Privacy Policy

1. Introduction

At {siteName}, we respect your privacy and take data protection seriously. This Privacy Policy outlines how we collect, use, disclose, and safeguard your data when you visit our website, in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Legal Basis for Processing

We process your personal data under the following legal bases pursuant to GDPR Article 6:

• Performance of a Contract: Processing is necessary to provide the services you request (e.g., displaying the website, responding to emails).
• Legitimate Interests: Processing is necessary for our legitimate interests in ensuring network security, preventing fraud, and maintaining the technical stability of the website.
• Consent: Where required by law, we process data based on your explicit consent (e.g., for optional cookies or newsletters).

3. Data Collection

We collect minimal data strictly necessary for the operation of our service.

• Technical Log Data: IP address, browser type, operating system, and pages visited. This data is collected solely for security auditing and diagnosing technical issues.
• Contact Information: If you voluntarily contact us via email, we store your email address solely to respond to your specific inquiries.
• No Sensitive Data: We do not intentionally collect any special categories of personal data (e.g., health data, biometric data, political opinions).

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our Service and store certain information.

• Essential Cookies: Cookies that are strictly necessary for the website to function (e.g., session tokens). You cannot opt-out of these.
• Functional Cookies: Used to remember your preferences (such as language or dark mode settings).
• Do Not Track Signals: Our systems do not currently recognize “Do Not Track” signals from web browsers.

5. How We Use Your Data

Your data is used solely for:

• Providing and maintaining the technical availability of our service.
• Detecting, preventing, and addressing technical issues and security threats.
• Responding to your direct inquiries.
• Complying with legal obligations and protecting against legal liability.

6. International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located in the EEA, strictly necessary transfers to our infrastructure providers outside the EEA are safeguarded by Standard Contractual Clauses (SCCs) or adequacy decisions.

7. Your GDPR Rights (EEA/UK Users)

Residents of the European Economic Area (EEA) have the following rights:

• Right to Access, Update, Delete: You can request access to, correction of, or deletion of your data.
• Right to Rectification: Request correction of inaccurate information.
• Right to Restrict Processing: Request to limit how we use your data.
• Right to Data Portability: Request transfer of your data.
• Right to Withdraw Consent: You have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

8. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights regarding your personal information:

• Right to Know: You have the right to request details about the categories of personal information we have collected.
• Right to Delete: You have the right to request the deletion of your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• “Do Not Sell” Info: We do not sell your personal information to third parties.

9. Third-Party Infrastructure

We utilize the following third-party infrastructure providers:

• Cloudflare: CDN, security, and privacy-preserving analytics. Privacy Policy
• Supabase: Database and backend services. Privacy Policy
• Alibaba Cloud ESA: Infrastructure and edge security. Privacy Policy

10. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. Technical log data is typically retained for a short period (e.g., 30 days) for security auditing and then deleted.

11. Data Security

We use commercially acceptable means to protect your Personal Data, including encryption in transit (SSL/TLS) and encryption at rest where applicable. However, no method of transmission over the Internet is 100% secure.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us via email.

お問い合わせ