Last updated: 2026/5/28
Details on SocialDog's security, personal data protection, costs, and operational structure.
このページでは、SocialDogの認証・個人情報の取り扱い・費用・解約など、セキュリティと運用体制に関する詳細を説明します。
1. Authentication (MFA / Password Management)
1-1. About Multi-Factor Authentication (MFA)
- SocialDog offers Multi-Factor Authentication (MFA) functionality to all users.
- The authentication method is a one-time password (TOTP method) via an authenticator app.
- MFA use is optional and not mandatory.
1-2. Password Expiration (Periodic Change)
- We do not provide a feature to set password expiration (mandatory change at regular intervals).
1-3. Account Lockout
- Certain countermeasures are implemented on the system side to prevent unauthorized access when repeated authentication failures occur.
- Specific details such as the number of attempts and conditions are not disclosed as they may facilitate unauthorized access.
1-4. Password Complexity Requirements
- Passwords must be alphanumeric, include at least one number or symbol, one uppercase alphabet character, and be 8 characters or more.
2. Confidentiality (NDA)
- Provisions regarding the handling and confidentiality of information entrusted to us are not stipulated in the terms of use.
- The handling of information is stipulated in our privacy policy.
- Privacy Policy: https://web.social-dog.net/docs/privacy
- Individual NDAs are not concluded. For details, please refer to the following page.
3. Handling of Personal Information (Accountability System)
- Based on our "Privacy Policy" and "Information Security Policy", we handle personal information appropriately.
- Privacy Policy: https://web.social-dog.net/docs/privacy
- Regarding the person responsible for personal information protection, an "ISMS Manager" is appointed within the company to oversee all aspects of information security and personal information protection (this is established based on roles, not individual names).
4. Intellectual Property (Posted Data, etc.) and Scope of Use
- Rights regarding data created and posted by customers on SocialDog (post text, images, analysis data, etc.) are handled based on the terms of use and privacy policy.
- While rights held by customers are reserved to them, we use the data to the extent necessary for service provision, incident response, quality improvement, and feature enhancement.
- For some functions such as payment processing, we provide services in cooperation with entrusted parties such as payment service providers. To these entrusted parties, only the minimum necessary information is provided based on contracts, and proper management is carried out.
- Payment Processing: Stripe, NP Kake払い
5. Costs (Conditions for Additional Fees) / Linked Services
5-1. Conditions for Additional Fees with SocialDog Use
- A basic fee is incurred according to your contracted plan.
- Additional fees are incurred at the time of upgrading to a higher plan and at contract renewal (next billing cycle).
- For specific amounts and conditions, please check your current plan and the pricing page.
5-2. Cost Burden for Linked Services (e.g., X)
- Currently, SocialDog does not charge additional fees for external service usage fees or API charges for services such as X.
- The contract terms and billing conditions (e.g., X Premium) for each SNS service must comply with the terms of each service provider.
6. Cancellation Conditions (Penalty Fees / Refunds)
- No cancellation fees or penalties will be incurred upon cancellation.
- Contracts are on a "monthly payment" or "annual payment" basis, and even in the case of mid-term cancellation, pro-rata refunds or similar for the period already paid will not be issued.
- Services can be used until the contract end date even after cancellation procedures are completed.
7. Human Security Measures (Training / Disciplinary Actions, etc.)
- Our company conducts information security training for all employees at least once every six months.
- Based on our internal regulations regarding information security, if a violation occurs, we have a system in place to confirm the facts and implement necessary corrective actions and disciplinary measures.
- The specific details of disciplinary actions and internal regulations are internal rules and are therefore not disclosed externally.
8. ID Integration (Federation)
- Currently, single sign-on (SSO) functionality using SAML / OIDC or similar is not provided.
9. ID Management (Centralized Management / Permission Management)
- SocialDog allows setting administrator and general user permissions for each team through the "Team Feature".
- Users with administrator permissions can access some management functions, such as team settings and member management.
10. Session Management
- In SocialDog, if a login state continues for a certain period, the session automatically expires, requiring re-login.
- Sessions are set to be valid for a maximum of two weeks.
- Some specifications regarding specific session timeout conditions are not disclosed from the perspective of preventing unauthorized use. It is designed to prevent continued access from devices that have not been operated for a long time.
11. Device Identification
- Currently, we do not provide device identification or device control features that require device certificates (e.g., forcibly blocking access from non-specified devices).
- Customers are requested to manage device-side security (OS and browser updates, device locks, etc.).
12. DDoS Protection
- SocialDog operates on Google Cloud Platform (GCP) data centers, and is prepared for external attacks and failures through GCP's network-level defense features and infrastructure redundancy.
- At the application level, some APIs are designed to mitigate service impact from excessive requests by implementing controls such as rate limiting.
- Detailed disclosure is withheld as this information pertains to attack resilience.
13. Bulk Writing / Unauthorized Input Countermeasures
- reCAPTCHA is implemented on some screens, such as login and inquiry forms, to suppress unauthorized access by bots and bulk automated input.
- For some APIs, rate limiting and other controls are applied to prevent service impact from a large number of requests in a short period.
- The specific thresholds and rules for these measures are not disclosed as they could provide clues for unauthorized use.
14. Sub-processors (Subcontracting) / Data Storage Location
14-1. Sub-processors (Subcontractors)
The subcontractors currently in use are as follows:
- Payment Processing
- Stripe (Credit card payments)
- NP Kake払い (Invoice payments)
We collaborate with these service providers based on contracts that stipulate the scope of information handling and security measures.
14-2. Data Storage Location
- SocialDog operates on Google Cloud Platform (GCP) data centers, and the primary production data is stored in the Tokyo region.
- From the perspective of availability and disaster recovery, some data backups are maintained in Asian regions.
- These operations are implemented in compliance with applicable laws and contractual requirements.
15. Security Incident Notification/Contact Point / Audit (Third-Party Assessment)
- Our company has obtained ISO27001 (ISMS) international standard certification and operates its information security management system in accordance with this framework.
- In the event of a security incident, based on our internal incident response process, we identify the incident, determine the scope of impact, analyze the cause, and consider and implement recurrence prevention measures.
- Notification conditions, initial response time, and communication methods to customers are determined individually based on the nature of the incident and contractual terms.