Privacy Policy

Last updated: 2026-02-24

Notice

This document is originally written in Japanese. The Japanese version is the authoritative and legally binding version. An English translation is provided below for reference purposes only.

1. Introduction

Volta Networks Co., Ltd. ("Company") establishes this Privacy Policy ("Policy") regarding the handling of personal information of users of the AI service safety assessment platform "AI Assess" ("Service").

2. Information We Collect

We collect the following information:

2.1 Information You Provide

  • Email address (at account registration)
  • Password (stored encrypted)
  • Organization name (when creating an organization account)
  • Google account information (when using Google login: email address, display name)

2.2 Automatically Collected Information

  • Access logs (IP address, browser information, access time)
  • API usage logs (request information when using API keys)
  • Activity logs (in-service activity records for audit purposes)

2.3 Information from Third Parties

  • Authentication information from Google authentication services (when using Google login)
  • Payment status information from Stripe payment services (for paid plan users)

3. Purpose of Use

We use collected information for the following purposes:

  1. Providing, operating, and improving the Service
  2. User authentication and account management
  3. Processing subscription payments
  4. Service-related notifications and communications
  5. Detecting and preventing unauthorized use
  6. Usage analysis and statistics (in a non-personally identifiable manner)

4. Information Sharing and Third-Party Disclosure

We do not share personal information with third parties except in the following cases:

  1. With user consent
  2. When required by law: When disclosure is required by legal mandate

5. Data Storage and Security

  1. Personal information is stored on servers in Japan.
  2. Passwords are encrypted (scrypt) before storage; plaintext storage is never used.
  3. API keys are hashed (SHA-256) before storage.
  4. Communications are encrypted via TLS (HTTPS).
  5. The database is backed up daily.

6. Data Retention

  • Account information: Retained until account deletion is requested.
  • Activity logs: Retained for 1 year for security and audit purposes.
  • API usage logs: Retained for 90 days for usage analysis.

7. User Rights (including GDPR)

Under Japan's Act on the Protection of Personal Information and the EU General Data Protection Regulation (GDPR), users have the following rights:

  1. Right of access: Request disclosure of personal information held by us.
  2. Right to rectification: Request correction of inaccurate personal information.
  3. Right to erasure (right to be forgotten): Request deletion of personal information.
  4. Right to restriction of processing: Request restriction of processing under certain conditions.
  5. Right to data portability: Receive personal information in a structured, commonly used, machine-readable format.
  6. Right to object: Object to processing based on legitimate interests.
  7. Account deletion: Request complete account deletion (processed within 30 days).

Legal basis for processing: We process personal information based on (a) performance of contract (service provision), (b) legitimate interests (service improvement and security), and (c) compliance with legal obligations.

To exercise any of the above rights, please contact us at the address below. We will respond within 30 days after verifying your identity.

8. Cookies and Similar Technologies

The Service stores authentication tokens in the browser's local storage. This is a technically necessary measure for providing the Service and is not used for tracking purposes.

The Service uses Google Analytics (GA4) for service improvement. GA4 uses cookies to anonymously collect access information. No personally identifiable information is included. You can decline cookie usage via the consent banner displayed on screen. For details, see Google's policies.

9. Public Information of Assessed Vendors

The public information of vendors collected and analyzed by the Service (terms of service, privacy policies, security pages, etc.) is information that vendors have made publicly available on the internet. This does not constitute personal information and is outside the scope of this Policy.

10. Policy Changes

We may amend this Policy at any time. For material changes, users will be notified via Service announcements or registered email addresses.

Contact

For inquiries about personal information handling:
Volta Networks Co., Ltd.
Email: ai-assess@voltanetworks.jp

Privacy Policy — AI Assess