X FUTURO DATA-HANDLING NOTICE Version: x-futuro-data-notice-2026-07-15-v11 Effective date: 2026-07-15 Operational history Selected data-minimization and customer-boundary practices have been applied since 2020. The controls stated in this notice apply from the effective date above. Operator X Futuro株式会社 (corporate number 3120001231380) Registered office: 1-5-15 Hirakawacho, Chiyoda-ku, Tokyo 102-0093, Japan Representative director: identified in the current official corporate registry under the corporate number above and available without delay through the rights-request channel below. This notice covers the public encrypted-inquiry service. Contracted project processing is governed by the applicable master services agreement, statement of work and data-processing terms. Information collected The service collects a message, optional reply channel or prior receipt, consent-notice version, submission time and encrypted-inquiry receipt. A prior receipt is a reference and cannot receive a reply. Attachments are not accepted. Do not submit credentials, private keys, access tokens, production logs, personal data concerning another person, exploit code, malware or detailed system architecture. Purposes X Futuro uses the information to review the inquiry; respond when a reply channel is supplied; associate a follow-up with a prior receipt; assess service eligibility and fit; conduct legal, authorization, sanctions, end-user, end-use and export-control screening; prevent abuse; establish a requested service; protect systems and rights; handle privacy requests and complaints; and comply with a valid legal obligation. An inquiry without a reply channel is one-way. Encryption and access When encrypted intake is enabled, the browser creates a fixed-size JWE before transmission. The public receiver and temporary inbox handle ciphertext. Decryption authority is separated from the website runtime and restricted to personnel with a business need. A compromised website, browser or endpoint may still expose plaintext before encryption, so this design reduces exposure but is not an absolute confidentiality guarantee. Location and service providers The public inquiry service is hosted on infrastructure in Japan. Project data locations and processors are identified in the applicable contract. The application does not persist raw IP addresses or complete user-agent strings. Load balancer, WAF and hosting security logs are separate controls and must follow a minimization and limited-retention policy. Retention Uncontracted inquiry ciphertext and optional reply details are scheduled to expire from the application-layer inbox no later than 48 hours after acceptance by the public receiver. X Futuro may delete them earlier when no longer required. Independent deletion-test evidence is not yet published. Abuse-prevention and rate-limit metadata expires no later than 24 hours after creation and excludes inquiry content; the application does not retain raw IP addresses or complete user-agent strings. A valid compulsory legal obligation or a documented, narrowly scoped legal hold may suspend ordinary deletion only for affected material and only for as long as required. Transaction, tax and minimum authorization evidence is stored separately for applicable statutory or contractual periods. Separable customer technical content, credentials, production data, raw scan artifacts and complete report copies are excluded from that long-term record unless a written contract or binding legal requirement specifically requires otherwise. AI use Customer data is not used to train AI models. Sensitive content is not sent to an external AI provider without prior authorization, a defined purpose and appropriate provider controls. Authorization to process content is not permission to train a model on it. AI may support investigation, comparison and explanation, but it does not independently approve high-impact production actions. Disclosure Disclosure is limited to a contracted processor with a defined purpose and confidentiality controls, a valid compulsory legal process, or the minimum necessary to protect rights and systems. X Futuro verifies the authority and scope of a request and discloses only information it actually holds and is legally required to provide. No service can promise that lawful disclosure will never occur. Rights requests and complaints To request disclosure of retained personal data or records of third-party provision, notification of purpose, correction, addition, deletion, suspension of use, erasure, or suspension of third-party provision where applicable, use the same encrypted inquiry and label the message "Privacy rights request". To make a complaint, label it "Privacy complaint". Provide a reply channel, the receipt if available, enough detail to identify the relevant record, and appropriate proof of identity or authority. Do not place identity documents in the first message; X Futuro will establish a proportionate secure verification method. X Futuro will acknowledge a decryptable request, verify identity and authority, assess it under applicable law, and respond without undue delay. A request may be limited or refused only on a lawful ground, with the reason explained where permitted. Security-management measures - Organizational: assigned responsibility, handling and deletion rules, least-privilege approval, incident escalation, and periodic access and retention review. - Personnel: confidentiality duties, need-to-know access, security instruction, and prompt access removal when duties end. - Physical: controlled handling of devices and media, protection against unauthorized viewing or removal, and secure disposal. - Technical: encryption in transit and at the application layer where stated, separation of website and decryption authority, access control, rate limiting, content-excluding security logs, patching and vulnerability management. - Processors: purpose-limited selection, contractual confidentiality and security duties, access restriction, and risk-proportionate oversight. - Overseas processing: destination, processor and safeguards are identified before a project transfer; applicable consent, contract and statutory requirements are assessed before processing outside Japan. Service and legal boundary The public website and public inquiry service are intended for organizations and persons acting for business purposes. Every proposed engagement is subject to the same general legal, contractual, authorization and delivery review. Submission does not oblige X Futuro to accept an engagement. The service accepts only work with a lawful purpose. Security testing and production access require written authorization from a party with lawful authority, with scope and stop conditions explicitly defined. X Futuro identifies the Japanese laws and mandatory requirements applicable to its operations and each engagement, including APPI, the Act on Prohibition of Unauthorized Computer Access, FEFTA and applicable external-transmission rules under the Telecommunications Business Act. Before acceptance, X Futuro reviews the customer entity, location, end use and delivery content. Notice administration X Futuro provides technical services, not legal advice, certification or an unconditional compliance guarantee. Submission does not create an engagement or contract. A later notice version does not silently replace the version recorded with an earlier inquiry. Material changes receive a new version and effective date.