Privacy Policy

1. Overview

This Privacy Policy explains how JapanRita collects, uses, and protects your personal information in accordance with the Act on the Protection of Personal Information (個人情報の保護に関する法律, "APPI") of Japan.

2. Data Controller

The entity responsible for processing your personal information is the operator of JapanRita as identified in the Legal Notice (Imprint) page.

3. Information We Collect

We collect the following categories of personal information:

• Account information: name, email address, preferred language
• Authentication data: password (hashed), social login identifiers (Google, LINE, Apple)
• Uploaded documents: images, PDFs, and other files you submit for translation (processed and stored encrypted)
• Payment information: processed by Stripe — we do not store credit card numbers directly
• Usage data: feature usage, upload counts, timestamps

3b. Sensitive Personal Information (要配慮個人情報)

Uploaded documents may contain sensitive personal information (要配慮個人情報) as defined by the APPI, including medical records, tax information, and other protected categories. We process such information solely for the purpose of providing translation services.

We do not acquire sensitive personal information without the user's explicit action of uploading such documents. By uploading a document containing sensitive information, you consent to its processing for translation purposes only.

4. Purpose of Use (利用目的)

In accordance with APPI Article 18, we use your personal information for the following purposes:

• Providing and operating the translation and document analysis service
• Managing your account, subscription, and billing
• Communicating service updates, security alerts, and support responses
• Improving service quality and developing new features

5. Third-Party Services

We share data with the following third-party processors, solely for the purpose of providing the Service:

• OpenAI — for AI-powered translation and document analysis (document text is sent for processing)
• Google Cloud Vision — for OCR (optical character recognition) of uploaded document images
• Stripe — for payment processing and subscription management
• Cloud hosting provider — for server infrastructure and data storage

Cross-Border Data Transfer (越境移転)

To provide our services, your personal data may be transferred to and processed in the following countries: • United States (OpenAI LLC) — For AI-powered document translation and analysis. The US maintains sector-specific data protection laws but does not have an APPI-equivalent comprehensive framework. We rely on contractual safeguards (data processing agreements) with OpenAI. • United States (Stripe, Inc.) — For payment processing. Stripe is PCI DSS compliant and maintains robust data protection measures. • United States / Global (Google Cloud) — For OCR (optical character recognition) via Google Cloud Vision API. Google maintains APPI-recognized equivalent protection measures. By using our services, you consent to the transfer of your data to these countries as described above, in accordance with APPI Article 28.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data is transmitted over encrypted connections (TLS/SSL).

7. Data Retention

We retain your personal information for as long as your account is active. Upon account deletion, your personal data and uploaded documents are permanently deleted within 30 days. Payment records may be retained longer as required by Japanese tax law (税法).

Data Retention Periods

We retain your personal data for the following periods: • Account data: Until account deletion, plus 30 days for backup removal. • Uploaded documents and translations: Until you delete them or your account is deleted. • Payment and invoice records: 7 years from the end of the fiscal year, as required by the Corporation Tax Act (法人税法) and Income Tax Act (所得税法). • AI usage logs: 12 months, then anonymized for aggregate statistics. • Email delivery records: 12 months. • Consent records: Retained for the duration of your account plus 1 year.

8. Your Rights

Under the APPI (Articles 28–34), you have the right to:

• Request disclosure of the personal information we hold about you
• Request correction of inaccurate personal information
• Request deletion of your personal information
• Request suspension of use of your personal information

9. Cookies

JapanRita uses essential cookies for session management, language preference, and authentication. With your consent, we also use Google Analytics cookies to understand how visitors use our site. You can manage your cookie preferences via the cookie banner. We do not use third-party advertising cookies.

Data Breach Notification

In the event of a data breach involving personal information, we will: • Report to the Personal Information Protection Commission (個人情報保護委員会) within 3-5 business days (preliminary report) and within 30 days (full report), as required by APPI Article 26. • Notify affected individuals promptly with details of the breach, the data involved, and remedial measures taken. • Take immediate steps to contain the breach and prevent further unauthorized access.

Privacy Inquiries and Exercising Your Rights

For privacy-related inquiries, requests for disclosure, correction, deletion, or suspension of use of your personal data (APPI Articles 28-34), please contact our designated privacy contact: Email: privacy@japanrita.app We will verify your identity and respond within 14 business days. There is no fee for disclosure requests unless the request is manifestly unfounded or excessive.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Updated versions will be posted on this page with a revised date.