PRIVACY POLICY

MEDIUM Inc. (hereinafter referred to as "the Company") hereby establishes this Privacy Policy (hereinafter referred to as "this Policy") regarding the handling of personal information of customers in connection with the services provided by the Company (hereinafter referred to as "the Service").

1. Information We Collect

The Company may collect the following information from customers:

• Name, company name, department name

• Email address, phone number

• Content of inquiries

• Online identifiers such as cookies

• Browsing history and usage history (measured by Google Analytics)

The Company may automatically collect the following information through users' use of the Service:

• Information regarding usage of the Service

• Date and time of access to the Service

• Audio data transmitted to the Company in connection with the use of the Service, and text data generated by the Company or parties commissioned by the Company through processing of users' audio data

• OS, application, and browser type and version information of devices used to access the Service

• Various settings configured by users in connection with the use of the Service

If a user authorizes the Company to collect user information through a service operated by a third party, the Company may collect user information through such service. In such cases, the Company may combine information independently obtained from users with information obtained from third parties for the purpose of providing and improving the Service.

2. Purpose of Use of Personal Information

The Company uses personal information provided by customers for the following purposes:

• To provide and manage the Service

• To respond to inquiries and requests for materials

• To provide information and communications regarding the Service

• To improve and develop the Service

• To customize the content of the Service to suit individual users

• To create statistical data regarding usage of the Service, processed in a form that does not identify individuals or specific users

• To prevent unauthorized or improper use of the Service

The Company endeavors to promptly delete retained personal data when it is no longer necessary for the purposes stated above.

3. Outsourcing

The Company may outsource all or part of the handling of personal information to third parties to the extent necessary to achieve the purposes of use. In such cases, the Company thoroughly evaluates the suitability of outsourcing partners, stipulates confidentiality obligations in contracts, and establishes systems to ensure that information is properly managed.

4. Disclosure to Third Parties

The Company will not provide collected personal information to third parties except as required by law.

5. Use of External Services

The Company uses tools such as Google Analytics to collect data related to access analysis and advertising.

As a result, user information may be transmitted to Google and other parties through cookies.

• Google Privacy Policy: https://policies.google.com/privacy

• Google Ads Settings: https://adssettings.google.com/authenticated

Users may disable cookies through their browser settings.

6. Information Management

The Company implements necessary and appropriate security management measures to prevent leakage, loss, damage, unauthorized access, and other incidents with respect to personal information and data handled in connection with the provision of the Service (including information obtained through APIs and other means). The main measures are as follows:

• Encryption of communications: Communications between the Company's services and systems are encrypted using TLS and other protocols.

• Protection of stored data: Data stored in environments managed by the Company is maintained in access-controlled environments, with encryption and other measures applied as necessary.

• Access control: Based on the principle of least privilege, access is granted only to personnel who require it for their duties, and authentication credentials and permissions are properly managed.

• Logging and auditing: Access logs and other records are maintained for the detection and investigation of unauthorized use, and audits are conducted as necessary.

• Vulnerability and incident response: Procedures for collecting vulnerability information, applying updates, and containing, investigating, and preventing recurrence of incidents are established and appropriately implemented.

• Supervision of outsourcing partners: When data handling is outsourced externally, outsourcing partners are carefully selected, security management measures are required by contract, and ongoing supervision is conducted.

7. Requests for Disclosure, Correction, and Deletion

Customers may request the Company to disclose, correct, or delete their personal information.

To make such a request, please contact the inquiry office listed below.

8. Contact Information

For inquiries regarding this Policy, please contact:

MEDIUM Inc.

Email: contact@mdum.net

Address: 5-5 Maruyamacho, Shibuya-ku, Tokyo 150-0044, Japan

9. Amendments

The Company may amend this Policy without prior notice.

In the event of significant changes, notification will be provided on this page.

Version 3, Established March 22, 2026