the Company confirms the personal information protection systems of the relevant countries and takes the necessary protective measures.
7. Security Control Measures for Personal Information
The Company takes the following measures for the prevention of leakage, loss, or damage of personal information and for the other safe management of personal information.
- Technical security control measures: HTTPS for all communications, one-way hashing of passwords, access control through Row Level Security (RLS), the principle of least privilege, secret management (Vault / environment variables), CSP (Content Security Policy), regular security audits, error monitoring (Sentry)
- Organizational security control measures: Appointment of a Personal Information Protection Manager, development of handling regulations, minimization of access privileges, retention of audit logs
- Personnel security control measures: Thorough enforcement of confidentiality obligations on directors, employees, and contractors, and implementation of education and training
- Physical security control measures: Reliance on the physical security of the data centers of cloud providers (in accordance with the certification status of Supabase / Vercel)
8. Rights of Users
Users may make the following requests to the Company regarding their own personal information.
- Request for disclosure: The right to request disclosure of one's own personal information
- Request for correction, addition, or deletion: The right to request correction, addition, or deletion when the content is not factual (many items can be edited directly on the profile screen)
- Request for suspension of use or erasure: The right to request suspension of use or erasure of personal information (can be carried out from "Withdraw" on the profile screen; the information is anonymized)
- Request to stop provision to third parties: The right to request that provision to third parties be stopped
- Request for disclosure of records of provision to third parties: The right to request disclosure of records relating to provision to third parties
When making a request, we may ask you to undergo an identity verification procedure by a method prescribed by the Company in order to confirm your identity. In addition, we may not make disclosures, etc., based on laws and regulations. In principle, we respond to requests within 30 days after receiving the request.
9. Data Retention Periods
- Account information and profile information: Until withdrawal (after one year has elapsed since the last login, the Company may delete it at its discretion)
- Competition records after withdrawal: For the legitimacy of tournament records and the continuity of statistics, retained in principle indefinitely after anonymization
- PIN attempt logs and login history: 90 days (extended until the completion of investigation after fraud detection)
- Access logs and error logs: Up to 90 days
- Inquiry content: 3 years after completion of the response
- Information whose retention is required by laws and regulations: The statutory retention period
10. Use of Cookies and Similar Technologies
- The Service uses Cookies for user authentication and session maintenance. Such Cookies are essential for the provision of the Service, and if they are disabled, you will not be able to use the Service.
- The Service collects anonymous access statistics through Vercel Analytics. Such statistics are not collected in a form that identifies individuals.
- At present, the Service does not use third-party Cookies for advertising delivery purposes. If we introduce them in the future, we will change this Policy and provide prior notice.
11. Regarding Minors
Although the Service does not set an age restriction, when a minor uses the Service, consent regarding the handling of personal information shall be given under the consent of a person with parental authority or other legal representative.
12. Profiling and Automated Decision-Making
In the Service, the Company performs automated processing such as the automatic calculation of rankings, the automatic generation of pairings, and the automatic determination of whether a certificate can be issued; however, these are mechanical processes based on the Terms of Use and published criteria, and the Company does not perform profiling that evaluates an individual's personality, ability, or the like.
13. Inquiries and Complaints
For inquiries regarding this Policy, requests for disclosure and the like, and the filing of complaints, please contact the following point of contact.
- Business operator name: BrickWall Inc.
- Personal Information Protection Manager: Makoto Kato
- Address: B1F, 1-15-9 Nishi-Shinjuku, Shinjuku-ku, Tokyo 160-0023
- Email: jaat.axe@gmail.com
- In-service inquiry form: /contact
14. Authorized Personal Information Protection Organization
At present, the Company is not a target business operator of an authorized personal information protection organization. For complaints regarding the handling of personal information that cannot be resolved by the Company, you may consult the Personal Information Protection Commission.
- Personal Information Protection Commission: https://www.ppc.go.jp/
15. Changes to This Policy
- The Company may change this Policy when it determines that there is a revision of laws and regulations, a change in the content of the Service, or other necessity.
- When changing this Policy, the Company will set an effective date for the revised Policy and, by the effective date, will make the content of the revised Policy and the effective date known on the Service or by a method prescribed by the Company.
- In the case of important changes, we will notify registered users in advance by email or by notification within the Service.
This Policy is a document independently prepared by the Company based on the operating policy of AXE THROW HUB and the Act on the Protection of Personal Information of Japan. The personal data of the Service is stored in the Tokyo region. This English text is a reference translation. In the event of any discrepancy between the Japanese and English versions, the Japanese version prevails.