Privacy Policy

BabyJam Co., Ltd. (hereinafter referred to as "the Company") establishes the following privacy policy (hereinafter referred to as "this Policy") regarding the handling of users' personal information in the service "NORDER" provided on this website (hereinafter referred to as "the Service").

Article 1 (Personal Information)

"Personal Information" refers to "personal information" as defined in the Act on the Protection of Personal Information (Act No. 57 of 2003; hereinafter referred to as the "Personal Information Protection Act"), meaning information about a living individual which can identify the specific individual by name, date of birth, address, telephone number, contact information, or other descriptions contained in such information, as well as data related to appearance, fingerprints, voiceprints, and insurer numbers on health insurance cards, which can identify the specific individual from said information alone (personal identification information). The Company will handle personal data properly in compliance with the Personal Information Protection Act, other related laws and regulations, and guidelines set forth by the Personal Information Protection Commission and other guidelines.

Article 2 (Method of Collecting Personal Information)

The Company will collect personal information such as name, date of birth, address, telephone number, email address, bank account number, credit card number, driver's license number, etc., by legal and fair means when users register for use. Additionally, the Company may collect transaction records including users' personal information and payment information made between users and partners, etc., from the Company's partners (including information providers, advertisers, ad distributors, etc.; hereinafter referred to as "Partners").

Article 3 (Purpose of Collecting and Using Personal Information)

The purposes for which the Company collects and uses personal information are as follows:

1. To provide and operate the Company's services (NORDER).
2. To respond to inquiries from users (including identity verification).
3. To send emails regarding new features, updates, campaigns, etc., of the services users are currently using, as well as information about other services provided by the Company.
4. To contact users as necessary for maintenance, important notices, etc.
5. To identify users who violate the terms of service or attempt to use the service for fraudulent or unjust purposes, and to refuse their use.
6. To allow users to view, modify, delete their registration information, and view their usage status.
7. To bill users for usage fees in paid services.
8. Purposes incidental to the above purposes of use.

Article 4 (Handling of Google User Data)

When users utilize the Google account integration feature within our Service (NORDER), the Company obtains and uses the following information from Google API Services. The Company adheres to the Google API Services User Data Policy, including the Limited Use requirements.

1. Google Calendar Data

• https://www.googleapis.com/auth/calendar.readonly
  • Purpose: To display your Google Calendar list and event details (like date, time, location, description) within our application.
  • Usage: This allows you to view your calendars (e.g., "My Calendars," shared calendars) and events in various views (monthly, weekly, daily) and see the details of specific events. We read this data solely to present your schedule within the application. Access is required to show your calendar information.
• https://www.googleapis.com/auth/calendar.events
  • Purpose: To allow you to create, edit, and delete Google Calendar events directly from within our application.
  • Usage: This scope is used when you interact with features like the new event creation form, the event editing form, or event deletion actions initiated within the application. We write, modify, or delete event data in your Google Calendar based on the actions you take in the application.

2. Gmail Data

• https://www.googleapis.com/auth/gmail.readonly
  • Purpose: To display your Gmail messages, labels (folders), and the content of individual emails within our application.
  • Usage: This allows you to view your email lists (e.g., Inbox, Sent, Drafts, custom labels), see your label structure, and read the full content (subject, sender, recipients, body) of selected emails. We read this data solely to present your emails within the application. Access is required to show your email information.
• https://www.googleapis.com/auth/gmail.send
  • Purpose: To allow you to send emails using your Gmail account directly from within our application.
  • Usage: This scope is used when you compose a new email, reply to, or forward an existing email and click the "Send" button within the application. We send emails on your behalf using your Gmail account based on your actions.
• https://www.googleapis.com/auth/gmail.compose
  • Purpose: To allow you to create, save, edit, and delete draft emails within our application.
  • Usage: This scope is used for actions like saving a draft (manually or automatically), opening and editing saved drafts from your drafts list/folder, and discarding or deleting drafts. We create, read, and delete draft messages in your Gmail account based on your actions.
• https://www.googleapis.com/auth/gmail.modify
  • Purpose: To allow you to manage your emails within the application, such as applying/removing labels, changing read/unread status, and moving emails to the trash (deleting).
  • Usage: This scope is used when you perform management actions on emails from list or detail views, like adding/removing labels, marking emails as read or unread, or deleting emails (moving them to the trash). We modify email metadata (labels, read/unread status) or move emails in your Gmail account based on your actions.

3. Basic Account Information (OpenID Connect)

• openid, email, profile
  • Purpose: To securely authenticate you using your Google account (via OpenID Connect) and display basic identification information (like your name and email address) within the application.
  • Usage: These scopes are used during the initial Google sign-in/account linking process and potentially to display your connected account details (email, name) in application settings or user profile sections. We use this standard method to authenticate you securely and retrieve basic profile information for identification and user experience within the application.

4. Data Storage, Sharing, and Deletion

• Storage: Access tokens, refresh tokens, and account identification information (such as email address) for the user's integrated Google account are securely stored in our database. Data obtained from Gmail or Google Calendar, such as email bodies or event details, are processed temporarily in memory for the Agent feature's operation but are generally not stored persistently in our database. (However, related information may be stored as part of the interaction history with the Agent or as necessary for providing the Service's features.)
• Sharing: The Company will not share Google user data obtained through the APIs with third parties except when required by law or with the user's explicit consent.
• Deletion: If a user disconnects their Google account integration within our Service or deletes their Service account, the stored associated tokens and account identification information will be deleted.
• Use for AI/ML Models: The Company explicitly confirms that user data obtained through Google Workspace APIs (Gmail API, Google Calendar API) will not be used for the development, improvement, or training of generalized Artificial Intelligence (AI) models or Machine Learning (ML) models.
• Limited Use Compliance: Our use and transfer of information received from Google APIs adhere to the Google API Services User Data Policy, including the Limited Use requirements. Information received from Google APIs is used solely to provide or improve user-facing features that are prominent in the requesting application's user interface and is not transferred to others unless necessary for these purposes, to comply with applicable laws, or as part of a merger, acquisition, or sale of assets.

Article 5 (Changes to the Purpose of Use)

1. The Company may change the purpose of use of personal information when it is reasonably recognized that the purpose of use is related to the purpose before the change.
2. If the purpose of use is changed, the Company shall notify users of the changed purpose by legal and fair means or publicly announce it on this website.

Article 6 (Provision of Personal Information to Third Parties)

1. Except in the following cases, the Company will not provide personal information to a third party without obtaining the prior consent of the user. However, this excludes cases permitted under the Personal Information Protection Act and other laws and regulations.
   1. When it is necessary for the protection of a person's life, body, or property, and it is difficult to obtain the person's consent.
   2. When it is particularly necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the person's consent.
   3. When it is necessary to cooperate with a state organ, a local government, or an individual or entity entrusted by either of the former two in executing affairs prescribed by laws and regulations, and obtaining the person's consent is likely to impede the execution of the affairs.
   4. When the following matters have been notified or announced in advance, and the Company has notified the Personal Information Protection Commission:
      • Including provision to third parties in the purpose of use.
      • Items of data provided to third parties.
      • Means or method of provision to third parties.
      • Stopping the provision of personal information to third parties at the request of the person.
      • Method of accepting the person's request.
2. Notwithstanding the provisions of the preceding paragraph, in the following cases, the recipient of the information shall not be considered a third party:
   1. When the Company entrusts the handling of personal information in whole or in part within the scope necessary for achieving the purpose of use.
   2. When personal information is provided due to business succession as a result of merger or other reasons.
   3. When personal information is used jointly with a specific person, and that fact, the items of personal information used jointly, the scope of joint users, the purpose of use by the users, and the name or title of the person responsible for managing the personal information are notified to the person in advance or placed in a state where the person can easily know.

Article 7 (Disclosure of Personal Information)

1. When the Company is requested by the person to disclose personal information, the Company will disclose it to the person without delay. However, if disclosure falls under any of the following, the Company may not disclose all or part of it, and if a decision is made not to disclose, the Company will notify the person to that effect without delay. A fee of 1,000 yen per case will be charged for the disclosure of personal information.
   1. When there is a risk of harming the life, body, property, or other rights and interests of the person or a third party.
   2. When there is a risk of significantly hindering the proper execution of the Company's business.
   3. When it would violate other laws and regulations.
2. Notwithstanding the provisions of the preceding paragraph, information other than personal information, such as history information and characteristic information, will generally not be disclosed.

Article 8 (Correction and Deletion of Personal Information)

1. If the user's personal information held by the Company is incorrect, the user can request the Company to correct, add, or delete the personal information (hereinafter referred to as "Correction, etc.") according to the procedures specified by the Company.
2. If the Company receives the request from the user as described in the preceding paragraph and determines that it is necessary to respond to the request, the Company will perform the Correction, etc., of the relevant personal information without delay.
3. When the Company has performed Correction, etc., based on the provisions of the preceding paragraph, or has decided not to perform Correction, etc., the Company will notify the user of this without delay.

Article 9 (Suspension of Use, etc., of Personal Information)

1. If the Company is requested by the person to suspend or delete the use of personal information (hereinafter referred to as "Suspension of Use, etc.") on the grounds that the personal information is being handled beyond the scope of the purpose of use or that it was obtained by fraudulent means, the Company will conduct the necessary investigation without delay.
2. Based on the results of the investigation in the preceding paragraph, if it is determined that it is necessary to respond to the request, the Company will perform the Suspension of Use, etc., of the relevant personal information without delay.
3. When the Company has performed Suspension of Use, etc., based on the provisions of the preceding paragraph, or has decided not to perform Suspension of Use, etc., the Company will notify the user of this without delay.
4. Notwithstanding the preceding two paragraphs, if Suspension of Use, etc., involves a large amount of cost or if it is otherwise difficult to perform Suspension of Use, etc., and alternative measures necessary to protect the user's rights and interests can be taken, this alternative measure shall be taken.

Article 10 (Changes to the Privacy Policy)

1. The contents of this Policy may be changed without notice to the user, except for laws and regulations and other matters specified otherwise in this Policy.
2. Unless otherwise specified by the Company, the changed privacy policy shall take effect from the time it is posted on this website.

Article 11 (Contact Information)

For questions or complaints regarding the handling of personal information by the Company for the NORDER service, please contact the following: