Privacy Policy

Article 1 (Basic Policy)

1. Chronoter Inc. (hereinafter, the "Company") acknowledges that the protection of users' personal information and privacy is a fundamental responsibility and views the proper handling of such information as essential to building and maintaining trust with its users. Accordingly, the Company endeavors to comply with the Act on the Protection of Personal Information of Japan ("PIPA"), the General Data Protection Regulation of the European Union ("GDPR"), the California Consumer Privacy Act ("CCPA"), and other applicable laws and regulations, to the extent that such laws apply.
2. This Privacy Policy (hereinafter, the "Policy") outlines the Company's core principles and practices regarding the collection, use, and management of users' personal information in connection with the provision of the Service. Together with the Company's Terms of Service, this Policy constitutes a part of the contractual relationship between the Company and its users.

Article 2 (Definition of Personal Information)

1. For the purposes of this Policy, "personal information" means information relating to a living individual as defined in Article 2, Paragraph 1 of the Act on the Protection of Personal Information of Japan ("PIPA"). This includes, but is not limited to, names, dates of birth, email addresses, IP addresses, cookies, and other identifiers that can directly or indirectly identify a specific individual (including information that becomes identifiable when combined with other data).
2. The Company shall also appropriately handle information that does not constitute personal information on its own but could be used to identify an individual when combined with other information (hereinafter, "Quasi-Personal Information"), as well as anonymized and statistical data, to the extent such data affects the provision or operation of the Service.
3. Information such as code, documents, configuration files, and other content stored in Git repositories or similar platforms linked by the user (collectively, "User Data") does not generally fall under the definition of personal information. However, if any portion of such User Data includes personal information, it will be treated in accordance with this Policy.

Article 3 (Scope of Information Collected)

In the course of providing the Service, the Company may collect the following categories of information and shall handle such information appropriately within the scope of the purposes defined in this Policy. The information collected may include "personal information" as defined under PIPA, as well as "personal-related information," "anonymized information," and "pseudonymized information."

1. Information provided by the user: Name, organization name, job title, email address, and other information submitted by the user through forms designated by the Company.
2. Information from external service integrations: Authentication details such as user IDs, usernames, profile images, access tokens, and other related data obtained through OAuth or similar authentication mechanisms when linking external services (e.g., GitHub, Google).
3. Usage and interaction data: Access timestamps, operation logs, page navigation history, browser type and version, device and operating system details, IP address, user agent, and related technical metadata.
4. Information collected via cookies and similar technologies: Session identifiers, behavioral data, referrer information, and data gathered through tracking tools (e.g., Google Analytics). These technologies are used to enhance user experience and analyze Service usage. Users may limit or disable cookies via browser settings; however, doing so may impair the availability of certain features.
5. Payment-related information: Information related to credit card transactions processed via third-party payment service providers such as Stripe. The Company does not retain sensitive payment information (e.g., credit card numbers).
6. Technical log information: Error logs, server logs used for incident response and troubleshooting, debug logs, and other technical data necessary for maintaining and operating the Service.
7. User Data (non-personal information): Code, documents, configuration files, and other content uploaded or linked by users via the Service ("User Data"). While this data generally does not constitute personal information, it shall be treated in accordance with this Policy if it contains personal information.

Article 4 (Purpose of Use of Personal Information)

1. The Company shall use collected personal information only to the extent necessary for achieving the following purposes. Such information shall be processed in accordance with the Act on the Protection of Personal Information of Japan ("PIPA"), the General Data Protection Regulation ("GDPR"), and other applicable data protection laws, based on appropriate legal grounds for processing (e.g., user consent, performance of a contract, compliance with legal obligations, or legitimate interests).
   1. To provide, operate, maintain, and support the Service;
   2. To authenticate users, verify identity, and manage user accounts;
   3. To respond to inquiries, manage support tickets, and deliver documentation;
   4. To analyze usage, improve Service functionality, and develop new features;
   5. To conduct system maintenance, troubleshoot errors, and prevent unauthorized access;
   6. To process billing, issue invoices, and confirm payments for paid subscription plans;
   7. To investigate and respond to violations of the Terms of Service or other misuse of the Service;
   8. To comply with legal obligations and procedures, including those relating to taxation, accounting, and regulatory disclosures;
   9. To perform other activities reasonably incidental or related to the foregoing purposes.
2. If the purposes of use of personal information are changed, the Company shall make such changes only within a scope reasonably related to the original purposes, and shall notify users in advance and obtain consent if required under applicable laws.

Article 5 (Methods of Collecting Personal Information)

1. The Company may collect personal information and personal-related information through the following methods, in compliance with the Act on the Protection of Personal Information of Japan ("PIPA"), the General Data Protection Regulation ("GDPR"), and other applicable data protection laws:
   1. User submission: Information voluntarily submitted by users through forms designated by the Company, including registration and inquiry forms.
   2. External service integration: Information obtained via application programming interfaces (APIs) from third-party services (e.g., GitHub, Google) with the user's consent at the time of integration, such as authentication credentials and user profile data.
   3. Automatic collection through technical means: Information collected automatically via server logs, cookies, web beacons, tracking pixels, JavaScript tags, browser settings, and similar technologies.
   4. Third-party acquisition: Information lawfully obtained from third parties to the extent permitted by applicable laws and regulations.
2. The Company shall use collected information solely for the specific purposes for which it was collected and shall not use such information for any other purpose without an appropriate legal basis.

Article 6 (Third-Party Provision)

1. The Company may provide collected personal information to third parties only under the following circumstances, and only after implementing necessary legal procedures and safeguards in accordance with the Act on the Protection of Personal Information of Japan ("PIPA"), the General Data Protection Regulation ("GDPR"), and other applicable laws and regulations:
   1. Provision to contractors: When outsourcing functions such as Service provision, maintenance, customer support, or payment processing, the Company may provide personal information to trusted service providers. The Company shall contractually impose obligations to protect personal information and shall supervise such contractors as appropriate. Examples include: cloud infrastructure providers (e.g., AWS), payment processors (e.g., Stripe), and log analytics platforms.
   2. Provision based on legal obligations: When the Company receives a lawful request from a court, regulatory authority, police, or other government body. In such cases, only the minimum necessary information will be disclosed, with due consideration given to protecting the rights of the user.
   3. Provision with user consent: When the user has given explicit consent for the provision of their personal information to third parties other than those mentioned above.
2. Except as provided above, the Company shall not disclose or provide personal information to any third party. If personal information is to be transferred to a third party located outside of Japan, the Company shall ensure compliance with the requirements of Article 28 of the PIPA and Articles 44 et seq. of the GDPR. The Company shall confirm and guarantee that such third parties maintain an adequate level of data protection and have entered into appropriate contractual safeguards.
3. Users may direct any complaints or inquiries regarding third-party disclosures to the contact point specified in Article 12 (Inquiries Regarding Personal Information).

Article 7 (International Transfer of Personal Information)

1. The Company may transfer, store, or process personal information on servers or with third-party service providers located outside Japan, to the extent necessary for the provision of the Service. Such international data transfers shall be conducted in compliance with applicable laws and based on one or more of the following legal grounds:
   1. Users in the European Economic Area (EEA) or the United Kingdom: Transfers shall be based on the European Commission's Standard Contractual Clauses (SCCs) pursuant to Article 46 of the GDPR, or other valid transfer mechanisms offering equivalent protections, such as Binding Corporate Rules (BCRs).
   2. Transfers under the PIPA: Personal information may be transferred to third parties outside Japan after confirming that the recipient maintains a level of data protection equivalent to Japan's standards, or has implemented adequate safeguards as prescribed by the Personal Information Protection Commission.
   3. Other lawful bases: Transfers may also be made with the explicit consent of the user, or where necessary for the performance of a contract or otherwise permitted under applicable laws.
2. Transfer destinations may include cloud infrastructure providers, payment processors, and similar service vendors. The Company shall enter into appropriate confidentiality and data processing agreements with such recipients and ensure the implementation of suitable technical and organizational security measures.
3. Users may direct any inquiries or requests related to international data transfers to the contact point specified in Article 12 (Inquiries Regarding Personal Information).

Article 8 (Data Subject Rights)

1. Users have the following rights under applicable data protection laws (including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)) in relation to their personal information held by the Company. These rights may be exercised by submitting a request through the inquiry channel specified in Article 12.
   1. Right of access: The right to request disclosure of personal information held by the Company.
   2. Right to rectification or erasure: The right to request correction of inaccurate personal information or deletion of unnecessary information.
   3. Right to restriction of processing: The right to request limitation of processing in specific circumstances prescribed by law.
   4. Right to data portability: The right to receive one's personal information in a structured, commonly used, machine-readable format and to transmit such data to another data controller.
   5. Right to object: The right to object to the processing of personal information based on legitimate interests or for direct marketing purposes.
2. The Company will, in principle, respond to requests made under the GDPR within one (1) month. Where reasonably necessary, the response period may be extended by an additional two (2) months, with notice to the requester and an explanation of the reason for the delay.
3. If the Company determines that it cannot fulfill a request due to legal obligations, ongoing litigation, or the need to protect the legitimate interests of the Company or third parties, it may decline the request and provide a reasoned explanation.
4. The applicability of the rights described above may vary depending on the user's country of residence, nationality, and contractual relationship with the Company. Users residing in Japan may also exercise their rights under the Act on the Protection of Personal Information (PIPA), including the rights to access, correct, or suspend the use of their personal information.

Article 9 (Security Measures for Personal Information)

1. The Company shall implement necessary and reasonable technical, organizational, and physical security measures to prevent unauthorized access, leakage, loss, alteration, or destruction of personal information. These measures shall comply with Article 23 of the Act on the Protection of Personal Information of Japan ("PIPA"), Article 32 of the General Data Protection Regulation ("GDPR"), and other applicable data protection laws, and shall be subject to periodic review and continuous improvement.
2. Where the Company outsources the processing of personal information, it shall impose appropriate security obligations on such contractors by contract and shall monitor their compliance as necessary.
3. In the event of a data breach involving personal information, the Company shall promptly take appropriate actions in accordance with applicable laws, including reporting the incident to competent authorities, notifying affected users, and implementing corrective measures to prevent recurrence.

Article 10 (Use and Management of Cookies and Similar Technologies)

1. The Company may use cookies, local storage, web beacons, and other similar technologies (collectively, "Cookies, etc.") to operate and improve the Service, enhance user convenience, and analyze Service usage.
2. Cookies, etc. may include: Essential cookies used for session management, user authentication, and storing user preferences; and Analytics cookies used to collect data for analyzing user behavior and improving the Service.
3. The Company acknowledges that data collected through Cookies, etc. may, when combined with other information, constitute personal information or personal-related information. Such information shall be managed in accordance with applicable data protection laws and regulations.
4. Users residing in jurisdictions such as the European Economic Area (EEA), where prior consent is legally required for the use of Cookies, shall be provided with appropriate consent mechanisms in accordance with applicable laws.
5. Users may restrict or disable Cookies by adjusting their browser settings or through other methods provided by the Company. However, users acknowledge that doing so may result in certain features of the Service becoming unavailable or functioning improperly.

Article 11 (Revision of Privacy Policy)

1. The Company may revise this Privacy Policy, in whole or in part, in response to changes in applicable laws or regulations, societal conditions, technological advancements, modifications to the Service, or for other reasonable and legitimate business purposes.
2. In the event of any revisions, the Company shall post the updated Policy and its effective date on its official website or notify users through other appropriate means. If the revisions are expected to materially affect users, the Company shall provide prior notice in a clear and timely manner.
3. The revised Policy shall become effective either on the date specified by the Company or upon publication on the Company's website.
4. By continuing to use the Service after the effective date of the revised Policy, the user shall be deemed to have agreed to the revised Policy. If the user does not agree to the changes, the user may cease using the Service.

Article 12 (Inquiries Regarding Personal Information)

1. Users may submit inquiries, or requests for disclosure, correction, addition, deletion, suspension of use, cessation of third-party provision, complaints, or other consultations regarding the handling of personal information to the following contact point: 【Contact Information】 Chronoter Inc. Personal Information Protection Officer Inquiry Form: https://chronoter.com/contact
2. The Company may verify the identity of the requester prior to responding, as necessary to protect personal information and prevent unauthorized access.
3. The Company shall respond to such requests in good faith and within a reasonable timeframe and scope, in accordance with the Act on the Protection of Personal Information of Japan ("PIPA"), the General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act ("CCPA"), and other applicable laws.
4. If a user is dissatisfied with the Company's response, the user may file a complaint with the appropriate supervisory authority, such as the Personal Information Protection Commission of Japan or a data protection authority in an EU member state.

Article 13 (Disclaimer)

1. Except in cases of willful misconduct or gross negligence on the part of the Company, the Company shall not be liable for any damages incurred by the user arising from or related to any of the following:
   1. Specification changes, service suspension, defects, security vulnerabilities, or changes to the terms or availability of third-party services integrated with the Service (e.g., GitHub, Google, Stripe);
   2. Malfunctions or failures caused by the user's environment, including but not limited to devices, operating systems, browsers, or network connections;
   3. Interruptions or restrictions in the Service due to changes in applicable laws, regulations, court or administrative orders, or modifications to governmental guidelines;
   4. Failures or delays in communication lines, servers, cloud infrastructure, or other third-party systems;
   5. Natural disasters or other force majeure events, including but not limited to earthquakes, fires, floods, power outages, wars, terrorism, pandemics, or labor strikes.
2. Even if the Company is found to be liable for damages, such liability shall be limited to direct and actual damages. The Company shall not be liable for any indirect, special, incidental, consequential, or punitive damages, including lost profits, data loss or corruption, or damages arising from claims made by third parties, except in cases of willful misconduct or gross negligence.
3. The Company does not warrant that the Service will be uninterrupted, error-free, or suitable for the specific purposes of all users. The Company shall not be liable for any interruptions, discontinuations, errors, bugs, or failures in the operation of the Service, except where caused by the Company's willful misconduct or gross negligence.