Coral eSIM

Privacy Policy

Established on: December 1, 2025

Boring LLC (hereinafter referred to as the "Company") establishes the following Privacy Policy (hereinafter referred to as the "Policy") regarding the handling of personal information of users in the eSIM service provided by the Company (hereinafter referred to as the "Service").

Article 1 (Definition of Personal Information)

In this Policy, "personal information" means information relating to a living individual as defined in Article 2, Paragraph 1 of the Act on the Protection of Personal Information of Japan (hereinafter referred to as the "APPI"), which can identify a specific individual by name, date of birth, or other descriptions contained in such information (including information that can be easily collated with other information and thereby identify a specific individual), or that contains a personal identification code.

Article 2 (Categories of Personal Information Collected)

The Company may collect the following personal information from users in providing the Service.

1. Information provided by users

  • Name (including Romanized name)
  • Email address
  • Password
  • Other information that the user agrees to provide to the Company

About payment information

The Service uses the payment service provided by Stripe, Inc. (hereinafter referred to as "Stripe") for payment processing. Credit card information (card number, expiration date, security code, etc.) is sent directly to Stripe's servers without passing through the Company's servers. The Company does not collect or store card information such as credit card numbers. The Company stores only the minimum information necessary for payment processing, such as payment tokens and transaction history.

Please refer to Stripe's Privacy Policy (https://stripe.com/privacy) for details on how personal information is handled by Stripe.

2. Information automatically collected when using the Service

  • IP address
  • Browser type and version
  • Operating system
  • Date and time of access
  • Referrer URL
  • Information collected through cookies and other tracking technologies
  • Service usage history (purchase history, browsing history, etc.)

Article 3 (Purpose of Use of Personal Information)

The Company uses the collected personal information for the following purposes:

  1. To provide, operate, maintain, and improve the Service
  2. To verify and authenticate users
  3. To issue and provide eSIMs
  4. To bill usage fees and process payments
  5. To respond to inquiries, opinions, and requests from users
  6. To send important notices and maintenance information regarding the Service
  7. To analyze usage of the Service and prepare statistical data
  8. To provide information on new services, features, and campaigns (only when the user has requested such information)
  9. To address actions that violate the Terms of Service
  10. To notify users of changes to terms, policies, and other rules regarding the Service
  11. To handle incidents and prevent or detect fraudulent activity
  12. For purposes incidental to the above purposes of use

Article 4 (Provision of Personal Information to Third Parties)

  1. The Company will not provide personal information to third parties without obtaining the consent of the user, except in the following cases:

    • When required by law
    • When necessary to protect a person's life, body, or property and obtaining the individual's consent is difficult
    • When particularly necessary for improving public health or promoting the sound growth of children and obtaining the individual's consent is difficult
    • When it is necessary to cooperate with a national government agency, local government, or a party entrusted by them in performing duties prescribed by laws and regulations, and obtaining the individual's consent may impede the performance of such duties
    • Cases set forth in Article 5

  2. Notwithstanding the preceding paragraph, the recipient of the information shall not be deemed a third party in the following cases:

    • When the Company outsources all or part of the handling of personal information within the scope necessary to achieve the purpose of use
    • When personal information is provided as a result of business succession due to a merger or other reason

Article 5 (Provision of Information to Outsourcing Contractors)

  1. The Company may outsource the following operations to external service providers for the purpose of providing, operating, and improving the Service, and may provide personal information to the extent necessary for the performance of such operations:

    • Payment processing services (Stripe, Inc.)
    • eSIM providers
    • Customer support operations
    • System maintenance and operations
    • Email delivery operations

  2. The Company will require outsourcing contractors to handle personal information appropriately and will exercise necessary and appropriate supervision over them.

Article 6 (Disclosure, Correction, Suspension of Use, etc. of Personal Information)

  1. Users may make the following requests to the Company in accordance with the APPI:

    • Disclosure of personal information
    • Correction, addition, or deletion of personal information
    • Suspension of use or deletion of personal information
    • Suspension of provision of personal information to third parties

  2. When making a request under the preceding paragraph, the user shall make the request by the method prescribed by the Company after completing identity verification.

  3. When the Company receives a request under Paragraph 1, it will respond without delay in accordance with the APPI and other applicable laws and regulations. However, the Company may be unable to respond in whole or in part in the following cases:

    • When there is a risk of harming the life, body, property, or other rights or interests of the individual or a third party
    • When there is a risk of causing significant hindrance to the proper execution of the Company's business
    • When doing so would violate laws or regulations

  4. In the case set forth in the preceding paragraph, the Company will notify the user accordingly.

Article 7 (Use of Cookies and Similar Technologies)

  1. The Company uses cookies, web beacons, and other similar technologies (hereinafter referred to as "Cookies, etc.") in the Service.

  2. Cookies, etc. are small data files stored in the user's browser and are used for the following purposes:

    • To maintain the user's login status
    • To remember the user's settings and selections
    • To analyze use of the Service
    • To improve website performance
    • To provide information tailored to the user's interests

  3. Users may refuse the acceptance of Cookies, etc. through their browser settings. However, if Cookies, etc. are disabled, some functions of the Service may become unavailable.

Article 8 (Access Analytics Tools)

  1. The Company uses third-party access analytics tools such as Google Analytics to analyze use of the Service and improve the Service.

  2. These tools collect user information through Cookies, etc. The collected information is gathered anonymously and does not identify individuals.

  3. Please refer to Google's Privacy Policy (https://policies.google.com/privacy) for information collected and processed through the use of Google Analytics.

  4. Users may disable information collection by Google Analytics by installing the Google Analytics Opt-out Add-on (https://tools.google.com/dlpage/gaoptout).

Article 9 (Security Control Measures for Personal Information)

  1. The Company takes the following measures to prevent leakage, loss, or damage of personal information and to otherwise securely manage personal information:

    • Establishment of internal rules regarding the handling of personal information
    • Appropriate supervision of employees and contractors handling personal information
    • Access control for personal information
    • Restrictions on taking personal information out of the workplace or transmitting it externally
    • Measures to prevent unauthorized access and computer viruses
    • Use of encryption technologies such as SSL/TLS

  2. The Company will continuously review and improve its security control measures for personal information in light of technological developments and changes in the social environment.

Article 10 (Retention Period for Personal Information)

  1. The Company retains personal information only for the period necessary to achieve the purpose of use.

  2. Specific retention periods are as follows:

    • Information required to be retained by law: for the period prescribed by law
    • Information necessary for providing the Service: while the user uses the Service and for a reasonable period after account deletion
    • Information related to handling inquiries: for a reasonable period after completion of the response to the inquiry

  3. Personal information for which the retention period has expired will be deleted or anonymized by appropriate means.

Article 11 (Personal Information of Minors)

  1. In principle, the Service is intended for persons aged 18 or older.

  2. If a minor under the age of 18 uses the Service, the consent of a parent or other legal representative is required.

  3. If a minor provides personal information without the consent of a legal representative, the legal representative may request that the Company suspend the use of or delete such personal information.

Article 12 (Changes to This Policy)

  1. The Company may change this Policy in response to changes in laws and regulations, the social environment, technological advances, or changes in business operations.

  2. When the Company changes this Policy, it will notify users of the contents of the revised Policy and its effective date by posting it on the Company's website or by other appropriate means.

  3. The revised Policy shall take effect from its effective date.

Article 13 (Contact Information)

For inquiries regarding this Policy or the handling of personal information, or requests for disclosure of personal information, please contact the following:

Boring LLC
Address: 203 Grand City Monzen-Nakacho, 1-14-21 Tomioka, Koto-ku, Tokyo, Japan
Contact: contact@coral-esim.com

The Company will respond without delay after receiving your inquiry.

End

Established on: December 1, 2025
Effective date: December 1, 2025