Privacy Policy

Effective Date: May 4, 2026
Last Updated: May 4, 2026

1. Introduction

This Privacy Policy describes how Naoki Matsukawa ("we," "us," or "our") collects, uses, and protects information when you use our internal social media management tool (the "Service").

This Service is an internal tool operated for the management of social media accounts owned by the Operator and authorized representatives. It is not a public-facing service.

Operator Information:

Name: Naoki Matsukawa
Contact Email: matsukawa@yaaha.co.jp

2. Information We Collect

2.1 Information from Connected Social Media Accounts

When you connect a TikTok account (or other social media account) to our Service through OAuth authorization, we collect:

Account identifier (username, user ID)
Profile information (display name, avatar)
Posting permissions (as authorized by you)
Content metadata (post titles, descriptions, scheduling information)
Performance metrics (views, likes, comments, follower counts)

We do not collect:

Your social media password
Direct messages or private content
Personal contact information of your followers

2.2 Information You Provide

Email address (for service account creation)
Display name
Configuration preferences

2.3 Automatically Collected Information

Login timestamps
Operation logs (for audit and security purposes)
Error logs

3. How We Use Information

We use collected information solely for the following purposes:

Service Operation: To enable scheduled posting, content management, and analytics for connected social media accounts
Account Management: To manage user authentication and authorization within our internal team
Security and Audit: To monitor for unauthorized access and maintain operation logs
Service Improvement: To analyze internal usage patterns and improve the tool

We do not use collected information for:

Marketing to external parties
Sale to third parties
Public profiling or analytics services
Any purpose outside internal social media management

4. Information Sharing

4.1 No External Sharing

We do not share, sell, rent, or trade your information with external third parties.

4.2 Service Providers

The following service providers process data on our behalf strictly for service operation:

Hetzner Cloud (Germany): Server infrastructure
Cloudflare: Network security and content delivery
Anthropic (Claude API): AI-assisted content generation
Notion: Internal account configuration management

All service providers are bound by their own privacy policies and contractual obligations to protect data.

4.3 Legal Compliance

We may disclose information if required by law, court order, or to protect our legal rights.

5. Data Storage and Security

5.1 Storage Location

Data is stored on private servers located in Helsinki, Finland (Hetzner Cloud). Backup copies are stored in geographically separated locations.

5.2 Security Measures

We implement multiple layers of security:

Encryption in transit: All communications use TLS 1.2+
Encryption at rest: Database encryption and disk-level encryption
Access control: Role-based access via Cloudflare Access and SSH key authentication
Network isolation: Private network access via Cloudflare Tunnel; server IP not publicly exposed
Audit logs: All access and operations are logged for 90 days
Secret management: Sensitive credentials encrypted using SOPS

5.3 Data Retention

Operational data: Retained while your account is active
Logs: 90 days
Backup data: 30 days
Upon account closure: Data deleted within 30 days

6. Your Rights

You have the right to:

Access: Request a copy of data we hold about your connected accounts
Correction: Request correction of inaccurate information
Deletion: Request deletion of your data and disconnect accounts
Withdrawal of Consent: Disconnect any connected social media account at any time through the Service interface
Portability: Request data in a machine-readable format

To exercise these rights, contact us at: matsukawa@yaaha.co.jp

We will respond within 30 days.

7. TikTok-Specific Disclosures

When you connect a TikTok account, we comply with TikTok's API Services Agreement and Developer Terms of Service.

7.1 TikTok Data Use

We use TikTok APIs to:

Authenticate your TikTok account (Login Kit)
Schedule and post content via Content Posting API in SELF_ONLY mode (draft posting; final publication requires manual user confirmation on TikTok)
Retrieve performance analytics

7.2 TikTok Data Sharing

TikTok data is not shared with any external party. It is used only within our internal tool.

7.3 TikTok Data Deletion

Disconnecting your TikTok account from our Service revokes our access tokens. Data associated with the account is deleted from our systems within 30 days.

8. Children's Privacy

This Service is intended for use by adults (18+) authorized by the Operator. We do not knowingly collect data from children under 13.

If we discover that data from a child under 13 has been collected, we will delete it promptly.

9. International Data Transfers

Our servers are located in Finland (EU). By using this Service, you acknowledge that data may be transferred and processed in jurisdictions outside your country.

We comply with applicable data protection laws including the General Data Protection Regulation (GDPR) and Japan's Act on the Protection of Personal Information (APPI).

10. Cookies and Tracking

This Service may use cookies and similar technologies for:

Authentication session management
User preferences

We do not use third-party tracking, analytics, or advertising cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted with an updated "Last Updated" date. Significant changes will be communicated to active users via email.

12. Contact Information

For privacy-related questions, requests, or concerns:

Naoki Matsukawa
Email: matsukawa@yaaha.co.jp

We will respond to inquiries within 30 days.

13. Governing Law

This Privacy Policy is governed by the laws of Japan, without regard to conflict of law principles.

Last Updated: May 4, 2026