Privacy Policy

Technology Seed Incubation Co., Ltd. ("we," "us," or "our") operates the cloud service "Canopy" ("Service"). We recognize the protection of users' personal information as a fundamental responsibility and establish this Privacy Policy ("Policy") as set out below.

Article 1 — Definition of Personal Information

"Personal information" in this Policy refers to "personal information" as defined under Japan's Act on the Protection of Personal Information (Act No. 57 of 2003): information about a living individual that can identify a specific individual by name, email address, or other descriptor contained in the information (including information that can be readily cross-referenced with other information to identify a specific individual).

Article 2 — Types of Information We Collect

We collect the following information in connection with providing the Service.

(1) Information you provide directly: name (first and last), email address, company / organization name, job title, inquiry content and messages.

(2) Information generated automatically through your use of the Service: login timestamps, operation logs, and access history; feature usage and frequency data; IP address, browser type, and OS version; session IDs and cookie data.

(3) Content you enter or generate while using the Service: program goals, progress notes, and feedback within mentoring / coaching programs; task, KPI, and milestone data; text input to AI features (proposals, analysis requests, etc.).

Article 3 — Purposes of Use

We use the personal information we collect for the following purposes:

(1) To provide, operate, and improve the Service

(2) To manage and authenticate user accounts

(3) To respond to inquiries about the Service

(4) To process billing and payments

(5) To handle incidents and maintain security

(6) To develop new features and services, and for research and analysis

(7) To send Service-related announcements and updates

(8) To investigate and respond to violations of our Terms of Service

(9) To fulfill legal obligations

Article 4 — Management and Protection of Personal Information

We implement appropriate technical and organizational security measures to prevent unauthorized access, loss, destruction, or alteration of personal information. These measures include access controls, encrypted communications (TLS), regular security audits, and training and supervision of personnel who handle personal information.

Article 5 — Third-Party Disclosure

We will not provide personal information to third parties except in the following circumstances:

(1) Where the user has given prior consent

(2) Where required by law

(3) Where disclosure is necessary to protect the life, body, or property of a person, and it is difficult to obtain the user's consent

(4) Where disclosure is particularly necessary for improving public health or promoting the sound development of children, and it is difficult to obtain the user's consent

(5) Where disclosure is necessary to cooperate with a national or local government body or its delegate in performing duties prescribed by law

(6) Where personal information is transferred as part of a business succession (merger, split, assignment, etc.)

Article 6 — Outsourcing

We may engage third-party service providers to handle personal information to the extent necessary for operating the Service. We enter into data protection agreements with such providers and maintain appropriate oversight.

Article 7 — Provision to Third Parties Located Outside Japan

To provide the Service, we entrust the handling of personal information to the following providers located outside Japan, and personal information is accordingly transferred overseas (primarily to the United States).

(1) AI text generation and analysis: Anthropic, PBC (USA) and OpenAI, L.L.C. (USA). We send text entered or generated by users for processing. Both providers state that they do not use the submitted data to train or improve their AI models, and that they retain it only for a limited period (e.g., for abuse detection) before deletion.

(2) Email delivery: Resend, Inc. (USA). We send the recipient's name and email address for notification emails.

(3) Hosting and cloud infrastructure: some providers are located in the United States or elsewhere (our database is stored within Japan, in the Tokyo region).

(4) We enter into agreements (including data processing terms / DPAs) with these providers and exercise necessary and appropriate supervision so that protections equivalent to Japan's Act on the Protection of Personal Information are continuously maintained. Information on the destination country, its data protection regime, and the measures taken by each provider is available upon request via the contact in Article 15.

(5) For users located in the European Economic Area (EEA) or Switzerland, we carry out transfers based on appropriate mechanisms such as Standard Contractual Clauses (SCCs), in compliance with the GDPR and other applicable European data protection laws.

Article 8 — Data Retention

We retain personal information for the following periods:

(1) Active accounts — until the user requests account deletion

(2) Free trial accounts (not converted to paid) — 90 days after trial expiry

(3) After service cancellation — 90 days from the cancellation date (including deletion from backups)

(4) Information subject to statutory retention obligations — for the period prescribed by the applicable law

Article 9 — Cookies and Analytics

We use cookies on the Service and website. Cookies are used to improve convenience, for access analytics, and to improve service quality. You may disable cookies through your browser settings, but some features of the Service may become unavailable.

(2) To opt out of data collection by analytics tools, please use your browser settings or the opt-out mechanism provided by the relevant tool.

Article 10 — Disclosure of Personal Information

Users may request disclosure of their own personal information held by us. Please contact us through the inquiry channel in Article 15. We may decline disclosure in whole or in part in the following cases:

(1) Where disclosure would risk harm to the user's or a third party's life, body, property, or other rights and interests

(2) Where disclosure would significantly impede the proper execution of our business operations

(3) Where disclosure would violate applicable law

Article 11 — Correction and Deletion

If personal information we hold about a user is inaccurate, the user may request correction or deletion through the inquiry channel in Article 15. Following identity verification, we will respond within a reasonable period and notify the user of the outcome.

Article 12 — Suspension of Use

Users may request suspension of use or erasure of their personal information in the following cases:

(1) Personal information is being used beyond the stated purposes

(2) Personal information was obtained through improper means

(3) Personal information has been provided to third parties in violation of this Policy

(4) Suspension or erasure is otherwise permitted under applicable law

Article 13 — Changes to This Policy

We may revise this Policy in response to changes in law or the Service. For material changes, we will notify users in advance through the Service or by email to registered addresses. Revised policies take effect from the date announced through the prescribed method or posted on this website.

Article 14 — Compliance with Laws and Regulations

We comply with Japan's Act on the Protection of Personal Information and other applicable laws and regulations relating to personal information, and we continuously work to improve this Policy.

Article 15 — Contact

For inquiries about this Policy, or to request disclosure, correction, deletion, or suspension of use of personal information, please contact us at:

Technology Seed Incubation Co., Ltd. (operator of the Canopy service)
Email: hello@canopyhq.ai
Website: https://canopyhq.ai