Real Plug logo
JAEN
Sign upSign in
Legal

Privacy Policy

This document is an English translation provided for convenience. The Japanese version (/ja/legal/privacy) is the primary legal document, and shall prevail in the event of any inconsistency. ---

1. General Provisions

This Privacy Policy (the “Policy”) sets forth the Company’s handling policy for personal information and other data of Individual Users and Corporate Users in connection with the AI avatar-integrated SaaS platform provided by the Company (the “Service”).

The Service is intended only for Individual Users who are at least 18 years old, or businesses that can enter into contracts as corporate entities. If used by an individual, persons under the age of 18 may not use the Service. For corporate use, it is assumed that the person in charge of the contract is an adult.

2. Information We Collect

For the purposes of operating the Service, managing contracts, and ensuring safety, the Company collects the following information.

  • For Individual Users: name, email address, date of birth, payment information, usage history, etc.
  • For Corporate Users: company name, department name, name of the person in charge, email address and phone number of the person in charge, payment information
  • Credit card payment history through payment processors such as Stripe
  • Billing information necessary for tax calculation and billing processing (e.g., country/region)
  • Access logs, cookies, browser information, device information
  • Conversation content with AI avatars and LLMs (for the purposes of service quality improvement and safety audits)
  • Records of inquiries and support communications

The Company does not directly collect or store full credit card numbers; payment processing is handled by payment processors such as Stripe.

Acquisition of Information via OAuth Authentication

The Company provides login via SNS accounts (OAuth authentication) using Supabase. In such cases, the Company obtains information within the scope necessary for authentication (e.g., name, email address, profile image, etc.) from the SNS provider selected by the User (e.g., Google, GitHub, Apple, X (formerly Twitter), etc.).

Such information will be used only for login authentication and identity verification, and will be provided in accordance with the terms of use and privacy policy of the SNS provider.

3. Age Restriction and Verification

Due to the nature of the Service, including AI conversations, the Company prohibits use by persons under the age of 18.

For Individual Users, the Company verifies age by the following methods.

  1. Explicit consent at sign-up confirming that the User is at least 18 years old
  2. Verification via credit card payment (a credit card held by an adult)

For corporate use, it is assumed that the person in charge of the contract is an adult. If use or false declarations by minors are discovered, the Company will immediately suspend the account and delete data.

4. Purposes of Use

The Company uses collected information for the following purposes.

  1. Providing, operating, and improving the Service
  2. Contract management, billing and payment processing, and payment of usage fees
  3. Preventing fraud and impersonation, and maintaining security
  4. Age verification and proper enforcement of usage restrictions
  5. Improving the response quality and safety of LLMs and AI avatars (including detection of inappropriate statements)
  6. Contacting persons in charge and providing operational support for corporate contracts
  7. Legal compliance and dispute response
  8. Login processing and identity verification via SNS authentication (via OAuth, including Google, GitHub, Apple, X, etc.)
5. Data Storage and Processing

The Company manages data primarily in a server environment located in Japan (Tokyo region). However, due to the nature of cloud services, some backup data and log data may pass through servers located outside Japan.

  • Supabase: operates in the Tokyo region. Main data is stored in Japan. Some backup and authentication processing may be performed overseas.
  • Vercel: distributed using an Edge Network. Content and cookies may be temporarily stored on servers outside Japan.
6. Cross-Border Data Transfers (For Users in the EU/EEA)

Data of Users residing in the EU or EEA will be appropriately protected as Japan is recognized as an “adequacy decision” country under Japan’s Act on the Protection of Personal Information.

If data is transferred to countries outside Japan (e.g., the United States or Singapore), the Company will implement appropriate safeguards such as Standard Contractual Clauses (SCC) under Article 46 of the GDPR.

7. Handling of AI and Conversation Data

The Service provides interactive functions integrating AI models (LLMs) and VRM avatars. User input may be temporarily stored and analyzed for the following purposes.

  • Improving response quality and preventing false positives
  • Detecting high-risk statements such as self-harm, violence, or sexual expressions
  • Internal audits of usage status and confirmation of safe operation

Such data will not be used for retraining AI models by third parties. Data will be retained only for the minimum necessary period and will be deleted or anonymized promptly after the purpose is achieved.

8. Provision to Third Parties

The Company may provide data to third parties within the minimum necessary scope for the following purposes.

RecipientPurpose
Stripe, Paddle, etc.Payment processing
SupabaseDatabase management and OAuth authentication
VercelWeb delivery and hosting
SNS providers (e.g., Google, GitHub, Apple, etc.)For OAuth authentication integration
Law enforcement agencies, courts, etc.When requested based on laws

These providers will manage personal information appropriately based on contracts with the Company.

9. Cookies and Tracking Technologies

The Company uses cookies to maintain login status, analyze access, and improve security. Through the cookie banner (consent management), Users can allow or reject the use of cookies and similar technologies, except for strictly necessary cookies. These choices do not affect the core functionality or availability of the Service. However, if Users refuse cookies via browser settings including strictly necessary cookies, some functions may not operate properly.

The Company does not use analytics data for advertising delivery or personalization. Analytics may involve sending data to third parties (e.g., Google).

The Service may use cookies for the following purposes.

  • Essential functions for providing the Service (authentication, security, language preferences, etc.)
  • Understanding usage and improving the Service (analytics, etc.)
  • Advertising delivery and personalization (where applicable)

Through the cookie banner (consent management), the Company respects the User’s choices regarding the use of cookies, except for strictly necessary cookies.

Strictly necessary cookies (no consent required)

Cookies used for essential functions to provide the Service may be set without the User’s consent.

Cookie namePurposeRetention periodProviderCategory
rp_langStore language preference (to maintain /ja or /en display)1 yearCompanyStrictly necessary
rp_ccStore your cookie consent choices (categories)182 days (e.g., reject non-essential) or ~1 year (e.g., accept all)CompanyStrictly necessary
10. Data Retention Period

Even after a User deletes their account, the Company may retain data for a certain period within the scope required by laws. After the retention period ends, the Company will delete or anonymize the data in a secure manner.

11. User Rights (For Users Subject to the GDPR)

Users residing in the EU/EEA have the following rights.

  • Right of access to data
  • Right to request correction or deletion
  • Right to request restriction of processing or to object
  • Right to request data portability

Such requests will be accepted at the contact point described below.

12. Security Measures

The Company implements the following measures to protect user data.

  • SSL/TLS encryption of communication channels
  • Access control and retention of authentication logs
  • Periodic vulnerability assessments and security updates
  • AI monitoring through detection of inappropriate statements
  • Education of relevant personnel regarding personal information protection
13. Prohibition of Use by Minors

The Service prohibits use by individuals under the age of 18. If registration or use by a minor is discovered, the Company will suspend the account and delete data.

For corporate use, it is assumed that the person in charge of the contract is an adult, and if operations by a minor person in charge are discovered, the same measures may be taken.

14. Revisions to This Policy

The Company may revise this Policy in response to changes in laws or changes to the Service. Revisions shall take effect at the time the revised content is posted on the Company’s website.

15. Governing Law and Jurisdiction

The interpretation and application of this Policy shall be governed by the laws of Japan. If any dispute arises in connection with the Service, the Osaka District Court shall have exclusive jurisdiction as the court of first instance.

16. Contact Point
  • Company name: Sun-O-Ring Co., Ltd.
  • Address: 2-1-1 Edobori, Nishi-ku, Osaka-shi, Osaka 550-0002, Japan
  • Email: info@realplug.app
  • Department or person in charge (Personal Information Protection Manager): Ichiro Takenaka (Representative Director)