Privacy Policy
Last updated: April 12, 2026
HanasoBridge (the "Service") takes the protection of our users' personal information seriously. This Privacy Policy explains what information the Service collects, how it is used, and with whom it is shared.
1. Information We Collect
The Service collects the following information.
1-1. Account Information
- Your email address and display name (provided when you register with an email address and password, or obtained through Google sign-in if you choose to use it)
- If you choose Google sign-in: your Google account ID (used as an authentication identifier) and your Google account profile picture
- Profile information you choose to provide (introduction, languages spoken, tags, etc.)
1-2. Session and Learning Data
- Chat logs and message history
- AI-generated session summaries
1-3. Payment Information
- Payments are processed through Stripe. Card details such as credit card numbers are handled directly by Stripe and are never stored on the Service's servers
- The Service retains only reference information such as your Stripe customer ID, subscription ID, and payment status
1-4. Usage Logs
- Access timestamps, IP address, and browser information
- Error information (collected via Sentry and used solely for debugging)
2. How We Use Your Information
We use the information we collect for the following purposes.
- Providing, operating, and authenticating access to the Service
- Matching and recommending conversation partners and learners
- Automatically generating session summaries with AI (Google Gemini)
- Supporting your learning through the AI chat assistant
- Processing payments and managing subscriptions
- Sending notifications and other communications by email (via Resend)
- Providing customer support
- Detecting errors and responding to incidents (monitored via Sentry)
- Analyzing usage to improve the Service
3. Sharing With Third Parties
We do not share your personal information with third parties without your consent, except in the following cases.
3-1. Third-Party Services Required to Provide the Service
| Service | Information shared | Purpose |
|---|---|---|
| Supabase Auth | Email address, OAuth tokens | User authentication |
| Stripe | Email address, information required for payment | Payment processing |
| Daily.co | User identifiers, call data | Providing video calls |
| Google Gemini | Session content (text) | Summary generation and chat assistant |
| Resend | Email address | Sending email notifications |
| Sentry | Error information, browser information | Error monitoring and quality improvement |
| Vercel | Access logs | Hosting and delivery |
3-2. Disclosure Required by Law
We may disclose information to the extent necessary to comply with a disclosure request made under applicable law.
4. Data Storage
- User data is stored on Supabase (PostgreSQL, running on AWS infrastructure)
- Database connections are encrypted with SSL/TLS, and data is encrypted at rest with AES-256
- After account deletion, personal information is deleted within six months, except for information we are legally required to retain for a longer period
- Payment records are retained for the period required under the Act on Specified Commercial Transactions of Japan and other applicable laws
5. Your Rights
You have the right to:
- Request disclosure of your personal information
- Request correction or deletion of your personal information
- Delete your account
- Export your data
- Opt out of marketing communications
To exercise any of these rights, please contact us at the address listed below.
6. Cookies
The Service uses cookies for the following purposes.
- Authentication cookies: used by Supabase Auth to keep you signed in. These are essential for using the Service
- Session cookies: temporarily store your settings and session information
- Analytics cookies: help us understand and improve how the Service is used
You can disable cookies in your browser settings; however, if you disable authentication cookies, some features of the Service will become unavailable.
7. International Data Transfers
The following third-party services used by the Service may store and process data outside Japan, including in the United States.
- Supabase / AWS (database and authentication)
- Stripe (payment processing)
- Daily.co (video calls)
- Google Gemini (AI processing)
- Vercel (hosting)
- Sentry (error monitoring)
- Resend (email delivery)
Each provider implements appropriate security measures in accordance with its own privacy policy and data protection practices.
8. Children's Personal Information
The Service is not directed at persons under 16 years of age. Persons under 16 may use the Service only with the consent of a parent or guardian. If we learn that we have unintentionally collected personal information from a person under 16, we will promptly delete it.
9. Changes to This Policy
We may revise this Policy without prior notice to reflect changes in applicable law or in the Service. If we make material changes, we will notify you through the Service or by email. The revised Policy takes effect when it is posted on this page.
10. Contact
For privacy-related inquiries, please contact us at support@hanaso-bridge.com.
* This document is a draft and will undergo legal review before the official release.