Effective date: 2026-06-03
This Privacy Policy applies to CareBear users in Japan. CareBear is a free mobile app provided by Redefine Impacc LLC ("we," "us," "our," or "Service Provider"). If you use CareBear in the United States, please refer to the United States Privacy Policy. Your app language setting does not change which jurisdiction policy applies, and United States-specific California or Santa Clara County provisions do not apply merely because you use CareBear in Japan.
CareBear helps users configure followers and delayed messages that may be delivered if CareBear detects a possible lost-contact event. This policy explains how we handle personal information and information related to personal information for users in Japan under the Act on the Protection of Personal Information of Japan ("APPI") and other applicable requirements.
Operator: Redefine Impacc LLC
Privacy requests, legal inquiries, support requests, and complaints: [email protected]
We use personal information and information related to personal information only as necessary for the following purposes, unless we notify you of an additional purpose or applicable law permits otherwise:
| Category | Examples | Purpose | Required or optional | Retention | Recipients, storage, and transfer countries | Request path |
|---|---|---|---|---|---|---|
| Account and sign-in data | Email address, encrypted password, internal user ID, timestamps, account status, Apple provider identifier or UID where Sign in with Apple is used. | Authentication, account management, Apple sign-in, support, security, and deletion processing. | Required to create and maintain an account, except Apple sign-in is optional. | Kept while the account is active, then deleted or de-identified after a verified account deletion subject to limited exceptions. | DigitalOcean hosting/storage; Apple for Apple sign-in; support and email systems. Processing may occur in the United States and other countries where providers operate. | Email [email protected] with "Privacy Request" in the subject line. |
| Device, push, and session data | Device identifier, APNs token, bundle ID, APNs environment, preferred language, OAuth access tokens and grants, server ping records, APNs response data. | Device registration, push delivery, localization, session security, and service reliability. | Required for device-linked app functionality and push delivery; notification permission can be managed in iOS. | Kept while needed for active service, security, diagnostics, or deletion records. | DigitalOcean, Apple/APNs, and diagnostic systems. Processing may occur in the United States, Japan, and other provider locations. | Email [email protected] or manage device permissions in iOS settings. |
| Motion and check-in data | Motion activity type, motion timestamp, latest activity time, manual check-in time, device check-in time. CareBear does not collect GPS, precise location, route history, address, or real-time location. | Possible lost-contact detection, follower activity visibility, and alert timing. | Motion and Fitness permission is optional, but lost-contact detection may not work as expected without it. | Kept while needed to provide the lost-contact workflow and related diagnostics, then deleted or de-identified subject to exceptions. | DigitalOcean hosting/storage and limited diagnostic systems. Processing may occur in the United States and other provider locations. | Revoke Motion and Fitness permission in iOS settings or email [email protected]. |
| Follower and invite data | Follower relationships, nicknames, invite tokens, invite URLs, accepted follower user IDs, limited activity metadata visible to accepted followers. | Create and manage follower relationships and route lost-contact alerts. | Optional unless you choose to use follower features. | Kept while the relationship or account remains active, then deleted or de-identified subject to limited exceptions. | DigitalOcean hosting/storage and user-to-user disclosure to accepted followers. | Manage followers in the app where available or email [email protected]. |
| Delayed-message, notification, and email data | Wait period, trigger state, free-text message content, in-app notification records, notification titles and content, email delivery records, APNs response data, delivery results. | Configure delayed messages and deliver lost-contact alerts to followers through the app, push notifications, and email. | Optional unless you create delayed messages or an alert is triggered. | Active product data is deleted or de-identified after a verified account deletion subject to exceptions. Already-delivered messages, emails, push notifications through Apple Push Notification service (APNs), and follower-device copies cannot be recalled. | DigitalOcean, Apple/APNs, SendGrid SMTP/email systems, support and email systems, and accepted followers. Processing may occur in the United States and other provider locations. | Manage messages in the app where available or email [email protected]. |
| Support, deletion, diagnostics, and legal records | Support emails, privacy requests, deletion records, request metadata, Sentry events, logs, and legal or security records. | Support, privacy request handling, security, abuse prevention, debugging, deletion proof, and legal compliance. | Optional when you contact support; some records are created automatically for security and diagnostics. | Kept only as long as needed for the applicable purpose, including security, legal, fraud prevention, support, backup, operational, or deletion proof needs. | support and email systems, Functional Software/Sentry, DigitalOcean, and internal operations. Processing may occur in the United States and other provider locations. | Email [email protected]. |
We use service providers and processing channels to operate CareBear. These providers may process information in Japan, the United States, and other countries where their infrastructure, affiliates, or personnel operate. We use these providers for the purposes described in this policy and expect them to protect information through contractual, technical, and organizational measures appropriate to their role.
If you invite a follower and the follower accepts, that follower may see limited activity metadata before a lost-contact alert is triggered, such as latest activity type, latest activity time, and latest check-in time. Followers do not receive all of your activities in real time. CareBear does not collect GPS, precise location, route history, address, or real-time location as part of this workflow.
If a lost-contact alert is triggered, CareBear may deliver your delayed-message content to accepted followers through in-app notification records, push notifications through Apple Push Notification service (APNs), and email. This is a user-to-user disclosure that you configure through the follower and delayed-message features.
Avoid including private or sensitive information in delayed messages, such as passwords, door codes, financial credentials, government ID details, medical details, precise location details, unsafe instructions, or another person's private information unless it is necessary and you are authorized to do so. Alerts may include your message in the CareBear app, push notifications, and email messages.
Push notifications may be visible on a device lock screen depending on the recipient's device settings. Emails may be visible in the recipient's email inbox and email notifications. Once a message, push notification, email, or follower-device copy has been delivered, CareBear cannot recall it.
CareBear depends on device permissions, iOS Motion and Fitness permission, Core Motion behavior, notification permission, battery state, network connectivity, APNs, email delivery systems, server availability, and correct account and follower information. Detection or delivery may fail, be delayed, be duplicated, or be wrong.
CareBear is not a substitute for 110, 119, 911, emergency dispatch, medical monitoring, nursing-care monitoring, private security, rescue, GPS tracking, or guaranteed safety monitoring. Do not rely on CareBear as your only safety plan.
We retain personal information for as long as needed to provide CareBear, support the purposes described in this policy, comply with legal obligations, maintain security, prevent abuse, resolve disputes, process deletion requests, support debugging, and maintain backups.
We use administrative, technical, and organizational safeguards designed to protect personal information from unauthorized access, loss, misuse, alteration, disclosure, or destruction. These safeguards include access controls, employee or contractor supervision, service-provider supervision, logging and diagnostics controls, and security practices appropriate to the nature of the information and our operations.
Subject to applicable law and identity verification, users in Japan may request notification of purpose of use, disclosure of retained personal data and applicable third-party provision records, correction, addition, deletion, cessation of use, erasure, or cessation of third-party provision where such rights apply. You may also submit complaints about our handling of personal information.
To submit a request or complaint, email [email protected] with "Privacy Request" in the subject line. We may ask for information needed to verify your identity and account before responding.
CareBear is intended only for users aged 13 and above. We do not knowingly collect personal information from anyone under the age of 13. If we learn that a child under 13 has provided personal information, we will delete that information after verification where required. Email [email protected] for assistance.
We may update this Privacy Policy from time to time. If material changes occur, we will notify users by email, in-app notice, or posting the revised policy, subject to applicable law. Continued use of CareBear after changes take effect constitutes acceptance of the revised practices to the extent permitted by applicable law.