basicmath LLC (hereinafter referred to as the “Company”) establishes this Privacy Policy (hereinafter referred to as the “Policy”) regarding the protection of personal information related to users of the Company’s AI SaaS platform services, including “mitsumonoAI” (hereinafter referred to as the “Service”). The Company will handle personal information appropriately based on this Policy.
However, this Policy does not apply when the Company provides the Service to a business entity, and that entity handles the information of its own customers. In such cases, the Company’s use of such information shall be governed by the agreement related to the Service for business use.
1. Categories of Personal Information Collected
The Company collects the following types of personal information about customers:
(1) Account Information
Information related to the customer’s account for the Service, including name, date of birth, address, email address, account ID and password, authentication information, payment information, and transaction history.
(2) Input Information
Information relating to the individual customer that is provided to the Company when the customer enters or transmits data through the Service (including text, images, audio, files, etc. uploaded by the customer).
(3) Contact Information
Information related to inquiries or communication from the customer to the Company (including the content of inquiries and contact details).
(4) Log Information
Information automatically transmitted from the customer’s browser or device when using the Service (including browser details, language settings, time zone, country, IP address, timestamp of requests, and user agent details).
(5) Device Information
Information regarding the device used to access the Service (including device type, OS, identifiers, browser details, etc.).
(6) Location Information
Information about the geographic region where the Service was used, based on the customer’s IP address or other data.
(7) Cookie and Similar Information
Please refer to the separately defined “Cookie Policy” for more details.
(8) Other Information
Publicly available information from the internet.
2. Purpose of Use
The Company collects and uses personal information within the scope of the following purposes (hereinafter referred to as the “Purposes of Use”):
(1) To analyze and maintain the Service (including user authentication and billing)
(2) To improve, develop, and research the Service and new features
(3) To conduct marketing research and analysis, and to plan and implement marketing strategies
(4) To contact or notify users regarding changes to the Service or new features (including responding to inquiries)
(5) To prevent illegal or fraudulent use of the Service
(6) To fulfill legal obligations imposed on the Company
The Company may also aggregate or anonymize personal information to create statistical data (hereinafter referred to as “Statistical Information”) for the above purposes. Unless permitted by law, Statistical Information will be retained and used in a non-identifiable format and will not be re-identified or subjected to re-identification attempts.
Additionally, the Company may use personal information for training AI models within the Service, only in the minimum necessary scope, and only in the following cases:
(a) When there is a suspected violation of the Terms of Use or applicable law, and the matter is under review
(b) When the customer explicitly agrees to the use of their personal information for model training
(c) When evaluating the quality of AI models using Statistical Information
The Company may also collect and use personal information for the above purposes within its group companies (including the Company, its parent company, subsidiaries, and affiliates). For a current list of group companies, please refer to the “Group Company List” provided separately.
3. Provision to Third Parties
(1) Service Providers
The Company may provide customers’ personal information to third parties that offer services necessary to perform or provide certain functions or services related to the Service. Such third parties may include cloud service providers, hosting providers, payment processors, analytics service providers, security monitoring providers, and others.
(2) Business Successors
In the event of a transfer or succession of the Service business due to corporate restructuring or other reasons, the Company may provide customers’ personal information to the transferee or any party supporting such transfer.
(3) Group Companies
The Company may provide customers’ personal information to its group companies. In such cases, the group companies shall handle the information in accordance with this Policy.
Aside from the above cases, the Company shall not provide customers’ personal information to any third party without the customer’s prior consent, unless any of the following applies:
(a) When required by law
(b) When necessary to protect the life, body, or property of an individual and obtaining consent is difficult
(c) When particularly necessary for improving public health or promoting the sound development of children, and obtaining consent is difficult
(d) When cooperating with a national or local government agency or its contractor in executing legally mandated duties, and obtaining consent could hinder the execution of such duties
(e) When otherwise permitted by law
The Company may also provide personal data to third parties located in countries outside of Japan. As of the effective date of this Policy, country-specific information that may be relevant is as follows:
(i) United States
For information about the data protection regime in the United States, please refer to the Personal Information Protection Commission (PPC):
https://www.ppc.go.jp/enforcement/infoprovision/laws/offshore_report_america/
(ii) EU member states and EEA countries (Iceland, Norway, Liechtenstein)
For information about the data protection regime in the EU, please refer to:
https://www.ppc.go.jp/enforcement/infoprovision/EU/
Please note that while the Company endeavors to select appropriate service providers as necessary, there may be cases in which the specific service provider and its country of residence have not yet been identified. In such cases, the Company may begin entrusting personal data to service providers located in countries not listed above without obtaining additional consent from the customer.
When providing personal information to third parties in foreign countries that have implemented safeguards equivalent to those required of personal information handling businesses under Japanese law, the Company takes necessary steps to ensure the continued implementation of such safeguards.
In addition, for personal data transfers from within the European Union, the Company ensures either that the destination country has received an adequacy decision or that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place. For details regarding the Company’s safeguards, please contact the inquiry desk listed in Section 12.
4. Joint Use
The Company may jointly use personal information as follows:
(1) Items subject to joint use
As described in Section 1
(2) Purpose of joint use
As described in Section 2 (Purposes of Use)
(3) Scope of joint users
Group companies of the Company (see “Group Company List”)
(4) Entity responsible for management
basicmath LLC (Head Office: 3F Ogawa Kyoto Building, 255 Kugikakushi-cho, Shimogyo-ku, Kyoto; General Affairs Department: Minami Kato)
5. Retention Period
The Company retains personal information only for as long as necessary to provide the Service, resolve disputes, ensure safety and security, comply with legal obligations, or for other legitimate business purposes.
The retention period may vary depending on factors such as:
(i) the purpose of processing the personal information
(ii) the volume, nature, and sensitivity of the data
(iii) potential risks arising from unauthorized use or disclosure
(iv) applicable legal requirements the Company must comply with
6. Security Measures
The Company implements necessary and appropriate measures to prevent leakage, loss, or damage of personal information it handles and to ensure the security of such information. These measures include, but are not limited to, TLS encryption, access control, multi-factor authentication, vulnerability management, and the establishment of incident response procedures.
For more information about the security measures implemented by the Company, please contact the inquiry desk listed in Section 12.
7. Requests for Disclosure, etc.
Customers have the following rights regarding the personal information handled by the Company:
(1) The right to access information about their personal data and how it is processed
(2) The right to request correction of inaccurate personal information
(3) The right to request deletion of personal information held by the Company
(4) The right to request restriction of the processing of their personal information
(5) The right to request the transfer of their personal information to a third party
(6) The right to withdraw previously given consent
(7) The right to object to the processing of their personal information
(8) The right to file a complaint with the supervisory authority in their place of residence
Customers may exercise the above rights by contacting the Company’s inquiry desk and completing the prescribed procedures. For details on the procedures, please contact the inquiry desk listed in Section 12.
To prevent unauthorized access, alteration, or deletion of customers’ personal information, the Company may request verification of the customer’s identity. If the customer does not have an account with the Company, or if fraudulent or malicious activity is suspected, the Company may request additional personal information for verification purposes. If identity verification cannot be completed, the Company may not be able to respond to the customer’s request to exercise their rights.
Please note that even if the customer exercises their rights, the Company will not treat the customer unfairly in connection with the provision of the Service, except where there is a justifiable reason, such as when exercising such rights makes it unavoidably impossible to continue providing the Service.
8. Children Users
The Service is not intended for children under the age of 13. The Company does not knowingly collect personal information from children under the age of 13.
If the Company determines that a child under the age of 13 has provided personal information through the Service, please contact the inquiry desk listed in Section 12. Upon confirming and investigating the inquiry, and if deemed appropriate by the Company, the Company will delete such personal information from its records.
If you are under the age of 18, you must obtain the consent of a parent or other legal guardian to use the Service.
9. Use of Cookies
The Company uses cookies and other similar technologies for tracking and analytics in connection with the provision of the Service.
For more details, please refer to the Company’s separately established “Cookie Policy.”
10. Legal Basis for Data Processing
Purpose of Processing | Types of Personal Information Processed | Legal Basis |
|---|---|---|
To analyze and maintain the Service | Account information, Input information, Contact information, Log information, Device information, Location information, Cookie and similar information | Necessary for the performance of a contract with the customer |
To improve, develop, and research the Service, including new feature development | Account information, Input information, Contact information, Log information, Device information, Cookie and similar information | Necessary for the legitimate interests of the Company, third parties, or broader society |
To conduct marketing research and analysis, and to plan and implement marketing strategies | Account information, Input information, Contact information, Log information, Device information, Location information, Cookie and similar information | Necessary for the legitimate interests of the Company, third parties, or broader society |
To provide information or notifications regarding changes to the Service or new features | Account information, Contact information, Log information, Device information, Cookie and similar information | 1. Necessary for the performance of a contract with the customer2. Customer consent obtained when processing personal information for specific contact purposes |
To prevent illegal acts and unauthorized use of the Service | Account information, Input information, Contact information, Log information, Device information, Location information, Cookie and similar information | 1. Necessary to comply with legal obligations2. Necessary for the legitimate interests of the Company and third parties |
To fulfill legal obligations imposed on the Company | Account information, Input information, Contact information, Log information, Device information, Location information, Cookie and similar information | 1. Necessary to comply with legal obligations (e.g., retaining transaction records)2. Necessary for the legitimate interests of the Company, third parties, or broader society |
11. Special Notes Regarding CRPA
The Company does not “sell” customers’ personal information or “share” it for targeted advertising purposes (cross-context behavioral advertising).
The Company also does not process customers’ sensitive personal information beyond the scope of the stated purposes of use.
12. Contact Information
For opinions, questions, complaints, or other inquiries regarding the handling of personal information, please contact the following:
Address:
3F Ogawa Kyoto Building, 255 Kugikakushi-cho, Shimogyo-ku, Kyoto 600-8423, Japan
Company: basicmath LLC
Email: privacy@mitsumono.ai
13. Changes to This Policy
The Company may update this Policy from time to time.
Unless otherwise required by applicable laws to notify users by other means, the Company will announce the revised Policy and its effective date by posting it on the Company’s website or by other appropriate means.