Back

※1 If there is any issue or discrepancy with other terms pages, the Japanese Terms of Service shall prevail.
※2 These translations are generated by machine translation. For accurate terms, please refer to the Japanese version.

VPS Privacy Policy

KuronekoServer handles the personal information of Users who use the Service appropriately, in accordance with the Act on the Protection of Personal Information (the “APPI”) and other applicable laws, based on the following policy.

Roles of the Operator

The Service is provided in a form whereby the Operations Team operates and provides it using facilities leased from Upstream Infrastructure Providers (which may include multiple providers).

  1. With respect to contractor information, usage status, billing information, and the like, the Operations Team handles such information as the party that determines the purposes and methods of handling (the controller).
  2. With respect to the data (content) that the User stores or transmits on the server, neither the Operations Team nor the Upstream Infrastructure Provider is in a position to access its contents, and they have no obligation to monitor it. Such data is handled at the User’s own responsibility, and the User handles it as its controller.

Data Collected

  1. Contractor information such as name, address, phone number, and email address, and documents and registration information used for identity verification
  2. Account information (contracted services, domain registration information, assigned IP addresses, customer ID, billing/receipt status of fees, usage status, etc.)
  3. Payment method (not stored by the Organization and managed by external contractors), billing history, plan, committed bandwidth, and other contract details
  4. Records of correspondence with the Operations Team (records of inquiries, chats, emails, etc.)
  5. Server configuration, option usage status, connection logs, and traffic measurement data
  6. Access records of the management panel
  7. Website usage status and statistical information using cookies, etc.
  8. Information provided at the time of an abuse report

How Personal Information Is Collected

The Operations Team collects personal information by lawful and fair means, mainly in the following situations:

  1. When applying for or using the Service
  2. When making inquiries, requesting support, responding to surveys, or subscribing to newsletters
  3. When sending or receiving abuse reports
  4. When using the network, infrastructure, or other services
  5. When obtained from third parties such as credit/fraud-prevention agencies, referral partners, and business directories

Purpose of Use

  1. Provision, maintenance, support, and billing processing of the Service
  2. Prevention of abuse and incidents, security measures, and legal compliance
  3. Improvement of service quality and development of new features
  4. Fee collection, receivables management, and procedures related to business partnerships or reorganizations
  5. Identity verification (KYC), credit, and risk management
  6. Marketing, surveys, and satisfaction surveys (where based on consent)
  7. Responses based on law, and responses to judicial and administrative procedures

Legal Basis / Consent

The Operations Team collects and uses personal information based on one of the following grounds:

  1. Performance of a contract: to the extent necessary for providing the Service, billing, and performing other contractual obligations
  2. Legitimate interests: information security, service improvement and provision, fraud detection, administration, and legal response, etc.
  3. Consent: for purposes such as marketing communications (excluding operational communications associated with the provision of the Service). Consent may be withdrawn at any time.

Deletion of Collected Information

If the User requests deletion, we will promptly delete collected data except for information required to be retained by law.

Identity Verification Information (KYC)

When applying for and paying for the VPS service, please provide the contractor’s correct legal name and address. Identity verification is performed using the Didit electronic identity verification service. Orders (contract applications) cannot be finalized until identity verification is complete. If false information or applications under a third party’s name are discovered, the contract procedures may be put on hold or canceled, and we may refuse to provide the Service.

If we request submission of identity verification information, failure to respond promptly may prevent contract conclusion. As part of ongoing compliance verification, the Operations Team may also request re-verification of information at any time, even during the contract term.

Provision to Third Parties / Outsourcing

  1. We share contractor information and usage status with the Upstream Infrastructure Provider and its contractors to the extent necessary for operating the Service.

  2. We provide information to third parties only when there are legitimate reasons such as legal requests, fee collection, or support outsourcing.

  3. We may also provide personal information to the extent necessary in the following cases:

    • Didit (electronic identity verification service) for identity verification (KYC)
    • Credit, fraud-prevention, and credit-reference agencies
    • Domain registries when registering a domain on the User’s behalf
    • Debt collection agencies
    • Legal requests from courts, law enforcement, or administrative agencies
    • Parties related to a claim of policy or legal violation by the User (to the extent required by law)

  4. We provide information to third parties for marketing purposes only with the User’s consent.

Cross-Border Transfer / Data Location

  1. Upstream Infrastructure Providers may be located in or outside Japan, and depending on the plan contracted, the storage location of the User’s data may be outside Japan.
  2. External services used to manage contractor information and the like may be located outside Japan.
  3. When providing personal data to a third party located outside Japan, the Operations Team takes the necessary measures in accordance with the APPI.

User Rights

  1. By contacting our support, you may request disclosure, correction or addition, deletion, suspension of use, or suspension of provision to third parties of your retained personal data.

  2. You may request notification of the purpose of use.

  3. You may withdraw your consent at any time with respect to use for marketing purposes.

    For each request, we will respond in accordance with law after verifying your identity.

Marketing communications are conducted based on the User’s consent. You may opt out (stop delivery) at any time, and upon receipt of your request we will exclude you from delivery. Note that operational communications associated with the provision of the Service—such as outages, billing, and important notices—are not included.

Access Analytics

We may use access analytics tools (e.g., Cloudflare) as necessary. You can refuse analytics by disabling cookies.

Security Measures

  1. Technical measures: We take measures such as encryption of communications (TLS), minimization of access privileges (least privilege), authentication and password management, and network segmentation/firewalls.
  2. Organizational measures: Access to information is limited to staff who need it for business purposes and is managed in accordance with internal rules. We also provide necessary and appropriate supervision of contractors and retain records of handling.
  3. Because internet communication and storage are not 100% secure, Users must also properly manage their devices and authentication information.

Retention Period

We retain information only for the period necessary for contract performance and legal compliance, and delete data promptly once the purpose has been achieved.

Revisions to This Policy

If we change the contents, we will notify via email or the website, etc. If the User continues to use the Service after revisions, the User shall be deemed to have agreed to the revised policy.

SSL (Secure Socket Layer)

The Organization’s website supports SSL and encrypts communications between browsers and servers.

Inquiries and Complaints

For questions, requests, or complaints regarding the handling of personal information, please contact the window below; we will respond promptly. If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority such as the Personal Information Protection Commission (PPC).

Email address: support[at]krnk.org (Please replace “[at]” with ”@” when sending.)

Last updated: 2026/06/08