Privacy Policy

合同会社やなか事務所(“we” or “the Company”) establishes this Privacy Policy (“this Policy”) regarding the handling of users’ personal information in the “WasaView” service (“this Service”) that the Company operates, as set out below.

Article 1 (Basic Policy)

The Company complies with the Act on the Protection of Personal Information (the “Personal Information Protection Act”) and other relevant laws, regulations, and guidelines, and handles personal information appropriately.

Article 2 (Personal Information We Collect)

The Company collects the following personal information in this Service.

(1) Information collected directly from the user

• Account information linked through an external authentication service (email address, name, profile image, and the user identifier on the external service)
• Information provided when contacting us in connection with the use of this Service (name, contact details, the content of the inquiry, etc.)
• Payment-related information (the Company does not itself retain credit card information as such; it is handled by Stripe, our payment processor)

(2) Information collected automatically through use of this Service

• Identifiers via cookies and session information
• Usage history of this Service (analysis execution history, credit consumption history, etc.)
• Access date and time (the date and time of login, analysis execution, and the like)

The Company does not currently collect IP addresses, browser type, OS, or referrer information. If, in the future, the Company collects such information for purposes such as ensuring security or preventing improper use, it will notify users after revising this Policy.

Article 3 (Purposes of Use of Personal Information)

The Company uses the personal information it collects for the following purposes.

1. To provide, operate, and authenticate this Service
2. To manage credits and process payments
3. To provide the analysis feature and to generate and display analysis results
4. To respond to inquiries from users
5. To improve the quality of this Service and develop features
6. For statistical analysis of the usage of this Service (processed into a form that cannot identify individuals)
7. To improve the quality of the AI-based analysis feature of this Service
8. To send important notices, update information, and the like regarding this Service
9. To detect, prevent, and respond to improper use
10. To respond as required by law and to handle disputes

Article 4 (Provision of Personal Information to Third Parties)

1. The Company will not provide personal information to third parties without the user’s consent. However, this does not apply in the following cases.
   • Where based on laws and regulations
   • Where necessary to protect the life, body, or property of a person and it is difficult to obtain the consent of the individual
   • Where particularly necessary to improve public health or to promote the sound upbringing of children and it is difficult to obtain the consent of the individual
   • Where it is necessary to cooperate with a national agency, a local government, or a party entrusted by either of them in carrying out affairs prescribed by law
   • Where a business is succeeded by reason of merger, business transfer, or other event
2. Notwithstanding the preceding paragraph, the handling of personal information accompanying the entrustment of operations set out in the following Article does not constitute provision to a third party under the Personal Information Protection Act.

Article 5 (Subcontractors)

To the extent necessary to provide this Service, the Company may entrust the handling of personal information to the following subcontractors. The Company requires its subcontractors to manage personal information appropriately and exercises necessary supervision over them.

Article 6 (Provision of Personal Information to Third Parties in Foreign Countries)

1. As set out in the preceding Article, the Company may entrust the handling of personal information to businesses located in foreign countries. By agreeing to this Policy, the user consents to the provision of personal information to third parties in foreign countries.
2. The foreign countries to which the Company provides personal information are as follows. An overview of the personal information protection regime in each country is set out in the following paragraph.
   • United States (location of Stripe, Vercel, Supabase, Anthropic, and Google)
   • India (location of Scrapingdog)
3. Overview of the personal information protection regime in each country

   United States

   The United States has no comprehensive federal law on the protection of personal information; instead, it is governed by sector-specific federal laws (such as HIPAA in the healthcare sector, the GLBA in the financial sector, and COPPA for the protection of children's online privacy) and by state laws (such as the CCPA/CPRA in California). The businesses to which data is provided implement security control measures based on these applicable laws and industry standards (such as SOC 2 and ISO 27001).

   India

   In India, the Digital Personal Data Protection Act, 2023 has been enacted and is being brought into force in stages. The Act provides for the handling of personal data based on the data principal's consent, the rights of data principals, the obligations of data fiduciaries, and the establishment of an enforcement authority.

4. Each subcontractor implements security control measures based on SOC 2, ISO 27001, PCI DSS, or other industry-standard certifications or criteria.
5. For more detailed information on provision to third parties in foreign countries, please refer to the “Survey on Systems Concerning the Protection of Personal Information in Foreign Countries” published by the Personal Information Protection Commission.

Article 7 (Cookies, tracking technologies, and external transmission)

1. This Service uses cookies and similar tracking technologies for purposes such as improving convenience, analyzing usage, and preventing improper use.
2. Users may refuse to accept cookies through their browser settings. However, if cookies are disabled, some features of this Service may become unavailable.

To the extent necessary to provide the Service, the Service transmits information from the user’s terminal (browser) to the following external businesses (Article 27-12 of the Telecommunications Business Act). For each recipient’s location and the entrusted operations, see Article 5. We are configured not to send referrer information when fetching images.

Article 8 (Retention Period of Personal Information)

1. The Company retains personal information for the period necessary to achieve the purposes of use.
2. If a user withdraws from this Service, the Company will, within a reasonable period, delete or anonymize that user’s personal information, except for information whose retention is required by law and information necessary for handling disputes.
3. Even in the case of the preceding paragraph, the Company retains the following information. Personal information other than the following is deleted or anonymized without delay after withdrawal.
   • In order to fulfill statutory retention obligations (the preparation and retention of accounting books and the like), the Company retains records relating to purchases and refunds, after processing them into a form that cannot identify individuals (pseudonymization), for the retention period prescribed by law.
   • In order to prevent the duplicate acquisition of benefits granted free of charge, the Company retains a hashed value of the account identifier.

Article 9 (Security Control Measures)

The Company takes the following measures to prevent the leakage, loss, or damage of personal information and otherwise to manage the security of personal information.

• Encryption by SSL/TLS of communications that handle personal information
• Appropriate access control for information stored in the database
• Secure management of authentication credentials (session tokens, etc.)
• Confirmation of the security management framework at subcontractors
• Limiting and training of employees who handle personal information
• Detection of and response to unauthorized access

Article 10 (Rights of Users)

1. A user may request, with respect to their own personal information, disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of provision to third parties.
2. To make a request under the preceding paragraph, the user shall contact the Company’s designated point of contact. The Company will respond within a reasonable period in accordance with law, after verifying the user’s identity.
3. A user may directly correct part of their own account information from the settings screen of this Service.

Article 11 (Changes to this Policy)

1. The Company may change this Policy as necessary.
2. When changing this Policy, the Company will make the content of the change and the effective date of the change known to users by posting on this Service or by other means.
3. If a user uses this Service on or after the effective date, the user is deemed to have agreed to this Policy as changed.

Article 12 (Contact)

For inquiries regarding this Policy or the handling of personal information, please contact us at the following.

End