Privacy Policy

Last updated: 2026-05-13

Stratum Flow LLC handles personal information for Stratum Flow in accordance with Japan's Act on the Protection of Personal Information and other applicable laws. This policy explains what we collect, why we use it, and how we protect it.

1. Personal information we collect

We may collect the following categories of information.

1.1 Information provided by users

  • Email address used for account registration and login
  • Display name used inside the service
  • Payment information processed through Stripe. We do not directly store card numbers.
  • Inquiry details for support and business communications

1.2 Information generated through service use

  • Job settings such as target URLs, keywords, and schedules
  • Run history and report content
  • Plan and billing-related information

1.3 Automatically collected information

  • IP address
  • Browser type and version
  • Device information such as OS and screen size
  • Access time and page view history
  • Information collected through cookies and similar technologies

2. Purposes of use

  1. Providing and operating the service
  2. Improving the service and developing new features
  3. Detecting, investigating, and responding to service issues
  4. Maintaining security and preventing abuse
  5. Processing billing and payments
  6. Responding to inquiries
  7. Analyzing usage in anonymized or statistical form
  8. Sending important notices and service change notifications

If we use personal information for another purpose, we will obtain prior consent where required.

3. Data sent to AI providers

  1. To generate reports, the service may send user instructions, target URL content, and related public web information to external AI provider APIs such as OpenRouter.
  2. The sent data does not include direct identifiers such as user email addresses. Processing is limited to job-related instructions and collected public information.
  3. We use AI provider APIs under terms that do not use submitted data to train models.
  4. AI providers may change without prior notice, while maintaining an equivalent or better privacy protection level.

4. Third-party sharing and subprocessors

We do not provide personal information to third parties except when the user has consented, disclosure is required by law, or disclosure is necessary for service operation through subprocessors.

Firebase / Google Cloud

Hosting, authentication, database, and serverless processing

Location: United States

Stripe, Inc.

Payment processing

Location: United States

OpenRouter and other AI providers

AI-assisted report generation

Location: United States

Serper

Web search API

Location: United States

5. International transfer

Because of the subprocessors listed above, personal information may be processed outside Japan, mainly in the United States. We take appropriate measures for international transfer under applicable Japanese privacy law.

6. Cookies and tracking technologies

  1. We use cookies for session management and authentication.
  2. We may use analytics tools such as Firebase Analytics for service improvement. Analytics data is collected in anonymized form.
  3. Users may reject cookies through browser settings, but some service functions may not work correctly.

7. Data retention

  1. Account information: while active and for 30 days after cancellation
  2. Job settings, run history, and reports: retained while active and deleted within 30 days after cancellation
  3. Access logs: up to 90 days for security purposes
  4. Payment records: retained for the period required by law
  5. Unneeded data is deleted or anonymized promptly.

8. Security measures

  • TLS encryption for all communication
  • Access control through authentication and authorization
  • Secure cloud infrastructure and database management
  • Secure handling of API keys and other secrets
  • Periodic security checks

9. User rights

Users may request disclosure, correction, addition, deletion, suspension of use, or erasure of personal information in accordance with applicable law. We will verify identity and respond within a reasonable period.

10. Minors

The service is not directed to children under 16. If we learn that a child under 16 has provided personal information, we will promptly delete it.

11. Security incidents

If leakage, loss, alteration, or similar incident involving personal information occurs or is suspected, we will investigate, mitigate, report to authorities, and notify affected individuals as required by law.

12. Additional rights for EEA and UK users

Users subject to GDPR may also have rights to data portability, objection to processing, withdrawal of consent, and complaint to a supervisory authority. Processing is based on contract performance, legitimate interests, or consent, depending on the context.

13. Changes to this policy

We may update this policy due to legal changes or changes in our business. Material changes will be announced through the service or by email where appropriate. The updated policy takes effect when posted on this page.

14. Contact

Data controller: Stratum Flow LLC. See the Commercial Disclosure.

Contact: support@stratum-flow.com

Established: 2026-02-15