Privacy
Last updated: February 8, 2026
1. Data Controller
The data controller responsible for your personal data is:
2. Legal Framework
This Privacy Policy is designed to comply with Japan's Act on the Protection of Personal Information (APPI) (個人情報の保護に関する法律), as amended. Where our services involve processing personal data of individuals in the European Economic Area (EEA), we also comply with the General Data Protection Regulation (GDPR).
3. Information We Collect
3.1 Contact Form Submissions
When you submit our contact form, we collect:
- Your name
- Email address
- Company name (optional)
- Message content
3.2 Automatically Collected Data
When you visit our Website, we may automatically collect:
- IP address (anonymized)
- Browser type and version
- Device type and operating system
- Pages visited and time spent
- Referring website
3.3 Cookies
We use a limited number of cookies for essential functionality. For details, see our Cookie Policy.
4. How We Use Your Information
We use the information we collect for the following purposes:
- Contact form data: To respond to your inquiry and communicate about potential engagements
- Analytics data: To understand website usage patterns and improve user experience
- Cookie data: To remember your preferences (theme, language, cookie consent)
- Legal compliance: To comply with applicable laws and regulations
5. Legal Basis for Processing
- Consent: When you submit our contact form or accept cookies, you provide consent for us to process that data
- Legitimate interest: Website analytics to improve our services and user experience
- Contractual necessity: Processing data required to fulfill client engagement obligations
- Legal obligation: Compliance with applicable Japanese and international laws
6. Third-Party Service Providers
We share personal data with the following third-party service providers who process data on our behalf:
| Provider | Purpose | Data Location |
|---|---|---|
| Brevo (Sendinblue) | Contact form email delivery and contact management | EU (France/Germany) |
| Google Analytics | Website traffic analytics (anonymized) | United States |
Each provider is contractually obligated to protect your data and only process it according to our instructions.
7. International Data Transfers
Your data may be transferred to and processed in countries outside Japan, including the EU (Brevo) and the United States (Google Analytics). When transferring data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and adherence to the APPI requirements for cross-border data transfers.
8. Data Retention
- Contact form submissions: Retained in Brevo for up to 24 months from the date of submission, unless you request earlier deletion
- Analytics data: Retained for 14 months (Google Analytics default retention period)
- Cookie preferences: Stored locally in your browser until cleared by you
- Client engagement data: Retained as required by applicable law and the terms of the engagement agreement
9. Your Rights Under APPI
Under Japan's Act on the Protection of Personal Information, you have the following rights:
- Right to disclosure: Request disclosure of your personal data that we hold
- Right to correction: Request correction of inaccurate personal data
- Right to deletion: Request deletion or suspension of use of your personal data
- Right to know purpose: Request disclosure of the purpose of use of your personal data
- Right to stop third-party provision: Request that we stop providing your personal data to third parties
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within a reasonable timeframe, and no later than the period required by applicable law.
10. Additional Rights for EEA Residents (GDPR)
If you are located in the European Economic Area, you additionally have the right to:
- Data portability (receive your data in a structured, machine-readable format)
- Restriction of processing
- Object to processing based on legitimate interest
- Withdraw consent at any time
- Lodge a complaint with your local data protection authority
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including: HTTPS encryption for all website communications, access controls limiting data access to authorized personnel, and regular security reviews of our systems. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
12. Children's Privacy
Our Website and services are directed at business clients and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will promptly delete that information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this Policy periodically. For material changes, we may provide additional notice through our Website.
14. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: