TOKOSEKI

Privacy Policy

This Privacy Policy (the "Policy") sets forth how TOKOSEKI ("we," "us," or "our") handles personal information and other information relating to users in connection with the websites, web applications, and other related services provided by us (collectively, the "Services"). Contractors, users, members, visitors, and any other persons related to the Services (collectively, "Users") shall review and agree to this Policy before using the Services.

Article 1 (Definitions)

  1. "Personal Information" means "personal information" as defined in Japan's Act on the Protection of Personal Information (the "APPI").
  2. "User Information" means Personal Information, access logs, device information, identifiers such as cookies, usage history, operation history, settings, User Content, and any other information necessary for providing, operating, improving, maintaining, supporting, securing, or complying with laws in relation to the Services.
  3. Terms used in this Policy that are not defined in this Policy shall follow the definitions in the Terms of Service, Cookie Policy, Security Policy, and AI Usage and Training Policy.

Article 2 (Information Collected and Collection Methods)

We may collect the following information by lawful and fair means.

  1. Information entered, registered, transmitted, or stored by Users
    • Name, display name, email address, phone number, organization name, department, position, billing information, inquiry details, and other information entered by Users
    • Information relating to workspaces, seats, seat equipment, layouts, reservations, members, invitations, permissions, notifications, webhooks, and other settings
    • Images, icons, avatars, company logos, text, notes, comments, uploaded files, and other User Content
  2. Information relating to authentication, identity verification, and account management
    • Email address, authentication codes, passkeys, login status, authentication results, and authentication logs
    • Display name, profile image, account identifiers, and other information necessary for authentication provided by social login or other external authentication services
  3. Information automatically collected through use of the Services
    • IP address, access date and time, viewed pages, referrer, operation history, usage history, error information, performance information, audit logs, and security logs
    • Device, OS, browser, language, time zone, identifiers such as cookies, advertising identifiers, local storage, and other device or communication information
  4. Information relating to payments and billing
    • Paid plan subscription status, payment status, billing information, receipts, refunds, payment failures, and other information notified by payment service providers
    • As a general rule, we do not directly obtain or store payment information such as credit card numbers.
  5. Information relating to external integrations and AI features
    • Webhook URLs, external integration settings, integration execution results, public IDs, display names, names, email addresses, phone numbers, operation event information, and other information necessary for integrations
    • Input data, AI outputs, operation information, referenced information, error logs, and other information necessary for providing and operating AI features
  6. Information relating to inquiries, support, and operational responses
    • Inquiry content, reply history, investigation details, identity verification information, support logs, and information necessary for incident investigation and security response

Article 3 (Purposes of Use)

We use collected User Information for the following purposes:

  • To provide, maintain, operate, improve, and enhance the quality of the Services
  • To manage accounts, authenticate Users, verify identities, manage permissions, prevent unauthorized use, and ensure security
  • To provide workspaces, seats, reservations, members, notifications, webhooks, AI features, and other features of the Services
  • To manage paid plans, billing, payments, payment status confirmation, refunds, usage restrictions, and other contracts
  • To respond to User inquiries, requests, reports, support matters, incident investigations, and security matters
  • To contact Users regarding maintenance, incidents, specification changes, rule changes, important notices, and other matters relating to the Services
  • To conduct access analysis, usage analysis, performance measurement, and creation of statistical or aggregated information
  • To use AI features, external services, cloud services, payment services, monitoring services, analytics services, and other external services necessary for providing the Services
  • To investigate, prevent, detect, and respond to fraudulent acts, unauthorized access, rule violations, infringement of rights, payment default, security issues, and other matters necessary for operating the Services
  • To respond to laws, guidelines, orders from administrative agencies or courts, disputes, audits, inquiries, exercise of rights, and other legal or operational needs
  • For purposes reasonably related to each of the above purposes

Article 4 (Changes to Purposes of Use)

We may change the purposes of use of User Information to the extent reasonably related to the purposes before the change. We will notify or disclose the changed purposes of use by posting on the Services, posting on our website, or by any other method we deem appropriate.

Article 5 (Outsourcing and Use of External Services)

  1. We may outsource all or part of the handling of User Information to third parties to the extent necessary to achieve the purposes of use.
  2. We may use cloud services, payment services, authentication services, delivery services, monitoring services, analytics services, AI services, and other external services for providing, operating, maintaining, processing payments for, authenticating, sending notifications for, analyzing, monitoring, supporting inquiries for, securing, or otherwise operating the Services.
  3. When using vendors or external services, we select and manage them within a reasonable scope, taking into account the information handled, outsourced tasks, countries of location, security level, contractual terms, terms of service, privacy policies, and other circumstances.
  4. Failures, suspension, specification changes, changes to terms of use, security issues, or other circumstances involving external services that are outside our reasonable control may affect all or part of the Services, or the processing, storage, or integration of User Information.

Article 6 (Provision to, Storage with, or Processing by Third Parties Located Outside Japan)

  1. For the provision and operation of the Services, we may use cloud services, payment services, authentication services, analytics services, monitoring services, AI services, and other external services, and may transmit, store, or process User Information with businesses, servers, or related infrastructure located outside Japan. The main destination or storage countries are the United States and other countries or regions.
  2. When providing personal data to third parties located outside Japan, we will take necessary actions based on user consent, outsourcing, legal grounds, or other bases permitted under the APPI.
  3. Information about legal systems relating to provision to third parties located outside Japan, personal information protection measures taken by such third parties, and other information that must be provided to the data subject by law will be provided upon request from the data subject to the extent required by law.

Article 7 (External Transmission)

  1. We may transmit User Information to third-party servers for providing and operating the Services, access analysis, prevention of unauthorized use, performance measurement, payments, inquiry handling, and execution of external integration features configured by Users or administrators.
  2. Publicly disclosed items for external transmission using cookies and similar technologies, such as transmitted information, recipients, purposes of use, and destination countries, are described in our separately established Cookie Policy.
  3. If a User or administrator configures webhooks or other external integrations, we may transmit public IDs, display names, names, email addresses, phone numbers, operation event information, and other information necessary for executing the integration feature to the configured external integration destination in accordance with that configuration.
  4. External integration destinations, transmitted information, purposes of use at the destination, and management methods are governed by the configuration by the User or administrator and by the specifications, terms, privacy policies, and other rules of the relevant external integration destination. Except in cases of our intentional misconduct or gross negligence, we are not responsible for the handling of information by external integration destinations configured by Users or administrators.

Article 8 (Provision to Third Parties)

  1. We will not provide personal data to third parties except in the following cases:
    • When the data subject has consented
    • When required by law
    • When necessary to protect a person's life, body, or property and it is difficult to obtain the data subject's consent
    • When especially necessary to improve public health or promote the sound growth of children and it is difficult to obtain the data subject's consent
    • When cooperation is necessary for a national government agency, local public body, or a person entrusted by them to perform legally prescribed affairs, and obtaining the data subject's consent may impede the performance of such affairs
    • When the provision is made through outsourcing, business succession, joint use, or other cases that do not constitute provision to a third party under the APPI or do not require consent as third-party provision
    • When otherwise permitted by the APPI or other laws and regulations
  2. If the creation or retention of records is required by law, we will create and retain records of provision to third parties or receipt from third parties to the extent necessary.

Article 9 (Security Measures)

  1. We will endeavor to implement necessary and appropriate security measures, including access controls, encryption of communications, permission management, log collection, and vendor management, to reduce risks such as leakage, loss, damage, unauthorized access, and unauthorized use of User Information.
  2. The details of security measures will be reasonably determined by us based on the content of the Services, handled information, technical standards, operational status, risks, specifications of external services, and other circumstances.
  3. Details of security measures will be disclosed within a reasonable scope upon inquiry. However, we may withhold disclosure of matters that could interfere with the security management of the Services or User Information, matters that constitute our or a third party's confidential information, or other matters that are inappropriate to disclose.
  4. Information security is also governed by our separately established Security Policy.

Article 10 (Retention Period and Deletion)

  1. We retain User Information to the extent necessary to achieve the purposes of use.
  2. Even after the purposes of use have been achieved, we may retain User Information to the extent reasonably necessary for legal compliance, billing and payment handling, prevention of unauthorized use, security response, disaster recovery, audits, dispute resolution, backups, log management, and other purposes related to providing and operating the Services.
  3. Information that is technically or operationally difficult to delete immediately, such as backups, logs, caches, data stored on external services, and similar information, will be deleted or overwritten sequentially in accordance with methods and periods reasonably determined by us.
  4. Except where required by law, we have no obligation to retain User Information for any specific period, restore deleted data, or individually delete data from backups.

Article 11 (Use of Statistical Information, etc.)

We may create statistical information, aggregated information, or analysis results by processing collected User Information so that individuals cannot be identified, and may use such information for improving the Services, enhancing quality, developing features, analyzing usage, sales materials, explanatory materials, and other purposes we deem appropriate.

Article 12 (Requests for Disclosure, etc.)

  1. Users may, in accordance with the APPI, request notification of purpose of use, disclosure, disclosure of third-party provision records, correction, addition, deletion, suspension of use, erasure, suspension of provision to third parties, or other requests permitted by law regarding retained personal data held by us.
  2. Requests shall, in principle, be made through the contact window in Article 17 of this Policy. We may require identity verification, verification of authority of representation, identification of the requested subject matter, submission of required documents, and other procedures prescribed by us.
  3. We may refuse all or part of a request if identity or authority of representation cannot be verified, the requested subject matter cannot be identified, the request lacks grounds, we are not required to respond under law, the request may harm our or a third party's rights or interests, the request may materially interfere with the proper operation of the Services, or refusal is otherwise permitted by law.
  4. If we refuse a request or take measures different from the request, we will notify the User accordingly and explain the reason to the extent necessary in accordance with law.
  5. For requests where fees are permitted by law, such as notification of purpose of use, disclosure, or disclosure of third-party provision records, we may charge fees to the extent necessary for administrative processing. If fees are incurred, we will notify the amount or calculation method in advance.

Article 13 (Response to Leakage, etc.)

If leakage, loss, damage, or any other incident requiring response under the APPI occurs or is suspected regarding personal data, we will, based on the details of the incident, scope of impact, cause, risk of secondary damage, legal requirements, and other circumstances, take appropriate measures as necessary, including investigation of facts, prevention of damage expansion, prevention of recurrence, notification to data subjects, public announcement, reporting to the Personal Information Protection Commission or other relevant authorities, and other appropriate responses.

Article 14 (Minors, etc.)

If a User is a minor, adult ward, person under curatorship, or person under assistance and does not have the capacity necessary to consent to this Policy or use the Services, the User shall use the Services with the consent or involvement of a parent, legal representative, curator, assistant, or other person with necessary authority.

Article 15 (Relationship with This Policy and Other Rules)

  1. The handling of User Information is governed by this Policy as well as the Terms of Service, Cookie Policy, Security Policy, AI Usage and Training Policy, and other rules established by us.
  2. If this Policy conflicts with an individual policy or a display in the Services, the individual policy or display will prevail only if it expressly states that it prevails over this Policy.

Article 16 (Changes to This Policy)

  1. We may change this Policy due to changes in laws, changes in business operations, changes in the specifications of the Services, changes in external services, security needs, operational needs, or other circumstances.
  2. The changed Policy will take effect when notified or disclosed by posting on the Services, posting on our website, or by any other method we deem appropriate.
  3. For changes that require user consent or other special procedures under law, we will take necessary actions in accordance with law.
  4. If a User continues to use the Services after this Policy is changed, the User will be deemed to have agreed to the changed Policy, except where separate procedures are required by law.

Article 17 (Business Information and Contact)

  • Business name: Sota Konno
  • Address: As stated on the page under the Specified Commercial Transactions Act
  • Contact window: As a general rule, please use the "Contact" form at the bottom of the page
  • Email: support[at]tokoseki.com
    Replace [at] with @

Article 18 (Last Updated)

Last updated: 2026/05/01

This service is provided for users in Japan.

If you are accessing from outside Japan, the access may take longer.