Privacy Policy

Established: July 29, 2023 Revised: July 14, 2026 Qualiteg Inc. (the "Company," "we," "us" or "our")

Note on this translation: This page is an abridged English translation of our Privacy Policy, provided for reference purposes only. The official and authoritative version is the Japanese version. In the event of any discrepancy between this translation and the Japanese original, the Japanese version shall prevail.

As a company that strives to "create new value that does not yet exist in the world," we regard the protection of personal information as a foundation of our business activities. Based on the following basic principles, we handle personal information and other information obtained through all products and services we provide (collectively, the "Services"), our websites, and our recruiting activities in an appropriate manner.

Basic Principles

  1. We specify the purposes for which personal information is used, handle it only within the scope of those purposes, and prevent use beyond those purposes.
  2. We obtain personal information by lawful and fair means.
  3. Except as required by law, we do not provide personal information to third parties without the consent of the individual.
  4. We take necessary and appropriate security measures to prevent and remedy the leakage, loss, or damage of personal information.
  5. We enable individuals to be appropriately involved with their own personal information and strive to keep it accurate and up to date.
  6. We comply with the Act on the Protection of Personal Information and other applicable laws and internal rules, and continuously review and improve our handling of personal information.
  7. We maintain a contact point for complaints and inquiries regarding the handling of personal information.

Article 1 (Scope)

This Policy applies to the handling of all personal information and other user-related information that the Company obtains through the Services, our websites, and our recruiting activities.

Article 2 (Information We Collect)

We collect the following information.

  1. Account information: name, email address, password (stored as an irreversible hash), organization name, and plan type
  2. Payment-related information: cardholder name, last four digits and expiration date of the credit card, billing information, and payment history (the card number itself is handled by the payment processor set forth in Article 7 and is not retained by the Company)
  3. Communication metadata and access logs (for services that relay users' communications): source IP address, connection date and time, tunnel identifiers, assigned hostnames, transfer volume, destination port numbers, protocol types, disconnection causes, and error logs
  4. Technical information: versions of software provided by the Company, OS type, user agent, and device information
  5. Website usage information: browsing activity on our websites (URLs accessed, content viewed, referral paths, etc.), information obtained via cookies and similar technologies, and attribute information that cannot identify an individual
  6. Inquiry information: the content of inquiries, opinions, media requests, etc., and related correspondence records
  7. Job applicant information: application documents, work history, and other information related to the selection process (including information obtained through partner recruiting agencies)
  8. Business partner information: information necessary for the performance of outsourcing and other business transactions

Article 3 (Purposes of Use)

We use the information we collect for the following purposes.

  1. To authenticate users and to provide, maintain, and protect the Services
  2. To bill usage fees and to send important notices (maintenance, outages, changes to terms, security notices, etc.)
  3. To detect, investigate, and prevent fraudulent use and violations of the terms of service (relaying unauthorized access, duplicate applications, etc.)
  4. To improve service quality, respond to failures, develop new features and services, and conduct marketing
  5. To create and analyze statistical data processed into a form that cannot identify individuals
  6. To provide information about the Services, campaigns, surveys, monitoring programs, media coverage, etc. (you may opt out of such communications at any time)
  7. To deliver or display advertisements and content based on attribute information, device information, location information, etc.
  8. To provide information to partner companies based on the user's consent
  9. To confirm and respond to inquiries and feedback
  10. To provide information to, communicate with, and evaluate applicants in our recruiting process
  11. To perform outsourcing and other business transactions
  12. To comply with applicable laws and regulations

Article 4 (Secrecy of Communications; Handling of Communication Content)

  1. In providing communication relay services (services that relay communications between users' systems and external parties), the Company does not view, obtain, store, or provide to third parties the content of communications sent or received by users through tunnels (including prompts and responses exchanged via AI integration features) beyond the scope technically necessary for relay processing.
  2. In accordance with the intent of the provisions on the secrecy of communications under the Telecommunications Business Act of Japan, the Company does not use information subject to the secrecy of communications except in any of the following cases:
  3. where the individual and explicit consent of the user has been obtained;
  4. where responding to compulsory process under law (such as investigations based on a warrant); or
  5. where the use constitutes a legitimate business activity necessary to provide and maintain the Services (failure response, bandwidth control, detection and blocking of cyber attacks, etc.).
  6. Processing under item 3 of the preceding paragraph is performed mechanically and only to the minimum extent necessary to achieve its purpose.

Article 5 (Transmission to External AI Services via AI Integration Features)

  1. When a user uses the AI integration features of our Services (MCP integration and other features that transmit data to external AI services based on the user's configuration), data on the connected systems is transmitted to external AI services (services provided by third parties such as Anthropic and OpenAI) in accordance with the user's configuration.
  2. Such transmission is performed based on the user's own instructions and configuration, and does not constitute a third-party provision by the Company for its own purposes. The handling of the transmitted data by the external AI service is governed by that service's privacy policy and terms of use.
  3. When including personal information in data subject to AI integration features, users are responsible for obtaining the consent of the individuals concerned and completing any other procedures required under the Act on the Protection of Personal Information.

Article 6 (Provision to Third Parties)

We do not provide personal data to third parties without the prior consent of the individual, except in any of the following cases:

  1. where required by law (including lawful disclosure requests from courts, public prosecutors, the police, or authorities with equivalent powers);
  2. where necessary to protect a person's life, body, or property and it is difficult to obtain the individual's consent;
  3. where particularly necessary to improve public health or promote the sound development of children and it is difficult to obtain the individual's consent;
  4. where cooperation with a national or local government agency, or a party entrusted by such an agency, is necessary for the performance of duties prescribed by law, and obtaining the individual's consent would risk impeding the performance of those duties; or
  5. where personal data is provided in connection with a business succession due to a merger, business transfer, or other similar event.

Article 7 (Outsourcing; Handling of Payment Information)

  1. We may outsource all or part of the handling of personal data to third parties (cloud infrastructure providers, payment processors, etc.) to the extent necessary to achieve the purposes of use. In such cases, we appropriately select the contractors, exercise necessary and appropriate supervision to ensure the secure management of personal data by the contractors, and remain responsible for their handling of personal information.
  2. Payment processing for the Services is performed through payment processors engaged by the Company (such as Stripe). Credit card numbers and security codes are obtained directly by the payment processor and are not retained on the Company's servers.

Article 8 (Data Storage Location)

  1. We store personal data and access logs obtained through the Services on servers and in data centers located in Japan.
  2. We do not provide personal data to third parties located in foreign countries (Article 28 of the Act on the Protection of Personal Information). However, this does not apply where data is transmitted to external AI services based on the user's own configuration pursuant to Article 5; the selection of such destinations is the user's responsibility.

Article 9 (Security Measures)

We take the following measures to prevent the leakage, loss, or damage of personal data and to otherwise ensure its secure management.

  1. Organizational measures: appointment of a personal information protection officer, recording of handling status, and periodic inspections
  2. Personnel measures: confidentiality obligations and training for employees
  3. Physical and technical measures: encryption of communications (TLS), encryption of stored data, access control and least-privilege permissions, defense in depth, and recording and monitoring of access logs
  4. Understanding of the external environment: storing personal data within Japan to avoid risks arising from foreign legal systems (see Article 8)

Article 10 (Retention Period and Deletion)

  1. After a user's withdrawal, we delete account information without undue delay, except during the recovery grace period set forth in the terms of service and for the period necessary for legal retention obligations and dispute resolution.
  2. Communication metadata and access logs are retained for 13 months from acquisition in principle, and are then deleted except for statistical information that cannot identify individuals. However, retention may be extended as necessary for investigating fraudulent use, responding to legal disputes, or fulfilling legal obligations.
  3. Payment-related records are retained for the periods prescribed by law (tax law, bookkeeping obligations, etc.).
  4. Job applicant information is deleted after a reasonable period following the end of the selection process.

Article 11 (Handling under Corporate Contracts)

  1. Where the Services are used under a contract with a corporation or other organization, the administrator of that contract may be able to view the usage status of managed accounts (connection history, transfer volume, configuration, etc.).
  2. In such cases, the Company handles personal data on behalf of the contracting organization, and notification of purposes of use and similar communications to the users of managed accounts are the responsibility of the contracting organization.

Article 12 (Cookies and External Transmission)

  1. On the Services and our websites, we use cookies and similar technologies to improve convenience, analyze usage, and deliver advertisements and content, and may obtain attribute information, device information, and browsing history that cannot identify individuals. For logged-in users, browsing history may be used for the delivery and display of advertisements and content with the individual identified.
  2. Our websites use access analysis tools and similar services, which may cause browsing history and other information to be transmitted from the user's device to the providers of those tools. The details of the information transmitted, its recipients, and the purposes of use are published on the "External Data Transmission" page of our website (Japanese).
  3. Users may refuse cookies through their browser settings; however, some features of the Services may become unavailable as a result.

Article 13 (Requests for Disclosure, Correction, Suspension of Use, etc.)

  1. Individuals may request, in accordance with the Act on the Protection of Personal Information, the disclosure, correction, addition, or deletion of their retained personal data, the suspension of its use or its erasure, and the suspension of its provision to third parties. Please contact the contact point set forth in Article 15. After verifying the requester's identity, we will respond without undue delay in accordance with applicable law.
  2. We may be unable to respond to a request in any of the following cases:
  3. where there is a risk of harm to the life, body, property, or other rights or interests of the individual or a third party;
  4. where there is a risk of serious hindrance to the proper conduct of the Company's business;
  5. where responding would violate other laws or regulations; or
  6. where the response would require significant cost or would otherwise be difficult, and alternative measures necessary to protect the individual's rights and interests are taken.
  7. For disclosure requests, we may charge a fee per request as determined by the Company within the scope permitted by law.

Article 14 (Changes to This Policy)

  1. We may change this Policy in response to amendments to laws and regulations, changes to the Services, and other circumstances.
  2. The amended Policy takes effect when posted on our website. For material changes, we will provide notice before they take effect, by posting on our website or by email.

Article 15 (Contact)

For inquiries, complaints, and consultations regarding this Policy and our handling of personal information, please use the following contact point.

Personal Information Protection Officer: Privacy Policy Officer, Corporate Management Division, Qualiteg Inc. Contact: via the inquiry form on our website


End of document

Supplementary Provisions This Policy was established on July 29, 2023 and revised on July 14, 2026.