Privacy Policy

Privacy Policy for the Global Game Publishing Business

Last Updated: October 28, 2025

This Privacy Policy stipulates the handling of customers’ personal information and privacy data by Creek & River Co., Ltd. (hereinafter referred to as “the Company”) in connection with the global game publishing business (hereinafter referred to as “the Service”).
The Company separately establishes the “Handling of Personal Information,” but for customers who use the Service, this Privacy Policy shall take precedence and apply exclusively.
Before using the Service, please carefully read and fully understand the contents of this Privacy Policy, and only use the Service if you agree to its terms. By using the Service, you are deemed to have consented to this Privacy Policy.

1. Scope of Application

The scope of this Privacy Policy (the scope of the Service) includes the following game title:

  • ・“Obey Me! Till Death Do Us Part”

2. Measures for the Secure Management of Personal Information

To handle personal information with greater strictness, the Company has formulated personal information protection rules and related internal regulations based on its Personal Information Protection Policy in conformity with JIS Q 15001, and operates a personal information protection management system (PMS) while taking into account the external environment. In handling personal information, the Company implements security control measures from four perspectives: organizational, human, physical, and technical.

3. Information to Be Collected and Methods of Collection

In the Service, the Company collects the following information by lawful and fair means.

  1. (1) Information provided directly by the customer: Information provided by the customer through input forms, etc. when using the Service.
    Examples: name, email address, telephone number, address, date of birth, gender, payment information, content of inquiries, opinions, or requests.
  2. (2) Information automatically collected through the use of the Service: Information automatically obtained when the customer uses the Service.
    Examples: device identifiers (including advertising identifiers such as IDFA and Google Advertising ID), IP address, OS version, device model, usage status of the Service, and information obtained through cookies and similar technologies.
  3. (3) Information obtained through linkage with external services: Information obtained from external services such as social networking services (SNS) when the customer permits linkage.
    Examples: user ID used in external services and other information consented to at the time of linkage.

4. Purpose of Use of Personal Information

The Company uses the acquired personal information for the following purposes:

  1. (1) Provision and operation of the Service
    Provision of the Service, identity verification, management of user accounts, billing, and payment processing.
  2. (2) Improvement and development of services
    Improvement of the Service, planning and development of new services, statistical analysis, and marketing research.
  3. (3) Notifications and communication
    Notifications such as important announcements related to the Service, changes to terms, and maintenance information.
  4. (4) Response to inquiries
    Response to customers’ opinions, inquiries, or complaints.
  5. (5) Prevention of fraudulent acts
    Prevention and investigation of unauthorized access or improper use, and ensuring security.
  6. (6) Advertising, publicity, and promotion
    Distribution of targeted advertisements, measurement of effectiveness, and implementation of prize campaigns and shipment of prizes.

5. Provision to Third Parties

  1. (1) The Company does not disclose or provide personal information to any third party except in the following cases:
    a. When the customer’s consent has been obtained.
    b. When providing information in a form that does not allow individual identification.
    c. When outsourcing handling to an external contractor to facilitate smooth business operations.
    d. When required to provide information pursuant to laws or regulations.
    e. When it is necessary for the protection of life, body, or property of a person, and obtaining the individual’s consent is difficult.
    f. When particularly necessary for the improvement of public health or the sound upbringing of children, and obtaining the individual’s consent is difficult.
    g. When it is necessary to cooperate with a national or local government agency, or a person entrusted by such agency, in performing affairs prescribed by laws and regulations, and obtaining consent may impede the execution of such affairs.
    h. When providing part of personal information or personal-related information that can be matched with information held by advertising distributors, to third-party advertising distributors, for the purpose of optimizing advertisement delivery.
  2. (2) The Company may receive personal-related information such as the date and time a customer clicked on the Company’s advertisement from partnered advertising distributors. In such cases, the Company may match such personal-related information with personal information provided by the Company to improve its services.

6. Provision to Contractors

The Company may outsource the handling of information externally, such as for server operation and management, within the scope necessary to achieve the purposes of use, in order to conduct its business smoothly and efficiently.
In such cases, the Company selects contractors in accordance with its own standards and implements necessary and appropriate supervision by concluding agreements concerning the handling of personal information to ensure the secure management of the personal data entrusted.

7. Personal Information Management Supervisor

Creek & River Co., Ltd.
Personal Information Protection Administrator (Executive Officer, Management Group)
E-mail:ppinfo@hq.cri.co.jp

8. Procedures for Responding to “Requests for Disclosure, etc.”

If a request (“Request for Disclosure, etc.”) is made regarding retained personal information or records of provision to third parties, such as for notification of the purpose of use, disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of provision to third parties, the Company will confirm that the request is from the individual concerned through prescribed procedures and respond promptly.
However, a disclosure fee separately determined by the Company may be charged.
The Company may refuse to respond to such requests in the following cases. In such cases, the Company will notify the individual without delay, along with an explanation of the reason.

  1. (1) When there is a risk of harming the life, body, property, or other rights or interests of the individual or a third party.
  2. (2) When it may significantly interfere with the proper execution of the Company’s business operations.
  3. (3) When it would result in a violation of laws or regulations.

    For “Requests for Disclosure, etc.,” please contact the following Personal Information Inquiry Desk.

    Creek & River Co., Ltd.
    Personal Information Inquiry Desk
    TEL: 0800-888-1171
    E-mail: ppinfo@hq.cri.co.jp

    The organization below is not a contact desk for inquiries regarding the Company’s products or services.

    Name of the Accredited Personal Information Protection Organization and Contact for Complaint Resolution:
    Japan Institute for Promotion of Digital Economy and Community (JIPDEC)
    Roppongi First Building, 1-9-9 Roppongi, Minato-ku, Tokyo 106-0032, Japan
    TEL: 03-5860-7565 / 0120-700-779
    Office Hours: Weekdays 9:30–12:00, 13:00–16:30

Annex for California Residents

Last Updated: October 28, 2025

If you are a resident of the State of California, in addition to the “Personal Information Protection Policy” and “Handling of Personal Information,” this California Residents Privacy Policy Annex (hereinafter referred to as the “California Annex”) shall apply.
If the contents stipulated in the “Personal Information Protection Policy” or “Handling of Personal Information” conflict with the provisions of this California Annex, the provisions of this California Annex shall take precedence.

1.Personal Information Collected, Purpose of Use, and Retention Period

During the past 12 months, the Company has collected personal information in the following categories.
The retention period of such information shall be limited to a period reasonably necessary to accomplish the purposes disclosed at the time of collection.

Category A: Identifiers

■Scope of Coverage
Examples: real name, alias, address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers.
■Company’s Status
Collected: Yes.
Items collected: real name, alias, address, unique personal identifier, online identifier, Internet Protocol address, email address, account name.
■Recipients of Personal Information
Trusted service providers / joint business partners.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Not shared.

Category B: Categories of Personal Information Described in the California Customer Records Statute (Cal. Civ. Code §1798.80(e))

■Scope of Coverage
Examples: name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state ID number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
■Company’s Status
Collected: Yes.
Items collected: name, education, employment, and employment history.
■Recipients of Personal Information
Trusted service providers / joint business partners.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Not shared.

Category C: Protected Classification Characteristics under California or Federal Law

■Scope of Coverage
Examples: age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
■Company’s Status
Collected: Yes.
Items collected: age, gender, country of origin.
■Recipients of Personal Information
Trusted service providers / joint business partners.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Not shared.
The Company does not collect or use personal information for additional purposes inconsistent with those disclosed at the time of collection.

Category D: Commercial Information and Online Usage Information

■Scope of Coverage
Examples: records and histories of products or services purchased or considered.
■Company’s Status
Collected: Yes.
Items collected: browsing history and interactions with the Service.
■Recipients of Personal Information
Trusted service providers / joint business partners.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Not shared.

Category E: Biometric Information

■Scope of Coverage
Examples: fingerprints, facial recognition, voiceprints, iris or retina scans, keystrokes, gait, or other physical patterns, as well as sleep, health, or exercise data used to extract templates or identifiers from genetic, physiological, behavioral, or biological characteristics or activity patterns.
■Company’s Status
Collected: No.
■Recipients of Personal Information
Not disclosed.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Not shared.

Category F: Internet or Other Similar Network Activity

■Scope of Coverage
Examples: interaction with the Company’s “Service” or advertisements.
■Company’s Status
Collected: Yes.
Items collected: information related to the Service or advertisements, such as advertising IDs.
■Recipients of Personal Information
Trusted service providers / joint business partners.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Targeted advertising.

Category G: Geolocation Data

■Scope of Coverage
Approximate physical location.
■Company’s Status
Collected: Yes.
Items collected: weather forecast information obtained through platform APIs.
■Recipients of Personal Information
Not disclosed.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Not shared.

Category H: Sensory Data

■Scope of Coverage
Examples: audio, electronic, visual, thermal, olfactory, or similar information.
■Company’s Status
Collected: No.
■Recipients of Personal Information
Not disclosed.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Not shared.

Category I: Professional or Employment-Related Information

■Scope of Coverage
Examples: current or past job history or performance evaluations.
■Company’s Status
Collected: Yes.
Items collected: current occupation, etc.
■Recipients of Personal Information
Trusted service providers / joint business partners.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Not shared.

Category J: Non-Public Education Information (as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

■Scope of Coverage
Examples: grades, transcripts, class lists, student schedules, student identification codes, financial information, or disciplinary records directly related to a student and maintained by an educational institution or party acting on its behalf.
■Company’s Status
Collected: Yes.
Items collected: calendar information entered by the user.
■Recipients of Personal Information
Trusted service providers / joint business partners.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Not shared.

Category K: Inferences Drawn from Other Personal Information

■Scope of Coverage
Examples: profiles reflecting an individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
■Company’s Status
Collected: Yes.
Items collected: inferred data derived from the above personal information, such as profiles regarding preferences, behaviors, or characteristics.
■Recipients of Personal Information
Trusted service providers / joint business partners.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Not shared.

Category L: Sensitive Personal Information

■Scope of Coverage
Examples: account login and password information, location data.
■Company’s Status
Collected: Yes.
Items collected: account login and password information, location data, contents of emails or text messages not intended for the Company as recipient, personal information collected and analyzed regarding sexual life or sexual orientation.
■Recipients of Personal Information
Trusted service providers / joint business partners.
■Categories of Personal Information Sold
Not sold.
■Categories of Personal Information Shared for Cross-Context Behavioral Advertising
Not shared.
The Company does not collect or use personal information for additional purposes inconsistent with those disclosed at the time of collection.

2.Rights of California Consumers

Customers who are residents of the State of California have the following rights regarding their personal information:

  • • Right to Know: The right to request disclosure of what personal information the Company has collected, used, disclosed, sold, or shared about you. This includes the categories of personal information, sources, purposes of use, categories of third parties to whom it was disclosed, and specific pieces of personal information obtained by the Company.
  • • Right to Delete: The right to request deletion of personal information the Company has collected from you (subject to certain exceptions).
  • • Right to Correct: The right to request correction of inaccurate personal information held by the Company.
  • • Right to Correct: The right to request correction of inaccurate personal information held by the Company.
  • • Right to Limit Use and Disclosure of Sensitive Personal Information: The right to restrict the Company’s use or disclosure of sensitive personal information beyond specific purposes defined under the CCPA.
  • • Right to Non-Discrimination: The right not to receive discriminatory treatment from the Company for exercising your rights under the CCPA.

3.How to Exercise Your Rights

To exercise the above rights, please make a request using the following contact method:

  • Contact Email: dg_ppinfo@pr.cri.co.jp
  • Identity Verification:
    For the Right to Know, Right to Delete, and Right to Correct, the Company will carry out reasonable identity verification procedures to confirm that the requester is the individual concerned.
    For the Right to Opt-Out or Right to Limit, identity verification is generally not required.
  • Agent Requests:
    You may make a request through an authorized agent. In such cases, the Company may require submission of documentation proving the agent’s authority.
  • Response to Requests:
    Upon receipt of a verifiable request, the Company will respond within 45 days in principle.
    If additional time is required, the Company will notify the requester with reasons and may extend the period by up to 45 additional days.

4.Use and Disclosure of Sensitive Personal Information

The Company may collect sensitive personal information such as precise location information or the content entered by customers in the in-app calendar or memo functions.
Such sensitive personal information is collected and used only for the purposes reasonably necessary to provide the services that customers can reasonably expect, such as functions based on location information or calendar and memo functions within the game.
The Company does not use or disclose such sensitive personal information for analysis aimed at service improvement or for any purposes beyond those stated above.
Accordingly, the Company does not provide an opt-out link regarding the restriction of the use of sensitive personal information under the CCPA.

Management of Information by Customers (Restriction and Deletion of Use)
Precise location information and the contents of the calendar and memo are managed by customers themselves and are not operated by the Company. Therefore, the exercise of CCPA rights concerning this information shall be carried out through the following operations by the customers.

  • Precise Location Information
  • • Restriction of Use: The Company does not use or disclose customers’ precise location information for analysis or other purposes beyond providing game functions. Customers may disable access to location information for the application in their smartphone’s OS settings at any time to stop (restrict) the Company’s use of precise location information. In that case, game functions using precise location information (such as weather forecast functions) will no longer be available.
  • • Deletion: The Company does not store customers’ precise location information on its servers.
  • Calendar and Memo Contents
  • • Restriction of Use: The Company does not use or disclose customers’ calendar schedules or memo contents for analysis or other purposes beyond providing game functions. Customers may stop (restrict) the Company’s use of such information at any time by directly deleting calendar schedules or memo contents using the in-app features. In that case, game functions that display such information in-game will no longer be available.
  • • Deletion: Customers may delete their own calendar schedules or memo contents at any time using the in-app features. The Company does not retain any deleted information.

5.Information Regarding Minors Under the Age of 16

The Service is intended for users aged 17 or older and is not designed to knowingly collect personal information from minors under the age of 16.
If the Company becomes aware that it has obtained personal information from a consumer under the age of 16, it will not sell or share such personal information without prior consent (opt-in) from the child’s parent or legal guardian.

6.Contact Information

For questions regarding this special provision or the Company’s privacy practices, please contact:
Contact email: dg_ppinfo@pr.cri.co.jp
Personal Information Inquiry Desk, Game Publishing Business

7.Revisions to the California Annex

The Company may revise this California Annex in response to changes in laws or business operations.
If significant changes occur, the Company will notify users in an easy-to-understand manner, such as through in-app announcements.

Annex for Residents of the European Region and the United Kingdom

Last Updated: October 28, 2025

If you reside in an EU member state, Norway, Iceland, Liechtenstein, or the United Kingdom (collectively referred to as the “European Region, etc.”), this Annex for Residents of the European Region and the United Kingdom (hereinafter referred to as the “European Annex”) applies in addition to the “Personal Information Protection Policy” and the “Handling of Personal Information.”
In the event of any inconsistency between the provisions of the “Personal Information Protection Policy” or “Handling of Personal Information” and this European Annex, the provisions of this European Annex shall prevail.

1.Personal Data Handled by the Company

In providing the Service, the Company obtains and uses the following personal data for the purposes specified below, based on the lawful grounds set forth in the General Data Protection Regulation (GDPR) (including the UK GDPR).

Type of Personal Data Purpose of Use Lawful Basis (Article 6 of the GDPR)
User Information: name, username, identification ID, contact information such as email address, profile information such as age, gender, and language, device information, IP address, cookie identifiers, and other online identifiers. - To provide, operate, and manage user accounts for the Service.
- To verify identity.
- To respond to inquiries and provide customer support.
- To improve the Service and develop new services.
 Performance of a Contract: The provision of the Service is based on the contract (Terms of Use) between the user and the Company, and such data is essential for the performance of that contract.
Location Information - To provide functions based on location information, such as delivering weather forecasts for the user’s current location. Explicit Consent of the Individual: These functions are optional and are obtained and used only when the user has given explicit consent.
Memo and Calendar Entries - To provide diary and scheduling features within the game as requested by the user. Explicit Consent of the Individual: The Company obtains and uses this data only when the user has expressed a clear wish to use these functions and has given explicit consent.
Usage Data: login history, play status, purchase history of items, interaction history with other users. - To analyze the usage status of the Service and improve it.
- To analyze user interests and deliver targeted advertisements through profiling.
 Consent of the Individual: Analysis and advertisement delivery based on these data are performed only when the user has given consent.

2.Your Rights

You have the following rights regarding your personal data.
To exercise these rights, please contact the Data Protection Officer (DPO) or the inquiry contact listed below.

  • • Right of Access: The right to confirm whether your personal data is being processed and, if so, to access such personal data.
  • • Right to Rectification: The right to have inaccurate personal data corrected.
  • • Right to Erasure (“Right to be Forgotten”): The right to have your personal data erased under certain conditions.
  • • Right to Restriction of Processing: The right to restrict the processing of your personal data under certain conditions.
  • • Right to Object: The right to object to certain processing, including processing for direct marketing purposes.
  • • Right to Data Portability: The right to receive the personal data you have provided in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • • Right to Withdraw Consent: The right to withdraw consent at any time regarding processing based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • • Right to Lodge a Complaint: The right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged GDPR violation occurred.

3.Controller of Personal Data

Controller of personal data obtained in connection with the Service:
Creek & River Co., Ltd.
Address: Shin-Tora Dori CORE, 4-1-1 Shimbashi, Minato-ku, Tokyo 105-0004, Japan
Contact: dg_ppinfo@pr.cri.co.jp
Personal Information Desk, Game Publishing Business

4.Data Protection Officer (DPO) and EU/UK Representative

In accordance with the GDPR, the Company has appointed a Data Protection Officer (DPO) and EU/UK representatives.
For inquiries regarding the handling of personal data, please contact:

Data Protection Officer (DPO)

Enobyte GmbH
Augustenstr. 49, 80333 Munich, Germany
Email: dpo@enobyte.com
Tel.: 089 / 215 4774 30
Web: https://enobyte.com/kontakt

EU/UK Representative

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
• United Kingdom (UK)
• European Union (EU)
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website:
https://app.prighter.com/portal/17183608041

5.Targeted Advertising

The Company uses targeted advertising to deliver more relevant advertisements based on users’ interests and preferences.
This is achieved by analyzing users’ profile information, usage data, and location information to infer (profile) users’ interests.
The delivery of targeted advertisements is based on the user’s consent as the lawful basis. Users have the right to withdraw this consent at any time.

If you wish to withdraw your consent, please select the appropriate option from the following link:
https://prighter.com/dsrtool/new/dsr_eu/17183608041

6.Cross-Border Transfer of Personal Data

The Company is a corporation based in Japan, and users’ personal data is processed and stored on servers located in Japan.
Transfers of personal data from the EEA and the UK to Japan are carried out based on the adequacy decision by the European Commission and the UK government.
Personal data transferred to Japan under the adequacy decision is protected under Japan’s Act on the Protection of Personal Information (APPI) and the Supplementary Rules established by the Personal Information Protection Commission, ensuring a level of protection equivalent to that under the GDPR.

7.Retention Period of Personal Data

The Company retains personal data only for as long as necessary to achieve the purpose of use, and upon expiration of such period, deletes it without delay, unless otherwise required by law (“principle of storage period limitation”).
The specific retention period varies depending on the type of data and its purpose of use.

8.Revisions to the European Annex

The Company may revise this European Annex in response to changes in laws or business operations.
If significant changes occur, the Company will notify users in an easy-to-understand manner, such as through in-app notifications.

Contact information of Data Protection Officer (DPO)

Enobyte GmbH
Augustenstr. 49, 80333 Munich, Germany
Email: dpo@enobyte.com
Tel.: 089 / 215 4774 30
Web: https://enobyte.com/kontakt