Privacy Policy

The Service may collect the following information:

· Google account information: email address, display name, and profile photo URL via Firebase Authentication when you sign in with Google (optional).

· Username and password credentials: when you sign up with a username and password, we collect the username (3–20 alphanumeric characters) and password via Firebase Authentication. The password is stored only as a Firebase-side hash; the Service never stores plaintext passwords (optional).

· Recovery email address: an optional email address you may register so that you can reset a forgotten password. We only use it as the destination for password reset links; we do not use it to send marketing or notification email (optional).

· Analytics data: page views, navigation paths, device information, and approximate location (country/region level) via Firebase Analytics.

· Referrer data: on your first visit only, we record a normalized referrer label (e.g. x / reddit / bing / chatgpt / claude / perplexity / direct), the referring host, and the time of first visit. We use this for channel-level traffic analysis and never overwrite it on subsequent visits.

· Abuse-detection data: Firebase App Check and reCAPTCHA Enterprise verify whether requests originate from a legitimate browser.

· Usage signals: search queries, favorites, and other interaction history, used to improve recommendation accuracy.

· Related-works embeddings: work titles, circle names, and genres are sent to Google Vertex AI (text-embedding-004) to generate similarity vectors. No information that personally identifies you is sent.

· Push notification tokens: only when you enable "Today's Pick" notifications from the Settings page, we collect and store the device-specific Web Push token issued by Firebase Cloud Messaging. Turning the toggle off stops delivery, and tokens detected as invalid during delivery are removed automatically (optional).

· Cookies: language preference (NEXT_LOCALE) and age-verification state (dj_age_verified), among others.

We use the collected information for the following purposes:

· Providing personalized recommendations

· Detecting and preventing abuse and automated access

· Analyzing usage and improving the Service

· Channel-level traffic analysis

· Delivering "Today's Pick" push notifications (only when you opt in)

· Measuring affiliate program performance (FANZA / DLsite)

· Smooth operation of the Service and responding to inappropriate use

Within the scope necessary to fulfill the purposes above, we share or entrust information to the following parties:

· Google LLC (United States): we use Firebase Authentication, Firebase Analytics, Firebase App Check, reCAPTCHA Enterprise, Cloud Firestore, Cloud Functions, Firebase App Hosting, Firebase Cloud Messaging (Web Push), and Google Vertex AI (text-embedding-004 and Gemini), so portions of your information may be processed on Google's servers (including in the United States). What we send to Vertex AI Gemini is limited to public metadata about genres, works, and circles for automatic description generation; no information that personally identifies you is transmitted. Google's privacy practices are described at https://policies.google.com/privacy.

· DMM.com LLC (FANZA Affiliate Program): click-tracking information is transmitted when you follow an affiliate link.

· EISYS Inc. (DLsite Affiliate Program): same as above.

In accordance with Japan's Act on the Protection of Personal Information (APPI), we take the measures required when transferring personal data to third parties in foreign countries. For an overview of the U.S. data-protection regime, please also refer to the Personal Information Protection Commission of Japan: https://www.ppc.go.jp/en/. Apart from the above, we do not provide your personal information to third parties except as required by law.

We retain personal information only for as long as necessary to fulfill the stated purposes. In general:

· Account information, usage signals, and referrer data: while your account is active, or until you request deletion

· Anonymous accounts inactive for 30 days or more (not linked to an external identity such as Google): deleted automatically, including the account identifier and any associated data such as usage signals, favorites, followed circles, referrer data, and push notification tokens

· Push notification tokens: deleted promptly when you turn notifications off in Settings, or when a token is detected as invalid during delivery

· Firebase Analytics access logs: governed by the retention period configured for our Firebase Analytics property; data is deleted automatically once that period elapses

· Data tied to an anonymous ID after sign-out: deleted within a reasonable period, including from backups

Information past its retention period is promptly deleted or anonymized to the extent reasonably practical.

We use cookies to improve usability and analyze service usage. You can refuse cookies via your browser settings; however, doing so may impair some Service features (such as language preference and age-verification persistence). To opt out of Firebase Analytics specifically, browser extensions such as the Google Analytics Opt-out Browser Add-on are available.

We take the following measures to prevent unauthorized access, loss, or alteration of personal information:

· All traffic is encrypted with HTTPS, with HSTS forcing HTTPS connections

· Passwords are stored only as Firebase Authentication-managed hashes (bcrypt-family); the Service never stores plaintext passwords

· Firestore Security Rules restrict per-user data access

· Firebase App Check (reCAPTCHA Enterprise) verifies request authenticity, and rate limits per IP / UID / username deter automated abuse

· Cookies are issued with the SameSite attribute and the Secure attribute under HTTPS

· Content Security Policy, Permissions-Policy, X-Frame-Options, and similar HTTP headers mitigate injection via third-party scripts

Because the Service handles adult-oriented content, it is not intended for use by anyone under the age of 18. The Service stores a cookie indicating that the age-verification gate has been passed but does not collect or store users' actual ages. If we become aware that we have collected information from someone under 18, we will promptly delete that information.

You may request disclosure, correction, suspension of use, or deletion of your personal information. You can delete your account at any time from the Settings page (/settings) using the "Delete account" button. Deletion is immediate and permanent: your favorites, follows, taste profile, usage signals, referrer data, and push notification tokens are removed and cannot be restored. You can also unlink your Google account, sign out of an authenticated account, remove your recovery email, and stop push notifications (toggle "Today's Pick" off, or block notifications at the browser level) from the same Settings page. For other requests (disclosure, correction, etc.), please contact us via the contact channel listed at the end of this policy. After identity verification, we will respond in principle within two weeks. Identity verification or the nature of your request may require additional time.

We may revise this policy in response to changes in laws or our operations. When a revision is made, we will update the "Last updated" date at the top of this page. For material changes, we may also provide a separate notice within the Service. The revised policy takes effect when it is posted on this page.

For questions about this policy, the handling of personal information, or copyright takedown requests, please reach out via:

X (formerly Twitter): DM @djnavi_app, or Bluesky: DM @djnavi-app.

Operator: DoujinNavi Operations Team