Article 1

Company Information

  • Company Name: VAON VIET NAM Co., Ltd.
  • Address: No.16, 4 Hamlet, Vinh Thanh, Vinh Thanh, Ha Noi, Viet Nam
  • Representative: CEO Dang Van Luan
  • Personal Information Protection Manager: The Representative
  • Privacy Contact: [email protected]
Article 2

Basic Policy

The Company complies with Japan’s Act on the Protection of Personal Information ("APPI") and related laws and handles user personal information appropriately. As an entity established in Vietnam, the Company also complies with applicable Vietnamese data protection law (Decree 13/2023/ND-CP). The personal information the Company holds is limited to account information necessary for authentication and operation of the Service, and chat history to which auto-deletion applies (within 30 days after contract termination or after the configured period). The Company does not systematically process sensitive data. Given that the Service uses generative AI, the Company manages not only personal information but also chat history, input data, knowledge-base data and uploaded files according to their confidentiality and importance.

Article 3

Information Acquired

The Company may acquire the following information within the scope necessary to achieve the purposes of use:

  • Registration Info: Name, company/organization name, department, title, email address, phone number, login ID, password hash, authentication tokens and permission information.
  • Usage Info: IP address, browser, OS/device information, cookies, access logs, timestamps and operation history.
  • AI-Feature Info: Chat input, questions and responses, conversation history, uploaded files and images, knowledge-base data, and other information sent by the User.
  • LINE Integration Data: LINE account name, profile image, user identifier (UID).
  • Payment Info: Credit card information, bank account information, etc.
Article 4

Purpose of Use

The Company uses the acquired information for the following purposes:

  • Providing, operating and authenticating the Service, and billing.
  • Responding to inquiries and providing customer support.
  • Maintenance, security, and prevention of fraudulent use.
  • Usage analysis, service improvement and new feature development (using statistical or aggregated information that cannot identify individuals).
  • Improving AI response quality (limited to the scope of Article 6).
  • Contract, usage-limit and support management.
  • Detection, prevention and investigation of fraud, violations and security incidents, and compliance with laws.
Article 5

Handling of Information in AI Features

The Service uses generative AI technology. Inputs, uploaded files, knowledge-base data and conversation history are used for AI response generation, search and provision of Service features. The User warrants it has the right to use such information and that it does not infringe third-party rights, laws or contracts. The Service is based on a RAG method that references registered knowledge to generate responses; user inputs are NOT used as a standard feature to fine-tune the Company’s own general-purpose AI models.

Article 6

AI Training and Use of Anonymized Data

Without the explicit consent of the User or Customer, the Company does NOT use input information, uploaded files, chat history or other usage data to train its own or any third party’s general-purpose AI models. Data handling by external AI service providers follows their terms, settings and the contract form chosen by the Customer. The Company may use anonymized or statistical information that cannot identify individuals for quality improvement, fault analysis, feature improvement and R&D. A Customer or User may request to stop such improvement use by contacting [email protected] (except for already-statisticized, non-identifiable information).

Article 7

Use of External AI Services

The Company may use Google Gemini and other external AI services to provide the Service, subject to those providers’ terms, privacy policies and security guidelines (as amended). The User acknowledges that inputs, chat history, knowledge-base data or uploaded files may be transmitted to external AI services to the extent necessary. The Company uses the paid Google Gemini API (Paid Services), under whose terms data submitted via the API is not used to train Google’s general models; the Company relies on this commitment as a safeguard and applies appropriate measures via contracts, settings and access controls. Where a Customer uses its own API key (BYOK), data handling follows that Customer’s own contract with the relevant provider.

Article 8

Data Storage Location

Unless otherwise agreed, user data stored by the Service is kept in a cloud environment located in Japan (primarily the Vultr Tokyo region) with appropriate security measures.

For AI response generation, knowledge search and embedding generation, the Company may transmit the necessary portions of input data, chat history and knowledge data to Google LLC (an external AI service) for processing. This processing is carried out as an entrustment under Article 27(5) of the APPI, and Google handles the data only within the scope of the entrusted purpose. The Company uses the paid Google Gemini API (Paid Services), under whose terms data submitted via the API is not used to train Google’s general AI models. The Company exercises necessary and appropriate supervision over Google in accordance with law.

The Company’s staff may access the system from outside Japan (Vietnam) on a minimum-necessary basis for maintenance, operation and incident investigation; this is conducted as the Company’s internal handling under equivalent security measures.

Article 9

Input of Confidential Information

For trade secrets, confidential information, special-care-required personal information and other information requiring strict management, the User must, before input, judge the necessity, legality, the need for the person’s consent and internal approval at its own responsibility. The Company does not use such information beyond the scope necessary to provide the Service. Where input is unnecessary or inappropriate, the Customer must apply input restrictions, masking, deletion or other measures itself.

Article 10

Provision to Third Parties

The Company does not provide user information to third parties except:

  • With the person’s consent.
  • Based on laws and regulations.
  • Where necessary to protect a person’s life, body or property.
  • Where necessary for public health or the sound development of children.
  • Where cooperation with national or local government is required.
  • Provision to contractors within the necessary scope (external AI, cloud, maintenance/operation, support, payment/billing, email delivery, etc.).
  • In connection with business succession.
  • Linkage or disclosure to services, administrators or third parties designated by the Customer per its instructions or settings.
Article 11

Management of Contractors

The Company may entrust the handling of personal information to third parties within the scope necessary for operating the Service, and such contractors may include entities located outside Japan. In such cases the Company exercises necessary and appropriate supervision and concludes necessary contracts or management measures regarding confidentiality, sub-contracting, prohibition of use for other purposes, security measures and incident reporting.

Article 12

Security Measures

To prevent leakage, loss or damage of personal information, the Company implements: encryption in transit (SSL/TLS); encryption of stored data, databases, storage and backups; access control; authentication and permission management; admin-panel access restriction, IP restriction or multi-factor authentication (depending on plan/settings); log audit; backup management; vulnerability management; employee training; verification of (sub)contractors’ security measures; and incident investigation, reporting and recurrence prevention. However, complete security cannot be guaranteed.

Article 13

Use of Cookies

The Company may use cookies and similar technologies to improve usability, maintain login status, analyze usage and improve quality. Users may disable cookies via browser settings, but some features may then be unavailable. If the Company uses third-party analytics or advertising technologies, it will disclose their content, recipients and opt-out methods to the extent legally required.

Article 14

Retention Period

The Company retains acquired information for the period necessary to achieve the purpose of use, during the contract term and for the post-termination response period. Retention periods for chat history, uploaded files, access logs and other information are set in the Service Specification, order form or individual contract. After termination or fulfilment of purpose, information is deleted, erased or anonymized by an appropriate method, except where retention is legally required (deletion may take time due to backups, audit logs or system constraints).

Article 15

Disclosure and Other Requests

Users may request notification of the purpose of use, disclosure, correction, addition, deletion, suspension of use, erasure or suspension of third-party provision of their own personal information. The Company responds within a reasonable period after identity verification and necessary investigation in accordance with the law. Requests regarding data managed by the Customer may be handled through the Customer.

Article 16

Use by Minors

Where a minor uses the Service, consent of a legal guardian must be obtained. Where an educational institution or similar Customer introduces the Service, the eligibility of minors, the method of obtaining consent, permissible inputs and usage rules are determined by the Customer at its own responsibility.

Article 17

Amendments

The Company may amend this Policy where necessary due to changes in law, changes to the Service or other reasons. Material changes will be notified on the Service or the Company’s website. Where an amendment legally requires consent, the Company will carry out the necessary procedures in accordance with the law.

Article 18

Contact

For inquiries regarding this Policy, requests for disclosure of personal information, complaints or consultations, please contact:

  • Company: VAON VIET NAM Co., Ltd.
  • Personal Information Protection Manager: The Representative
  • Address: No.16, 4 Hamlet, Vinh Thanh, Vinh Thanh, Ha Noi, Viet Nam