Privacy Policy

The Company collects the following personal information in providing the Service and uses it for the respective purposes.

1. Account information (email address, name) and OAuth authentication information: Provision of the Service, authentication and identity verification of users
2. Payment information: Billing and payment processing (delegated to Stripe, Inc.; the Company does not retain card numbers)
3. Service usage data (login history, operation logs, asset registration status, scan execution history, etc.): Maintenance and improvement of the Service, quality improvement, statistical analysis, and response to violations of the Terms of Service
4. Inquiry information: Responding to inquiries

The Company may use information that has been aggregated, statisticalized, or anonymized in a form that does not identify individuals for the improvement, analysis, and operation of the Service. If the Company uses personal information beyond the scope of the above purposes, the Company shall obtain the prior consent of the user.

The Company shall not provide personal information to third parties without the prior consent of the user, except in the following cases.

1. When required by law
2. When necessary for the protection of human life, body, or property, and it is difficult to obtain the consent of the individual
3. When cooperation is required for a governmental body or local authority to execute affairs prescribed by law

The Company may outsource the handling of personal information to third parties to the extent necessary to achieve the purposes of use, including authentication and database operations, payment processing, bot protection, email delivery, log storage, and monitoring. The main service providers are Supabase, Inc., Stripe, Inc., and Cloudflare, Inc. In such cases, the Company shall exercise necessary and appropriate supervision over such third parties.

In providing this Service, the Company transmits information from the user's device to the following external servers (pursuant to Article 27-12 of the Telecommunications Business Act).

For the provision, maintenance, security, statistical analysis, and quality improvement of the Service, the Company entrusts the handling of personal information to the following business operators located in foreign countries (Article 28 of the Act on the Protection of Personal Information). The Company confirms the required safety management measures for each vendor and exercises necessary and appropriate supervision.

The Company assumes that authentication data, session data, payment-related data, device identification data, logs, and other operational data may be processed on servers located outside Japan, including in the United States, by these service providers, and takes the necessary safety management measures. For information regarding the personal information protection system in the United States, please refer to the "Survey on Personal Information Protection Systems in Foreign Countries" (United States) published on the website of the Personal Information Protection Commission.

The Company implements organizational, personnel, and technical security measures (including communication encryption, access controls, multi-factor authentication, etc.) to prevent the leakage, loss, or damage of personal information.

Users may request the disclosure, correction, deletion, or suspension of use of their personal information from the Company in accordance with the Act on the Protection of Personal Information. Please contact us at the inquiry address below. We will respond within a reasonable period after verifying your identity.

For inquiries regarding this Policy and complaints regarding personal information, please contact us at the following.