Privacy Policy | Dr. AISEO

PRIVACY POLICY

Privacy Policy

Last Updated: May 2025

Dr. AISEO Inc. (the "Company") handles personal information within the scope of the purposes set out below and will respond promptly to inquiries from data subjects.

"Personal information" in this Policy refers to information that can identify a specific individual, as defined under Japan's Act on the Protection of Personal Information ("APPI").

1Purposes of Use

Information collected indirectly (other than written documents)

Information stored on our servers in connection with service operation

  • To operate, maintain, improve, and develop new features of our services
  • To use as anonymized statistical information

Purposes for disclosed personal information

Information relating to customers and business partners

  • To perform outsourced campaign operations and related tasks
  • To send newsletters, coupons, and incentives to service users
  • To create and provide statistical data and reports
  • To conduct sales activities (communications, meetings, etc.) and administrative procedures including contracts and billing

Information from people who request materials, make inquiries, or attend events

  • To handle inquiries, send materials, and manage event attendees
  • To provide information about the Company's and its group companies' services and events
  • To conduct surveys and monitor panels

Information related to recruitment and employee management

  • To conduct recruitment and employment-related operations, and to manage HR for employees (including former employees)

2Disclosure to Third Parties

The Company may share personal information with group companies or contracted service providers after following the procedures required by applicable law. Otherwise, we will not disclose or provide personal information to third parties except in the following cases:

  • With the user's consent
  • When required by legal order or mandate
  • When necessary to protect someone's life, body, or property and obtaining consent is difficult
  • When outsourcing to an external contractor under a confidentiality agreement
  • In connection with a business succession (merger, transfer, etc.)
  • When necessary to provide information to a financial institution for payment processing

3Handling of Google User DataCompliance with Google API Services User Data Policy

Our service provides sign-in via Google Account and Google Analytics integration. Google user data handled through these features is treated in compliance with the Google API Services User Data Policy, including its Limited Use requirements.

Google user data we collect

Google Sign-In (via Firebase Authentication)

  • Scopes: email, profile
  • Data collected: email address, display name, profile picture URL, Google Account identifier (sub / Firebase UID)

Google Analytics integration (enabled by the user at their discretion)

  • Scopes: https://www.googleapis.com/auth/analytics.readonly, openid, email, profile
  • Data collected: email address, Google Account identifier, read access to report data (sessions, traffic sources, conversions, etc.) for GA4 properties the user has authorized, OAuth refresh tokens and access tokens

Purposes of use

  • Sign-in data: user authentication, creating and updating accounts within our service, displaying name and profile picture in the service interface
  • Google Analytics data: to display reports for the GA4 properties connected by the user within our service interface

Disclosure to third parties

We do not sell, lend, or share Google user data with any third party for independent purposes. The only processors of such data are Google Cloud Platform and Firebase Authentication (both operated by Google), which form part of our infrastructure.

Storage and protection

  • Google user data is stored in a managed PostgreSQL database (within a private network) on Google Cloud Platform.
  • Data in transit is encrypted with TLS 1.2 or higher.
  • Data at rest is encrypted at the storage layer using AES-256.
  • OAuth refresh tokens are additionally encrypted at the application layer using AES-256-GCM before storage.
  • Access to production environments is restricted to authorized personnel protected by SSO and multi-factor authentication, and all operations are logged.

Retention and deletion

  • Profile information from sign-in is retained for as long as the user account is active.
  • OAuth tokens for Google Analytics integration are retained until the user disconnects the integration. Upon disconnection, tokens are revoked with Google and deleted from our database.
  • Users may request deletion of their personal information including Google user data by emailing info@dr-aiseo.com (weekdays 10:00–17:00 JST). We will process the deletion within a reasonable period in accordance with applicable law.
  • Users may revoke the Company's access to their Google Account at any time via https://myaccount.google.com/permissions.

Limited Use of Google User Data

Our use of information obtained from Google APIs complies with all provisions of the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we adhere to the following:

  • Google user data is used only to provide and improve the user-facing features described under "Purposes of use" above.
  • We do not transfer Google user data to third parties except to provide or improve those features, to comply with applicable law, or in connection with a business succession (with prior notice to users).
  • We do not use Google user data for advertising purposes, including targeted advertising, retargeting, or interest-based advertising.
  • We do not allow humans (including Company employees) to read Google user data except where the user has given explicit consent, where it is necessary for security investigations (e.g., investigating abuse), where required by applicable law, or where data has been anonymized or aggregated.
  • We do not sell Google user data or use it to develop, improve, or train general-purpose AI/ML models.

4Contact for Disclosure Requests

Requests for disclosure, correction, addition, deletion, or suspension of use of personal information held by the Company ("Disclosure Requests") are accepted at the following contact point.

How to Request
Please contact us at the address below. We will guide you through the required documentation and identity verification process (for the data subject or their authorized representative).
Fees
A fee (equivalent to actual costs) may apply to requests for "notification of purpose of use" and "disclosure." Details will be provided at the time of inquiry.
Department
Administration Department
Contact
info@dr-aiseo.com
Hours
Weekdays 10:00–17:00 JST