Privacy Policy | UnlockOS

Last updated: May 2026

Notice on language precedence: This English version is provided as a courtesy translation for convenience. In the event of any discrepancy or conflict between this English version and the Japanese version, the Japanese version shall prevail.

Blockchain Lock Inc. (the “Company”) hereby establishes this Privacy Policy to recognize the importance of personal information obtained in providing the services we offer (the “Service”) and UnlockOS-compatible products (the “Products”), to handle personal information appropriately, and to continuously promote the implementation of a personal information protection management system.

The Company shall comply with the laws and regulations relating to the protection of personal information, government guidelines, and other applicable standards. The Company has established internal regulations for the prevention and correction of unauthorized access, loss, destruction, alteration, and leakage of personal information, and takes appropriate measures to protect personal information.

1. Definition of Privacy-related Information

In providing the Service and Products, the Company collects the following customer information (collectively, “Privacy-related Information”).

(1) Registration / Application Information

All information provided to the Company when using the Service or purchasing the Products — including email address, username, name, address, mobile phone number, company/organization name, address, and other contact information — and all information registered by the customer such as device installation location and users (collectively, “Registration Information”).

(2) Device Information

Device identifiers and location information of the supported devices the customer separately registers for the Service, as well as usage status (such as lock/unlock events) and any other information obtained from such devices.

(3) Access Information

Information automatically collected upon access to our site — including IP address, Service usage history, cookie data, device identifiers, and device-emitted location information (collectively, “Access Information”).

(4) Other

The content of customer inquiries and information related thereto, and any other information separately notified or disclosed at the time of collection.

2. Purpose of Use

The Company uses Privacy-related Information collected from customers within the scope of the following purposes:

To provide the Service and sell the Products
To respond to, contact, and manage inquiries related to the use of the Service or purchase of the Products
To bill and process payments for Service fees and Product purchases
To provide information about the Service, Products, and other services or products offered by the Company
For planning and proposals regarding the Service and Products
For research and analysis of the Service and Products for quality improvement
For disclosure to third parties in connection with the provision of the Service or sale of the Products
To inform customers about seminars, exhibitions, and other events of the Company or its business partners
For secondary use after statistical or anonymized processing such that individuals cannot be identified

3. Management of Privacy-related Information

(1) Shared Management by Information Type

Privacy-related Information collected from customers is shared, retained, and managed appropriately by the Company and its business partners and contractors within the scope necessary to provide the Service and Products.

(2) Handling by the Company

The Company strictly manages Privacy-related Information in accordance with its prescribed management standards and ensures that information is not lost, destroyed, altered, or leaked.

(3) Handling by Business Partners and Contractors

The Company may outsource the handling of Privacy-related Information to business partners and contractors within the scope necessary to achieve the purposes of use. In such cases, the Company confirms that such partners and contractors maintain a sufficient level of security and exercises necessary and appropriate supervision through contracts.

4. Provision of Privacy-related Information to Third Parties

The Company may disclose or provide the following Privacy-related Information to the following third parties within the scope necessary to provide the Service and Products. Except as described below, the Company shall not provide Privacy-related Information to third parties without obtaining separate consent from the customer.

(1) Customer Support Contractors and Subcontractors Designated by the Company

Purpose: to provide the Service and sell the Products
Information: Registration / Application Information and Device Information

(2) Installation Contractors and Subcontractors for the Products

Purpose: to provide the Service and sell the Products
Information: Registration / Application Information

(3) Exceptions

The Company may disclose or provide Privacy-related Information when necessary to protect the life, health, property, or other significant interests of the customer or the public, or in response to lawful requests from courts, police, consumer affairs centers, or comparable authorities.

Note: Payment processing for use of the Service and purchase of the Products is provided by Stripe Japan K.K. Credit card information is therefore collected and managed by Stripe Japan K.K. and not by the Company.

5. Disclosure, Correction, and Deletion of Privacy-related Information

(1) Availability of Disclosure

Among Privacy-related Information, Registration Information for which the Company is authorised to disclose or correct under the Act on the Protection of Personal Information may be disclosed, corrected, or deleted upon request from the customer themselves.

(2) Procedure for Disclosure, Correction, and Deletion

The Company endeavors to manage Registration Information collected from customers in an accurate and up-to-date manner within the scope necessary for the purposes of use. When a customer requests disclosure, correction, or deletion of their Registration Information, the Company will respond appropriately once it has verified that the request was made by the customer themselves.

6. External Service Integrations (e.g. Google Calendar)

With customer consent, the Company provides calendar-integration features for facility operations. For Google Calendar integration, only the following scope is requested.

(1) Requested Scope

https://www.googleapis.com/auth/calendar.events — used exclusively for writing, updating, and deleting reservation-block events for reservations received in UnlockOS. The Company does not read calendar contents, enumerate calendars, or write to third-party calendars.

(2) Stored Data

Only the OAuth refresh token (encrypted in Supabase Vault), the target calendar ID, and the facility identifier. Event content, third-party PII, and any other data from Google Calendar are not stored.

(3) Recipients

Only the customer-authorised facility's Google Calendar. The Company does not share or sell this data to third parties.

(4) Disconnection and Retention

Customers may disconnect the integration via the UnlockOS administrative panel or by revoking UnlockOS access in their Google Account's third-party app settings. The OAuth refresh token stored by the Company will be deleted within 30 days after disconnection. See the Google Calendar integration page for details.

7. Cookies and Similar Technologies

The Company uses cookies and other similar tracking technologies to collect or receive Access Information on this site and may use such Access Information. Cookie functionality may be disabled in your browser. The availability and method of such settings vary by browser; please check your browser settings.

8. Continuous Improvement

This site reviews this Policy as appropriate in response to technological developments and social demands, and strives to continuously improve the handling of Privacy-related Information. If this Policy is changed, the latest version will be posted on this site.

9. Personal Information Management Officer

Blockchain Lock Inc.
Vice President in charge of the Service

10. Changes to the Privacy Policy

Except as required by law, the Company may amend the Privacy Policy at any time.