Privacy Policy

FingerDoor (the “Service”) values your privacy and complies with applicable privacy laws. This Privacy Policy explains what information is processed, for what purposes, and how it is handled while using the Service.

Privacy FingerDoor Policy

1. Purpose of Processing

The Service is designed to minimize personal data collection to make live participation easy. However, limited data may be processed to provide host accounts and ensure stable operation. Purposes include:

• Host accounts: Username/password login, authentication, account security
• Host features: Saving/loading library content, managing session purpose (including abuse prevention)
• Operations & stability: Error handling, incident analysis, service stabilization
• Security & abuse prevention: Detecting abnormal requests, responding to spam/attacks, access control
• Support: Receiving and handling inquiries (only when you contact us)

* The Service does not require participant identifiers and avoids processing personal data for tracking or identifying participants.

2. Categories of Information Processed

Information processed differs by role (host/participant). Participants can use the Service without an account and do not enter personal identifiers.

(1) Information you provide

① Host (account user)

• Username (required)
• Password (required, stored as a secure hash)
• Email address (optional)
• Session purpose (required: e.g., class/meeting/broadcasting/other)
• Library content (questions/choices text saved by the host)

Passwords are stored as hashes; the operator cannot view the original password.

Email is optional and may be used for operational notices (security/policy/outage) when needed, but not for marketing emails.

② Participant

Participants do not create accounts and do not provide the following personal identifiers:

• Name, email, phone number, address, or other identifiers
• Login credentials (username/password)

The Service aims not to create or store identifiers that link responses to individuals.

(2) Technical information that may be generated

The Service does not store participant personal identifiers. However, minimal technical data may be generated during request processing for security and stability, such as:

• Request logs (time, path, response codes, etc.)
• Error logs (type, time, handling outcome, etc.)
• Abuse-detection indicators (e.g., excessive request patterns)
• Cookies/session identifiers for session security (where applicable)

These technical data are used only for operations/security/incident response and not to identify participants.

Depending on hosting/environment, network information such as IP addresses may appear in server logs, but the Service does not build a database intended to identify participants.

3. Retention Period

The Service retains information only as long as needed for the purposes described, and deletes it without delay when those purposes are achieved—unless retention is required by law.

(1) Host account information

• Username/password hash: retained while the account remains active
• Email (optional): retained while the account remains active (or per operational policy)
• Password change history: may be minimally recorded for security purposes (per policy)

(2) Host content (library/session data)

• Library (questions/choices): retained while the host keeps it saved (may be cleaned up per policy)
• Session data (responses/aggregates): retained per operational policy, then deleted

(3) Technical logs

• Operational/error logs: retained for a limited period for stability/security, then deleted (per policy)

Account deletion may not be available in the current version. You may contact Support to request deletion, subject to legal/operational requirements.

4. Sharing with Third Parties

The Service does not share personal data with third parties in principle, except when:

• You have provided prior consent
• Required by law or valid legal process
• Necessary to protect vital interests where permitted by law

5. Outsourcing (Processors)

To operate the Service, the operator may use external vendors such as hosting/infrastructure providers. If so, the operator will comply with applicable laws and manage vendors via contracts and oversight.

6. Your Rights

You may request access, correction, deletion, or restriction of processing as permitted by law. Some requests may be limited depending on legal obligations and service scope.

• Request access to personal data
• Request correction of inaccurate data
• Request deletion
• Request restriction/objection

Requests can be submitted via Support email, and we will respond within a reasonable period.

7. Security Measures

The Service may implement administrative and technical safeguards such as:

• Storing passwords as hashes
• Session/access control
• Encryption in transit (HTTPS)
• Security reviews and vulnerability response
• Incident response processes (as feasible)

8. Cookies

The Service may use session cookies for login and security. The Service does not aim to use cookies for participant tracking or targeted advertising.

• Purpose: session maintenance, security, feature delivery
• How to refuse: adjust browser settings to block or delete cookies
• Impact: blocking cookies may limit certain features such as login

9. Contact for Privacy

For privacy-related inquiries and requests, contact us at:

10. Changes to this Policy

This Privacy Policy may be updated due to law, policy, or service changes. Additions, deletions, or edits will be announced via notices within the Service or by updating this page.