The operator of Sondeur (the "Operator") handles users' personal information and user data in the Sondeur service (the "Service") appropriately, in compliance with the Act on the Protection of Personal Information of Japan and other applicable laws, and in accordance with this Privacy Policy (this "Policy").
1. Information We Collect
- Email address (for account registration and sign-in authentication);
- Questions entered into the Service, phrases selected, and the contents of exploration histories (trees);
- Account information such as subscribed plan, monthly usage, and language preference;
- A hash (SHA-256) of the IP address when the Service is used without signing in. This is used to prevent abuse; the raw IP address is not stored, and hashes are deleted within 3 days of collection;
- Payment-related information. Credit card details are handled by Stripe, Inc., our payment processor; the Operator does not collect or retain card numbers.
2. Purposes of Use
- Providing the Service, authenticating users, and synchronizing data;
- Processing payments and managing subscriptions for Paid Plans;
- Preventing abuse and enforcing usage limits;
- Improving quality, addressing defects, and performing statistical analysis;
- Responding to conduct that violates the Terms of Service;
- Sending important notices concerning the Service.
3. Third-Party Provision and Entrustment
- To provide the Service, the Operator entrusts the handling of information to, or transmits information to, the following providers to the extent necessary:
- OpenAI (input text such as questions and selected phrases is transmitted to generate content);
- Supabase (authentication and data storage);
- Stripe (payment processing);
- Vercel (hosting and analytics).
- Except as set forth above or as required by law, the Operator does not provide personal information to third parties without the individual's prior consent.
4. Cookies and Local Storage
The Service uses cookies to keep users signed in, and browser local storage to store guest trees and language preferences. No third-party advertising trackers are used.
5. Retention Period
- Account information and user content are retained for as long as the account exists.
- IP address hashes are deleted within 3 days of collection.
6. Security Measures
The Operator takes necessary and appropriate measures to prevent leakage, loss, or damage of information, including encryption of communications and database access controls (row-level security).
7. Disclosure, Correction, Suspension of Use, and Deletion
Users may request disclosure, correction, suspension of use, or deletion of their personal information in accordance with applicable law. Please contact the address listed in the Commercial Disclosure. We will respond within the period prescribed by law after verifying your identity.
8. Amendments to this Policy
The Operator may amend this Policy in response to changes in law or the Service. Material changes will be announced within the Service. The amended Policy takes effect when posted on the Service.
9. Contact
For inquiries regarding this Policy or the handling of personal information, please contact the email address listed in the Commercial Disclosure.
Established: July 2, 2026