Details on SocialDog's security, data protection, costs, and operational structure.

This page describes details regarding SocialDog's security and operational framework, including authentication, personal information handling, costs, and termination.

1. Authentication (MFA / Password Management)

1-1. Multi-Factor Authentication (MFA)

• SocialDog provides Multi-Factor Authentication (MFA) functionality to all users.
• The authentication method uses one-time passwords (TOTP method) via an authenticator app.
• MFA usage is optional and not mandatory.

1-2. Password Expiration (Periodic Changes)

• We do not provide a feature to set password expiration (mandatory changes at regular intervals).

1-3. Account Lockout

• For countermeasures against unauthorized access due to repeated authentication failures, certain measures are implemented on the system side.
• Specific details such as the number of attempts or conditions are not disclosed, as this could facilitate unauthorized access.

1-4. Password Complexity Requirements

• Passwords must be alphanumeric, include at least one number or symbol, at least one uppercase alphabet character, and be at least 8 characters long.

2. Confidentiality (NDA)

• Provisions regarding the handling and confidentiality of information entrusted to us are not stipulated in the Terms of Use.
• The handling of information is stipulated in our Privacy Policy.
  • Privacy Policy: https://web.social-dog.net/docs/privacy
• Individual NDAs are not concluded. For details, please refer to the following page.
  • Required Documents for Introduction

3. Handling of Personal Information (Responsibility System)

• We handle personal information appropriately based on our "Privacy Policy" and "Information Security Policy."
  • Privacy Policy: https://web.social-dog.net/docs/privacy
• For the person responsible equivalent to a Personal Information Protection Manager, we have an "ISMS Manager" internally who oversees all aspects of information security and personal information protection (this is a role-based appointment, not specific to an individual's name).

4. Intellectual Property (Posted Data, etc.) and Scope of Use

• The intellectual property rights regarding data created and posted by users on SocialDog (e.g., posts, images, analytical data) are handled based on our Terms of Use and Privacy Policy.
• While rights held by customers are reserved to them, we utilize the data to the extent necessary for service provision, incident response, quality improvement, and feature enhancements.
• For some functions, such as payment processing, we provide services in cooperation with sub-contractors such as payment service providers. To these sub-contractors, we provide only the minimum necessary information based on contracts and ensure appropriate management.
  • Payment Processing: Stripe, NP Kakebarai

5. Costs (Conditions for Additional Costs) / Integrated Services

5-1. Conditions for Additional Costs for SocialDog Usage

• A basic fee applies according to your contracted plan.
• Additional costs are incurred upon upgrading to a higher plan and at contract renewal (next billing cycle).
• For specific amounts and conditions, please check your current plan and the pricing page.

5-2. Cost Burden for Integrated Services (e.g., X)

• Currently, SocialDog does not charge additional fees for costs or API usage fees associated with external services like X.
• The contract terms and billing conditions (e.g., X Premium) for each SNS service must comply with the terms of each service provider.

6. Termination Conditions (Penalties / Refunds)

• No penalties or termination fees are incurred upon cancellation.
• Contracts are on a "monthly payment" or "annual payment" basis, and even in the event of early termination, no pro-rata refunds will be issued for periods already paid for.
• After the termination procedure, the service can be used until the contract expiration date.

7. Human Security Measures (Training / Disciplinary Actions, etc.)

• We conduct information security training for all employees at least once every six months.
• Based on internal regulations regarding information security, in the event of a violation, we have established a system to verify the facts and implement necessary corrective actions or disciplinary measures.
• Specific details of disciplinary actions and internal regulations are internal rules, so external disclosure is withheld.

8. ID Federation

• Currently, Single Sign-On (SSO) functionality using SAML / OIDC or similar is not provided.

9. ID Management (Centralized Management / Access Control)

• SocialDog allows setting administrator and general user permissions per team via the "Team Function."
• Users with administrator privileges can access some administrative functions, such as team settings and member management.

10. Session Management

• In SocialDog, if the login state persists for a certain period, the session automatically expires, requiring re-login.
• Sessions are set to remain valid for a maximum of 2 weeks.
• Specific session timeout conditions are partially undisclosed to prevent unauthorized use. The system is designed to prevent continued access from devices that have been inactive for a long period.

11. Device Identification

• Currently, functions for device identification and control that require device certificates (e.g., forcefully blocking access from devices other than specific ones) are not provided.
• Regarding device-side security (e.g., OS/browser updates, device lock), customers are responsible for their own management.

12. DDoS Mitigation

• SocialDog operates on Google Cloud Platform (GCP) data centers, utilizing GCP's network-level defense features and infrastructure redundancy to prepare for external attacks and failures.
• At the application level, rate limiting and other controls are implemented for some APIs to suppress service impact from excessive requests.
• Specific rules and components are not fully disclosed as they pertain to attack resilience.

13. Bulk Writing / Malicious Input Countermeasures

• On some screens, such as login and inquiry forms, reCAPTCHA is implemented to prevent unauthorized access by bots and large-scale automated input.
• Rate limiting and other controls are applied to some APIs to prevent service impact from a large number of requests in a short period.
• Specific thresholds and rules for these countermeasures are not disclosed as they could provide clues for malicious use.

14. Sub-processors / Data Storage Location

14-1. Sub-processors

The sub-processors currently utilized are as follows:

• Payment Processing
  • Stripe (Credit Card Payments)
  • NP Kakebarai (Invoice Payments)

We collaborate with these providers based on contracts that define the scope of information handling and security measures.

14-2. Data Storage Location

• SocialDog operates on Google Cloud Platform (GCP) data centers, with primary production data stored in the Tokyo region.
• From the perspective of availability and disaster recovery, some data backups are maintained in regions within Asia.
• These operations are conducted in a manner that satisfies applicable laws and contractual requirements.

15. Security Incident Notification / Contact Point / Audit (Third-Party Assessment)

• We are certified under the international standard ISO 27001 (ISMS) and operate our information security management system in accordance with this framework.
• In the event of a security incident, we will ascertain the situation, identify the scope of impact, analyze the cause, and consider/implement recurrence prevention measures, based on our internal incident response process.
• Notification conditions to customers, initial response time, and communication methods will be determined individually based on the nature of the incident and contractual terms.