1. Introduction
KyotoTech LLC (合同会社KyotoTech) ("Company," "we," "us," or "our") is committed to protecting your privacy and handling your personal information responsibly.
This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our website (kyototech.co.jp), software products (including SaQura), and services.
Legal Framework
As a Japanese company serving international customers, we comply with:
- APPI - Japan's Act on the Protection of Personal Information (個人情報保護法)
- GDPR - EU General Data Protection Regulation (for EU/EEA residents)
- Other applicable data protection laws in your jurisdiction
In case of conflict between this Policy and applicable law, the applicable law shall prevail.
2. Data Controller Information
Data Controller
KyotoTech LLC (合同会社KyotoTech)
〒612-8083 京都市伏見区京町2丁目237-202
Kyoto, Japan
Email: support@kyototech.co.jp
Data Protection Inquiries
For questions about this Privacy Policy or our data practices, please contact:
3. Personal Information We Collect
Information You Provide Directly
| Data Category |
Data Elements |
Purpose |
Legal Basis (GDPR) |
| Contact Information |
Name, Email, Phone (optional), Message |
Respond to inquiries |
Legitimate interest / Consent |
| License Information |
Email address |
License delivery |
Contract performance |
| Account Information |
Email, License Key |
License management |
Contract performance |
Information Collected Automatically
| Data Category |
Data Elements |
Purpose |
Legal Basis (GDPR) |
| License Activation Data |
License Key, Hardware ID (hashed), Machine Name, OS/Platform, Timestamp |
License validation, prevent abuse |
Contract performance |
| Technical Logs |
IP address (anonymized), Browser type, Access times |
Security, troubleshooting |
Legitimate interest |
Information We Do NOT Collect
We explicitly DO NOT collect:
- Your encryption keys or passwords created with our Software
- Content of files you encrypt
- Usage patterns or telemetry from the Software
- Precise geolocation data
- Biometric data
- Data from children under 16
- Sensitive personal data (racial/ethnic origin, political opinions, religious beliefs, health data, sexual orientation)
4. How We Use Your Information
Purposes of Processing
| Purpose |
Categories of Data |
Legal Basis (GDPR) |
APPI Basis |
| Respond to inquiries |
Contact information |
Legitimate interest |
Specified purpose |
| Deliver licenses |
Email, License Key |
Contract performance |
Contract fulfillment |
| Validate licenses |
Activation data |
Contract performance |
Service provision |
| Prevent license abuse |
Hardware ID (hashed) |
Legitimate interest |
Fraud prevention |
| Provide technical support |
Contact info, License data |
Contract performance |
Customer service |
| Improve services |
Aggregated analytics |
Legitimate interest |
Service improvement |
| Legal compliance |
Various |
Legal obligation |
Legal requirement |
What We Do NOT Do
- No Selling: We DO NOT sell, rent, or trade your personal information to third parties for marketing purposes.
- No Profiling: We DO NOT use your personal information for automated decision-making or profiling that produces legal effects.
- No Marketing: We DO NOT send unsolicited marketing emails unless you have explicitly opted in.
5. Data Sharing & Disclosure
Service Providers
We share personal information with the following categories of service providers:
| Provider Category |
Purpose |
Data Shared |
Location |
Safeguards |
| Payment Processor (Stripe) |
Payment processing |
Email (for receipts) |
USA |
Standard Contractual Clauses |
| Hosting Provider |
Website/API hosting |
All data processed |
Japan |
APPI compliance |
Legal Disclosures
We may disclose personal information when required by law, including:
- Court orders or legal process
- Requests from law enforcement agencies
- Protection of our legal rights
- Investigation of fraud or security incidents
- Protection of the rights, property, or safety of our users or the public
Business Transfers
In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity. We will notify you of any such change.
No Other Sharing
We do not share personal information with third parties except as described in this Policy.
6. International Data Transfers
Primary Storage
Personal information is primarily stored on servers located in Japan.
Cross-Border Transfers
When we transfer personal information outside Japan, we ensure adequate protection through the following mechanisms:
| Destination |
Mechanism |
Safeguards |
| EU/EEA |
Adequacy decision |
Japanese data protection law recognized as adequate by EU |
| USA (Stripe) |
Standard Contractual Clauses (SCCs) |
Contractual data protection obligations |
| Other countries |
Case-by-case assessment |
Appropriate safeguards per APPI |
Your Consent
For transfers to countries without adequate data protection, we will obtain your explicit consent where required by APPI or GDPR.
7. Data Retention
Retention Periods
| Data Category |
Retention Period |
Basis |
| Contact form submissions |
2 years after last contact |
Business necessity |
| License activation data |
Duration of license + 1 year |
Contract fulfillment |
| Payment records |
7 years |
Japanese tax law requirements |
| Support tickets |
2 years after resolution |
Customer service |
| Security logs |
1 year |
Security requirements |
Deletion
After the retention period expires, personal information is securely deleted or anonymized.
8. Data Security
Technical Measures
We implement appropriate technical security measures, including:
- Encryption of data in transit (TLS 1.3)
- Encryption of sensitive data at rest
- Secure password hashing for authentication
- Regular security updates and patches
- Access controls and authentication requirements
- Network security measures (firewalls, intrusion detection)
Organizational Measures
- Limited access to personal information on a need-to-know basis
- Employee training on data protection
- Incident response procedures
- Regular security assessments
No Guarantee
While we implement reasonable security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
Breach Notification
In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law (APPI, GDPR).
9. Your Rights
Rights Under APPI (Japan)
Under Japan's Act on the Protection of Personal Information, you have the following rights:
| Right |
Description |
| Access (開示請求) |
Request disclosure of your personal information |
| Correction (訂正請求) |
Request correction of inaccurate information |
| Deletion (削除請求) |
Request deletion of your personal information |
| Suspension of Use (利用停止請求) |
Request cessation of use of your information |
| Third-Party Disclosure |
Request information about third-party disclosures |
Additional Rights Under GDPR (EU/EEA Residents)
If you are located in the EU/EEA, you additionally have the right to:
| Right |
Description |
| Data Portability |
Receive your data in a structured, machine-readable format |
| Restriction of Processing |
Request limitation of processing in certain circumstances |
| Object to Processing |
Object to processing based on legitimate interests |
| Withdraw Consent |
Withdraw consent at any time (where processing is based on consent) |
| Lodge a Complaint |
File a complaint with a supervisory authority |
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Response Time
- APPI: Without delay, and in any case within 2 weeks
- GDPR: Within 1 month (extendable by 2 months for complex requests)
Verification
We may require verification of your identity before processing requests.
No Fee
We will not charge a fee for reasonable requests, except as permitted by law for manifestly unfounded or excessive requests.
10. Cookies & Tracking
Cookies We Use
| Cookie Type |
Purpose |
Duration |
Consent Required |
| Essential |
Website functionality |
Session |
No (strictly necessary) |
| Language Preference |
Remember language selection |
1 year |
No (functional) |
What We Do NOT Use
- Third-party advertising cookies
- Cross-site tracking
- Social media tracking pixels
- Fingerprinting technologies
Analytics
We use privacy-first analytics that:
- Does not use cookies
- Does not track individual users
- Collects only anonymous, aggregated data
- Does not share data with third parties
11. Third-Party Services
Payment Processing (Stripe)
We use Stripe for payment processing. When you make a purchase:
- Your payment information is processed directly by Stripe
- We do not receive or store your credit card information
- Stripe is PCI DSS compliant
- Stripe's privacy policy applies: stripe.com/privacy
NuGet Package Distribution
Our Software is distributed via NuGet (nuget.org):
- NuGet's privacy policy applies to package downloads
- We do not receive personal information from NuGet downloads
Links to External Sites
Our website may contain links to external sites. We are not responsible for the privacy practices of other sites. We encourage you to read their privacy policies.
12. Children's Privacy
Age Restriction
Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16.
Parental Notice
If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.
Contact Us
If you believe we have collected information from a child under 16, please contact us immediately at support@kyototech.co.jp.
13. Changes to This Policy
Right to Update
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
Notification
We will notify you of material changes by:
- Posting the updated Policy on our website
- Updating the "Effective Date" at the top
- For significant changes, sending email notification to affected users
Review
We encourage you to review this Policy periodically.
14. Contact Us
Privacy Inquiries
For any questions, concerns, or requests regarding this Privacy Policy or our data practices:
Postal Address
KyotoTech LLC (合同会社KyotoTech)
〒612-8083 京都市伏見区京町2丁目237-202
Kyoto, Japan
Supervisory Authorities
Japan (APPI):
Personal Information Protection Commission (個人情報保護委員会)
www.ppc.go.jp
EU/EEA (GDPR):
You have the right to lodge a complaint with a supervisory authority in your country of residence.
Version History
| Version |
Date |
Changes |
| 2.0 | December 31, 2025 | Major update: Added GDPR/APPI compliance details, international transfers, data retention, expanded rights |
| 1.0 | January 2025 | Initial release |