Privacy Policy

JCIX Privacy Policy

Japan Community IX Association

DISCLAIMER: This is an unofficial English translation provided for reference purposes only. The Japanese text is the authoritative and controlling version. In the event of any inconsistency between the Japanese and English texts, the Japanese text shall prevail.

Japan Community IX Association (hereinafter “the Association”) shall handle personal information obtained in the course of providing the Internet Exchange Service (hereinafter “the Service”) and conducting other business activities in accordance with the Act on the Protection of Personal Information (hereinafter “APPI”), other applicable laws and regulations, and this Policy.

1. Name and Location of Business Operator

Item Content
Name Japan Community IX Association
Address Shibuya-ku, Tokyo (Principal Office)
Inquiry Contact Contact window set forth in Article 10 of this Policy

2. Personal Information Collected

The Association shall collect the following personal information for the purpose of providing the Service and conducting its operations:

  1. Information regarding members and their representatives: name, name of affiliated organization, title, email address, phone number, and other contact information.
  2. Information regarding technical contacts: names and contact information for administrators, technical contacts (NOC), peering contacts, etc.
  3. Member Portal account information: login identifiers and other information relating to use of the Member Portal. As login to the Member Portal is performed through authentication using a PeeringDB account (OAuth, etc.), the Association does not retain passwords themselves.
  4. Billing and payment information: billing details, information regarding payment methods, and transaction history.
  5. Information obtained in connection with confirmations relating to the exclusion of Antisocial Forces.
  6. Technical information relating to operation of the Service: IP addresses, ASNs, MAC addresses, port information, traffic statistics, and similar data assigned to members.
  7. Access logs, Cookies, and similar information from the Member Portal and the Association’s website.

3. Purpose of Use

The Association shall use collected personal information within the scope of the following purposes:

  1. Provision, operation, and maintenance of the Service.
  2. Management of membership status and processing of admissions and withdrawals.
  3. Billing, collection, and other accounting and payment administration relating to membership fees.
  4. Contacting, notifying, informing, and responding to inquiries from members and the individuals concerned.
  5. Responding to Service failures, detecting and preventing unauthorized use, and ensuring security.
  6. Business reporting, administration of the General Meeting of Members and the Board of Directors, and other matters relating to operation of the Association.
  7. Compliance with applicable laws and regulations.
  8. Business incidental to each of the preceding items.

4. Secrecy of Communications

The Association shall protect the secrecy of communications handled in the Service pursuant to Article 4 of the Telecommunications Business Act.

  1. The Association shall not acquire, intercept, retain, or inspect the content of communications between members passing through the IX Fabric. Information handled by the Association for the operation of the Service shall be limited to the operational metadata defined in Article 2, item 6 (IP addresses, ASNs, MAC addresses, traffic statistics, etc.).

  2. The Association shall not handle information subject to the secrecy of communications, except in cases required by law or where other justifiable grounds exist.

5. Security Control Measures

The Association shall implement necessary and appropriate measures to prevent leakage, loss, or damage of personal information it handles, and to ensure other security control.

  1. When entrusting the handling of personal information to a third party, the Association shall exercise necessary and appropriate supervision over the entrusted party. For domestic entrusted parties, security control measures shall be ensured through entrustment agreements or other means.

  2. When handling personal data abroad (including the US-based entrusted parties described in Article 6-1), the Association shall ascertain the name of such foreign country and the personal information protection regime of such country, and implement necessary security control measures.

6. Provision to Entrusted Parties (Domestic and International)

The Association may entrust the handling of personal information to external businesses within the scope necessary to achieve the purposes of use. In such cases, the Association shall exercise necessary and appropriate supervision over the entrusted parties. The principal entrusted parties and the content of entrustment are as follows:

Entrusted Party Content of Entrustment Country Cross-border Transfer
Stripe, Inc. (and its group companies) Payment processing for membership fees, etc.; monitoring and prevention of unauthorized use United States and Ireland Yes (United States)
Google LLC (Google Workspace) Email (including sending and receiving member notifications), document/file creation, storage, and sharing United States Yes (United States)
Slack Technologies (Salesforce, Inc.) Communication infrastructure (internal communication and information sharing) United States Yes (United States)
Kamoike.net LLP (有限責任事業組合かもいけねっと) Provision of virtual servers (VMs) and other server operating environments Japan No
TelHi Corporation (輝日株式会社) Provision of virtual servers (VMs) and other server operating environments Japan No
Geek Project LLC (ギークプロジェクト合同会社) Provision of virtual servers (VMs) and other server operating environments Japan No
freee K.K. (freee株式会社) Accounting, bookkeeping, and other accounting-related administrative processing Japan No

Article 6-1. Cross-border Transfer to Third Parties in Foreign Countries

The Association entrusts the handling of personal data to Stripe, Inc., Google LLC, and Slack Technologies (Salesforce, Inc.), which are located in the United States, as set forth in the preceding article. Pursuant to Article 28 of APPI, provision of personal data to third parties in foreign countries shall be made by one of the following methods:

  1. Obtaining the prior consent of the individual to the effect that they authorize provision of personal data to a third party in a foreign country.

  2. Provision based on a framework where such third party has established the arrangements necessary to continuously implement measures equivalent to those required of personal information handling business operators (a “compliant framework”).

  3. When obtaining consent under item 1 of the preceding paragraph, the Association shall, pursuant to Article 28, paragraph 2 of APPI and Article 17 of the Enforcement Regulations thereunder, provide the individual in advance with information regarding the name of the destination foreign country, the personal information protection regime of such country, and the personal information protection measures implemented by the transferee.

7. Third-party Provision

The Association shall not provide personal data to third parties without the prior consent of the individual concerned, except in the following cases:

  1. Cases required by law.
  2. Cases where provision is necessary to protect the life, body, or property of a person, and it is difficult to obtain the consent of the individual concerned.
  3. Cases where provision is made in connection with entrustment as described in the preceding article (entrustment does not constitute third-party provision under APPI).

Article 7-1. Registration of Technical Contacts in PeeringDB and Other Databases

Members may register their organization name, ASN, technical contacts, and similar information in PeeringDB and other public databases for the purpose of smooth operation of the Service and achievement of peering.

  1. When the Association registers a member’s technical contacts (which may constitute personal information) in PeeringDB or other databases, it shall obtain the prior consent of the applicable member. Note that information registered in these databases will be publicly available on the Internet and accessible to third parties.

8. Use of Cookies and Similar Technologies

The Association’s Member Portal and website may use Cookies and similar technologies for the purpose of understanding usage, improving convenience, and ensuring security.

  1. Individuals may refuse to accept Cookies through browser settings; provided, however, that in such cases, some functions of the Member Portal and similar services may be unavailable.

9. Rights of Individuals Regarding Retained Personal Data

Individuals may, in accordance with APPI, request that the Association notify them of the purpose of use, disclose, correct, add, or delete the content of, suspend use of or erase, or cease third-party provision of retained personal data.

  1. Requests under the preceding paragraph shall be accepted at the contact window set forth in Article 10. The Association shall respond in accordance with law after confirming that the request is made by the individual concerned.

10. Inquiry Contact

Inquiries regarding this Policy and the handling of personal information, and requests under the preceding article, shall be accepted through the contact form or contact information listed on the Association’s website.

11. Amendments to This Policy

The Association may amend this Policy due to changes in laws and regulations, changes in business content, or other reasons. The amended Policy shall take effect upon dissemination by posting on the Association’s website or other appropriate means.

Supplementary Provisions

This Policy shall take effect on June 1, 2026.