Privacy Policy

Article 1 (Business Entity Information)

Article 2 (Definition of Personal Information)

In this Policy, "Personal Information" refers to personal information as defined in Article 2, Paragraph 1 of APPI, namely, information about a living individual that can identify a specific individual by name, date of birth, or other description contained in such information (including information that can be easily collated with other information and thereby identify a specific individual), or information that contains a personal identification code.

Article 3 (Personal Information We Collect)

In providing our services, we collect the following personal information:

Article 4 (Purpose of Use of Personal Information)

We use collected personal information for the following purposes:

1. To provide, maintain, improve, and develop our services (AI newsletter distribution, AI implementation, enterprise plans)
2. For user authentication and identity verification
3. To deliver newsletters and send email notifications
4. To respond to customer inquiries and requests
5. For payment processing and billing management for paid services
6. To detect and respond to violations of terms of service and fraudulent use
7. To notify important announcements and changes to terms related to our services
8. To analyze usage patterns and create statistical data for service improvement (processed in a format that does not identify individuals)
9. To provide information about new services, features, and campaigns (only when customers have opted in)
10. To provide customer support and technical support
11. For security measures and prevention of unauthorized access
12. To comply with laws and fulfill legal obligations

Article 5 (Provision of Personal Information to Third Parties)

1. We will not provide personal information to third parties without your consent, except in the following cases:
   • When required by law
   • When necessary to protect the life, body, or property of a person and it is difficult to obtain consent
   • When particularly necessary for improving public health or promoting the sound growth of children and it is difficult to obtain consent
   • When necessary to cooperate with national or local government agencies in performing legally mandated duties and obtaining consent would interfere with such performance
2. Notwithstanding the preceding paragraph, the following cases shall not be considered third-party provision:
   • When we outsource all or part of the handling of personal information within the scope necessary to achieve the purpose of use
   • When personal information is provided in connection with business succession due to merger or other reasons

Article 6 (Provision of Personal Information to Service Providers)

To provide and operate our services, we share personal information with the following service providers. These providers implement appropriate security measures and have confidentiality agreements with us.

* These service providers manage personal information in accordance with their own privacy policies. Please refer to each company's privacy policy for details.

Article 7 (International Transfer of Personal Information)

Some of our service providers (Stripe, Supabase, Resend, Google, etc.) are located in the United States, and your personal information may be transferred to the United States. These providers implement appropriate security measures and comply with GDPR and other international data protection standards.

Article 8 (Cookies and Similar Technologies)

Article 9 (Use of Google Analytics)

We use Google Analytics provided by Google LLC to analyze service usage and improve our services. Google Analytics uses cookies to analyze your use of our services. Collected data is anonymized and cannot identify individuals.

For details about Google Analytics, please see Google's Privacy Policy.

Article 10 (Security Measures for Personal Information)

We implement the following measures to prevent leakage, loss, or damage to personal information and ensure its secure management:

1. Organizational security measures: Appointment of a personal information protection officer, regular employee education and training
2. Personnel security measures: Confidentiality agreements with employees, strict access control
3. Physical security measures: Physical access restrictions to data centers, lock management
4. Technical security measures:
   • Use of SSL/TLS encrypted communication (all data transmission and reception)
   • Prevention of unauthorized access through firewalls
   • Regular security audits and vulnerability assessments
   • Recording and monitoring of access logs
   • Encrypted storage of passwords
   • Regular backups

Article 11 (Personal Information Retention Period)

We retain personal information for the following periods:

• Account information: 2 years after account deletion or deregistration
• Newsletter subscriber information: 2 years after unsubscribe
• Inquiry history: 3 years after response completion
• Paid service contract information: 7 years after contract termination (due to tax law retention obligations)
• Payment information: Managed by Stripe Inc. (not retained by us)
• Access logs: Maximum 1 year

After the above periods, we will promptly delete or anonymize personal information. However, if retention is mandated by law, we will retain it for the period specified by such law.

Article 12 (Your Rights)

Based on APPI and other laws, you have the following rights regarding your personal information:

1. Right to Disclosure: You can request disclosure of your personal information held by us.
2. Right to Correction: If there are errors in your personal information, you can request correction.
3. Right to Suspension of Use: You can request suspension of use of your personal information.
4. Right to Deletion: You can request deletion of your personal information.
5. Right to Stop Third-Party Provision: You can request cessation of provision of personal information to third parties.
6. Right to Data Portability: You can request provision of your personal information in machine-readable format.

To exercise these rights, please contact hello@dera.ai. We will respond without delay after verifying your identity. However, this does not apply when disclosure is restricted by law.

Article 13 (Newsletter Unsubscribe)

To stop receiving newsletters, click the "Unsubscribe" link in each newsletter or contact hello@dera.ai. Unsubscribe processing will be completed within 3 business days of your request.

Article 14 (Personal Information of Minors)

We do not intentionally collect personal information from children under 13. If persons aged 13 to 17 use our services, parental consent is required. Parents may request viewing, correction, or deletion of their children's personal information.

Article 15 (Inquiries and Complaints Regarding Personal Information Handling)

For inquiries, disclosure requests, or complaints regarding our handling of personal information, please contact the following:

Article 16 (Certified Personal Information Protection Organization)

We are not a member of any certified personal information protection organization. If you have complaints regarding personal information handling that cannot be resolved, you may contact the Personal Information Protection Commission (https://www.ppc.go.jp/).

Article 17 (Changes to This Policy)

1. We may change this Policy due to legal changes, business changes, or other reasons.
2. When changing this Policy, we will notify the effective date and content of the revised Policy through display on our services or other appropriate means.
3. For significant changes, we will notify you via email at least 2 weeks before the effective date.