Privacy Policy — SmileProgress

1. Our Commitments

SmileProgress is an app for recording, aligning, and anonymizing the progress of orthodontic treatment on your device, and for sharing anonymized images only when you choose to. We make three commitments:

• Your photos belong to you. The originals stay on your device and are not transmitted to our servers.
• The Service does not evaluate, diagnose, or rate your teeth, your treatment, or your progress. It is a personal record, not a medical opinion.
• We do not separate Posted Data from the Service and transfer it to anyone else on its own.

2. Lifecycle of Posted Data

1. Capture and alignment: performed entirely on your device. No data is transmitted to our servers.
2. Sharing: when, and only when, you choose to share, a de-identified image (mouth area only) and post metadata are sent to our servers.
3. Withdrawal: you may delete a Post at any time. You can delete it from the device on which it was created, from a device to which your identity has been carried over (via iCloud, Sign in with Apple, or an in-app purchase), or by using the deletion secret shown to you at the time of posting. The Post itself is removed; only aggregate, non-personally-identifiable counts (such as total view counts) may remain.
4. Business succession: if our business passes to another operator, shared Posts are transferred to the successor for the purpose of continuing the Service.

3. Information We Collect and Do Not Collect

We collect, on our servers, the following information contained in shared Posts:

• A de-identified image of your mouth area (mouth area extracted or surroundings masked, EXIF and location metadata removed)
• Post metadata: country (optional), treatment duration, treatment type, extraction status, the self-declared age band of the poster (in five-year ranges, with people aged 60 or older grouped together, and "prefer not to say" available as a choice), post comment
• Pseudonymous user identifier (owner_id) used only to manage shared Posts (treated as personal data even though it does not directly identify you), together with the owner anchors mapped to it (an App Attest device identifier, the appAccountToken described below, and, optionally, the pseudonymous identifier from Sign in with Apple and a pseudonymous identifier stored in iCloud)
• Version of the Terms and Privacy Policy at the time of consent and the timestamp of consent

If you make an in-app purchase (one-time purchase or Pro plan), we collect, through StoreKit 2 receipt verification (the App Store Server API), only the following information:

• originalTransactionId (transaction identifier issued by Apple)
• productId (identifier of the purchased product)
• Purchase timestamp
• appAccountToken (a pseudonymous UUID issued by the app, mapped to the Pseudonymous user identifier (owner_id) above; used to honor your right to delete your previously shared Posts and to support Restore Purchases when you switch devices)

We do not collect:

• Original images
• Full-face photographs
• Geolocation data (latitude/longitude)
• Personally identifying information such as name, address, telephone number, email address, or device identifier
• EXIF metadata
• Your Apple ID itself, or the name or email address associated with your Apple ID (the App Store Server API does not return these values, so we cannot receive them. If you choose to use Sign in with Apple, we receive only the pseudonymous identifier (sub) issued by Apple, not your Apple ID itself or your name; you may use a private email relay, which the Service does not require to function)

The "de-identified image" used in this Service refers to an image processed to reduce the risk of personal identification. It does not by itself qualify as "anonymously processed information" under the Japanese Act on the Protection of Personal Information. Posted Data is processed as personal data under the GDPR and the UK GDPR, and as personal information under the CCPA, even where it has been de-identified on-device. We continue to apply these protections until Posted Data qualifies as anonymous information under applicable law.

4. Purposes of Processing and Lawful Basis (EEA / UK Users)

We process Posted Data only for the purposes set out in Section 4 of the Terms. For users in the European Economic Area, the United Kingdom, or jurisdictions with similar law, the lawful basis for each purpose is:

You can object to processing based on legitimate interests as set out in Section 7.

Where Posted Data may constitute special category data, including data concerning health, we process it under your explicit consent given via the in-app share confirmation, in addition to the lawful basis listed above (Article 9(2)(a) GDPR / UK GDPR).

5. Data Sharing and Sale Practices (Operating Policy)

These three practices are how the Service operates. We have no plan to change them. If circumstances ever required a change, we would announce the change at least thirty (30) days in advance through the Service and the official website, give you the opportunity to withdraw your shared Posts before the effective date, and apply the new terms only to Posts submitted on or after the effective date. Existing Posts will not be retroactively affected.

• We do not sell or transfer Posted Data alone to any third party.
• We do not provide Posted Data as a dataset for medical diagnosis, evaluation of treatment outcomes, or individual medical advice.
• We do not use Posted Data to train any machine learning model.

For California residents and residents of other U.S. states with comparable laws: we do not "sell" or "share" personal information as those terms are defined under the California Consumer Privacy Act (as amended by the CPRA) or analogous state laws. We do not knowingly sell or share the personal information of consumers under sixteen (16) years of age.

Business succession (the handover of the Service's operation) means that the role of operator is transferred together with the Service so it can continue. It does not mean discontinuing the Service and transferring Posted Data alone to another operator. The treatment at business succession is governed by Section 5 of the Terms.

If we begin to provide anonymous aggregated or statistical information only to academic institutions free of charge in the future, we will give the same thirty (30) days' notice.

6. Security

• All communication is encrypted over HTTPS.
• Storage is protected with access controls limited to what is necessary.
• Posted Data is stored separately from any original image (which never reaches our servers).
• Information may be processed by subprocessors as set out in Section 11 of the Terms.

7. Your Rights

You may exercise the following rights with respect to Posted Data we hold:

• Right of access
• Right to rectification
• Right to erasure (delete individual Posts or withdraw all shared Posts)
• Right to restriction of processing
• Right to data portability
• Right to object (to processing based on legitimate interests)
• Right to withdraw consent
• Right to lodge a complaint with the Personal Information Protection Commission of Japan, the data protection authority of your country of residence, or any other competent supervisory authority

You can delete Posts and withdraw all shared Posts directly from the in-app settings screen. You can delete a Post from the device on which it was created, from a device to which your identity has been carried over (via iCloud, Sign in with Apple, or an in-app purchase), or by using the deletion secret issued at the time of posting. If you change devices without a means of carrying over your identity and have not kept the deletion secret, we will assist you after verifying your identity at the contact address in Section 11. You can withdraw your explicit consent at any time by deleting the relevant Post in the in-app settings. For other rights, please contact us at the address in Section 11. After business succession, the successor will provide an equivalent contact channel.

8. International Data Transfers

Posted Data is primarily stored on servers located in Japan. Subprocessors and cloud providers may process data outside Japan for delivery, maintenance, or incident response. For transfers from the EEA or the UK to Japan, we rely on the European Commission's adequacy decision regarding Japan and on the United Kingdom's adequacy regulations. For transfers to other jurisdictions, we apply appropriate safeguards as required by applicable law. Where iCloud (CloudKit) or Sign in with Apple is used to carry ownership and the right to delete a Post across devices, this data may be processed by Apple outside Japan, including in the United States, and we rely on the Standard Contractual Clauses (SCC) and other safeguards made available by Apple.

For users in South Korea, details of overseas transfers required under the Personal Information Protection Act (transferred items, recipient, country, transfer date and method, recipient's purpose of use, retention period, and method of refusal where applicable) are displayed in the in-app transfer notice at the time of consent and remain accessible thereafter through the privacy settings of the Service.

If the storage region changes for reasons including business succession or other reasonable necessity, we will amend this Policy and notify you.

9. Children's Privacy

On first launch, the Service asks the question "Are you 13 or older?" as a self-declaration of the minimum age. If you answer "No", you cannot use the Service.

In some jurisdictions, applicable law sets a minimum age higher than thirteen (13). If you reside in any of the following regions, please make sure you meet the applicable age yourself before using the Service.

• The European Economic Area (EEA): the age set by national law (for example, the United Kingdom applies thirteen (13), France applies fifteen (15), Italy applies fourteen (14), and Germany, Ireland and the Netherlands apply sixteen (16)).
• South Korea: fourteen (14).

Persons who meet the minimum age but are below the local age of majority must obtain the consent of a legal guardian before using the Service.

Age verification is based on self-declaration. If we learn that a Post was made by someone below the applicable age, we will remove that Post and the related account, and will not retain the data for any other purpose. If you are a parent or legal guardian and believe your child has used the Service, please contact us at the address in Section 11. We will confirm the account, remove the related Posts, and provide you with confirmation once removal is complete.

10. Retention

• Posted Data: retained until you delete the Post. After deletion, handled in accordance with Section 7 of the Terms.
• Consent logs: retained for the period necessary to respond to legal claims, ordinarily three (3) years from your last use.
• Backups: overwritten or deleted in the ordinary backup rotation.

11. Contact and Complaints

For questions about this Policy or to exercise the rights set out in Section 7:

The Service is operated by an independent developer based in Japan, which means one person is directly accountable for how your data is handled. The developer is personally responsible for handling Posted Data and answering your requests. We aim to respond within seven (7) days, and in any event within one (1) month as required by applicable law.

• Email: info@m-naoki-m.com
• The operator's name and physical address will be disclosed promptly upon request to the email address above.

Where required by applicable data protection law, we will provide the details of our EU or UK representative in this section before offering the Service in that region.

You also have the right to lodge a complaint with a competent supervisory authority, including the Personal Information Protection Commission of Japan or the data protection authority of your country of residence.

12. Changes to this Policy

Changes to this Policy are governed by Section 8 of the Terms.

Last updated: (to be confirmed at release)