PRIVACY POLICY
Sync Sloan Co., Ltd.

Last updated: 26 January 2026

Company: Sync Sloan Co., Ltd.
Registered Address: 6-chōme-7-5 Minami Aoyama, #712, Minato City, Tokyo 107-0062, Japan
Representative Director: XIA YUKI YU
Privacy Contact: info@reflections.group

1. INTRODUCTION

This Privacy Policy explains how Sync Sloan Co., Ltd. ("Sync Sloan", "we", "us") collects, uses, discloses, stores, and protects personal information in connection with our websites, applications, software platforms, products, customer support, marketing activities, and other related services (collectively, the "Services").

This Policy is intended to comply with the Act on the Protection of Personal Information of Japan (APPI) and to align with international data protection standards, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), where applicable.

2. DEFINITIONS

2.1 Personal Information / Personal Data
Information relating to an identified or identifiable natural person, as defined under applicable data protection laws.

2.2 Sensitive Personal Information
Information that requires enhanced protection under applicable law, including health data, biometric identifiers, financial account information, government-issued identification, and precise location data.

2.3 Processing
Any operation performed on personal information, including collection, use, storage, disclosure, transfer, or deletion.

3. SCOPE

This Policy applies to personal information processed by Sync Sloan in relation to:

• visitors to our websites and applications
• customers and prospective customers
• authorised users of our Services
• business partners, suppliers, and professional contacts

Where Sync Sloan processes personal information on behalf of customers as a data processor, such processing is governed by the relevant contractual arrangements.

4. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

4.1 Information Provided Directly

• full name
• company or organisation name
• job title or role
• email address and telephone number
• account credentials
• billing and invoicing information
• support enquiries and communications
• user preferences and settings

4.2 Information Collected Automatically

• IP address
• device identifiers, browser type, and operating system
• usage logs, access times, and interaction data
• referring URLs
• general location data at city or country level
• cookies and similar technologies

4.3 Information from Third Parties

• business partners and resellers
• integrated service providers, such as authentication or payment services
• publicly available business information for verification and compliance

5. PURPOSES OF USE

Sync Sloan processes personal information only to the extent necessary for the following purposes:

• provision, operation, and maintenance of the Services
• account administration and customer relationship management
• billing, payment processing, and financial administration
• customer support and service communications
• security monitoring, fraud prevention, and incident response
• analytics, research, and service improvement
• compliance with legal and regulatory obligations
• marketing and promotional communications, where permitted by law
• internal business operations and corporate governance

Personal information shall not be used beyond these purposes without appropriate notice or consent, in accordance with APPI.

6. LEGAL BASES FOR PROCESSING (EEA AND UK, WHERE APPLICABLE)

Where the GDPR applies, personal data is processed on one or more of the following legal bases:

• performance of a contract
• legitimate interests pursued by Sync Sloan, including security and service improvement
• compliance with legal obligations
• consent, where required

7. DISCLOSURE OF PERSONAL INFORMATION

Sync Sloan may disclose personal information to:

• service providers acting on our behalf under confidentiality and data protection obligations
• business partners where necessary to deliver integrated services
• professional advisers, including legal and accounting firms
• government authorities and regulators where required by law
• parties involved in mergers, acquisitions, or other corporate transactions

Personal information is not sold.

8. INTERNATIONAL DATA TRANSFERS

Personal information may be transferred to and processed in countries outside Japan, depending on where our infrastructure and service providers are located.

When transferring personal information internationally:

• appropriate measures are taken in accordance with APPI
• recognised safeguards are used where GDPR applies

9. DATA RETENTION

Personal information is retained only for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Standard industry retention periods applied by Sync Sloan are as follows:

• account and customer profile data: retained for the duration of the active account and up to 24 months after account closure
• billing and financial records: retained for 7 years in accordance with accounting and tax requirements
• support communications: retained for 3 years from resolution of the enquiry
• security and access logs: retained for 6 to 12 months unless required for investigation or compliance
• marketing contact data: retained until consent is withdrawn or an opt-out request is received, plus 12 months for suppression purposes

Personal information is securely deleted or anonymised once retention periods expire.

10. SECURITY MEASURES

Sync Sloan implements appropriate organisational and technical measures to protect personal information, including:

• role-based access controls
• encryption of data in transit
• secure infrastructure and monitoring
• regular security assessments
• employee confidentiality obligations
• incident response and breach management procedures

11. INDIVIDUAL RIGHTS

11.1 Rights under APPI
Individuals may request notification of purposes of use, disclosure of retained personal information, correction, addition, deletion, or suspension of use in accordance with applicable law.

11.2 Rights under GDPR (where applicable)
Individuals may have the right to access, rectification, erasure, restriction, objection, data portability, withdrawal of consent, and to lodge a complaint with a supervisory authority.

11.3 Rights under CCPA/CPRA (where applicable)
California residents may have rights to know, access, delete, and correct personal information, to opt out of sale or sharing where applicable, to limit certain uses of sensitive personal information, and to receive non-discriminatory treatment.

12. COOKIES AND SIMILAR TECHNOLOGIES

Cookies and similar technologies are used for essential functionality, security, analytics, and user preferences. Users may manage cookie settings through their browser. Where required by law, consent mechanisms are provided.

13. MARKETING COMMUNICATIONS

Marketing communications are sent only where permitted by law. You may opt out at any time using the unsubscribe mechanism or by contacting us. Service-related communications may continue where necessary.

14. CHILDREN’S PRIVACY

The Services are not intended for individuals under the age of 16. Sync Sloan does not knowingly collect personal information from children.

15. AUTOMATED DECISION-MAKING

Sync Sloan does not conduct automated decision-making or profiling that produces legal or similarly significant effects on individuals.

16. THIRD-PARTY SERVICES

The Services may include links to third-party websites or integrations. Sync Sloan is not responsible for the privacy practices of such third parties.

17. CONTACT AND COMPLAINTS

For privacy-related enquiries, requests, or complaints, please contact:

Email: info@reflections.group
Postal Address: 6-chōme-7-5 Minami Aoyama, #712, Minato City, Tokyo 107-0062, Japan

Identity verification may be required before responding to requests.

18. CHANGES TO THIS POLICY

This Privacy Policy may be updated from time to time. Any changes will be published with an updated revision date.