Privacy Policy · Nippon Pulse
Privacy Policy
This policy sets out how Nippon Pulse (this "Site") handles personal information, in line with the Act on the Protection of Personal Information. You can register on this Site with a single email address, but you can also browse without registering.
Version: 0.1.1 (draft)Last updated: 2026-05-23
This policy is a draft prepared before legal review. It is published, but a final, legally settled version will be revised separately after review. Revisions will be reflected on this page, and material changes will be recorded in the revision history (at the end).
1. Information We Collect
This Site collects only the minimum information necessary to provide the service. All of it is collected voluntarily, and any item other than your email address can be added, changed, or deleted from My Page at any time.
1.1 At account registration
- Email address (for authentication and notification delivery; required)
- A record of consent to this Site's Terms of Service and Privacy Policy (date, time, and version of consent)
1.2 Optional input on My Page (collected in stages; all items optional)
- Display name (a nickname is fine)
- Household size
- Whether you are a child-rearing household
- Broad occupation category (choices such as company employee, self-employed)
- Interest categories (choices such as education, disaster prevention)
- Prefectures and municipalities of interest
- Notification frequency settings
- Individual consent items (on/off and consent date, time for monthly digest subscription, product announcements, and the like)
As a permanent operating policy: we collect no special-care-required personal information such as nationality, ethnicity, race, religion, beliefs, medical history, criminal history, or genetic information. We do not provide any form for entering such information.
1.3 Automatically collected information (when using the Site)
- Anonymous visitor identifier (visitor_hash; a one-way hash generated from your IP address; cannot identify an individual)
- Pages viewed, time of viewing, referrer URL (for statistical aggregation)
- Browser User-Agent, screen size (for display optimization)
- IP address (for rate limiting and prevention of unauthorized access; discarded immediately after hashing)
The IP address itself is not stored; only a one-way hashed value is held briefly (for rate limiting). It is not used to identify an individual user.
2. Purposes of Use
We use the information we collect only for the purposes below. If we use it for any other purpose, we obtain consent in advance.
- Account authentication (sending magic-link emails, sign-in)
- Update notifications for your areas of interest (a digest email once or twice a month; only for those who have consented)
- Product announcement emails (only for new features or major improvements; only for those who have consented)
- Improving the Site (anonymous statistical aggregation of viewing trends; no identification of individual users)
- Improving recommendation accuracy (only for those who have consented; viewing history is anonymized before aggregation)
- Prevention of unauthorized access (rate limiting, detection of abnormal access)
- Compliance with laws and regulations (responding to lawful requests)
3. Third-Party Provision
This Site does not provide users' personal information to third parties (a permanent operating policy), except in the following cases.
- Where the user themselves has consented
- Where disclosure is required by law (a court order, a formal request from an investigative authority, and the like)
- Where it is necessary for the protection of a person's life, body, or property and it is difficult to obtain the person's consent
3.1 On future provision of anonymized aggregate data
In the future, we may provide statistical aggregate data that cannot identify an individual (for example, "interest trends of child-rearing households × Chiba Prefecture") to housing makers, local governments, and the like. Even then, only data from those who have explicitly turned this on in My Page's consent management becomes subject to aggregation, and no personally identifiable information is included at all. Consent can be withdrawn at any time.
4. Subcontractors
To provide the service, this Site entrusts the handling of personal information to the following providers. Each maintains a security level equal to or higher than this Site's.
| Provider | Purpose | Location |
|---|
| Supabase Inc. | Database and authentication infrastructure | United States / Tokyo region |
| Vercel Inc. | Site hosting and CDN | United States / Tokyo region |
| Resend Inc. | Email delivery (authentication, notifications) | United States |
| Google Cloud (Imagen / Gemini API) | AI image and text generation (planned for Phase 2 and later) | United States / Tokyo region |
These subcontractors handle personal information under a service contract and are prohibited from using it for any purpose other than the entrusted one. Some of them store data in the United States, but appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place.
5. Use of cookies and localStorage
This Site uses cookies and localStorage for the following purposes. We do not use third-party advertising cookies.
- Authentication session cookie — maintaining the signed-in state (Supabase Auth; HttpOnly; Secure)
- UI settings localStorage — saving display settings such as the selected layer, zoom position, and theme
- Comparison tray localStorage — saving the list of prefectures being compared (retained after the browser restarts)
- Individual weighting localStorage — weights for your interest categories (saved locally; can be merged into the database when signed in)
- Watch list localStorage — the public code, name, and saved date/time of the municipalities you saved (stored only on this device; no registration required; contains no information that identifies an individual)
You can disable cookies / localStorage in your browser settings, but sign-in and some features will no longer be available.
6. Requests for Disclosure, Correction, Deletion, and Suspension of Use
A user themselves may request disclosure, correction, addition, deletion, suspension of use, and suspension of third-party provision of their own personal information held by this Site.
Main methods
- My Page (= /mypage) — you can edit your profile and consent settings yourself
- Contact form (= /feedback) — receives disclosure requests, withdrawal requests, and the like
- Complete account deletion — planned (compliant with GDPR and the Act on the Protection of Personal Information; coming soon)
For identity verification, we respond only to requests from your registered email address. As a rule, we respond within two weeks of the request.
6.1 Residents of the EU/EEA (GDPR applies)
Those residing in the EU/EEA may exercise the following rights under Articles 15–22 of the EU General Data Protection Regulation (GDPR). To exercise them, please use My Page or the contact form, as with the methods above.
- Right of access (GDPR Art. 15)
- Right to rectification (Art. 16)
- Right to erasure / "right to be forgotten" (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right not to be subject to automated decision-making (Art. 22)
- Right to lodge a complaint with a supervisory authority (Art. 77; the DPA where you reside)
This Site does not carry out automated profiling of users or automated decision-making with legal effect (recommendations are only a reference for display order and do not replace human judgment). We do not block access from the EU, but because the server is based in Japan, regarding transfers please refer to the safeguards such as SCCs in §4 (Subcontractors).
7. Security Measures
To prevent leakage, loss, or damage of personal information, we take the following measures.
- TLS encryption of communications (HTTPS enforced on all pages)
- Row-level security on the database (only the person can access their own data)
- Password-free magic-link authentication (no risk of password leakage)
- IP / email allowlist restrictions on administrator access
- Ongoing verification of subcontractors' compliance status such as SOC 2
8. Personal Information Manager and Business Information
BusinessDaiki Hattori (sole proprietorship)
9. Revision History
- 2026-05-21v0.1 first edition published (a draft prepared before legal review)
- 2026-05-23v0.1.1 added §6.1 (GDPR rights for EU/EEA residents) (a draft prepared before Phase 1 review)