Privacy Policy
Last updated: 2026-07-02 Effective: 2026-07-02
Yuto Makihara ("we", "us") establishes this Privacy Policy ("Policy") for the handling of user personal information in connection with "Argosvix" (the "Service").
Article 1 (Information We Collect)
We collect the following information to provide the Service.
(1) Information collected at account registration
When registering by password authentication
- Email address
- Password (stored hashed with PBKDF2-SHA256; we do not store plaintext)
- Date and time of agreement to the Terms and this Policy, plus the IP address and User-Agent at the time of agreement (to ensure evidentiary value in disputes)
When registering by OAuth authentication (GitHub / Google)
- Provider-verified email address
- Identifier within the OAuth provider (subject = numeric ID or UUID)
- Date and time of agreement to the Terms and this Policy, plus the IP address and User-Agent
Common (when using a paid plan)
- Payment information (processed via Stripe Inc.; we do not hold the card number itself)
(2) Information collected automatically through use of the Service
- Access logs (IP address, User-Agent, access date/time, access URL)
- Usage statistics (login frequency, feature usage, etc.)
- Information stored in cookies, browser local storage, etc.
(3) Information you send via the SDK (Call Records)
- AI model provider name (OpenAI, Anthropic, Gemini, Mistral, etc.)
- Model name used
- Input/output token counts, computed cost, response time, timestamp
- Error code, error message, and retry-after value on error
- User-defined tags (arbitrary key-value)
- OTel-compatible trace information (trace_id / span_id / parent_span_id, optional)
The content of Call Records must not contain end users' personal information under Article 4, Paragraph 2 of the Terms. We are not responsible for data sent in violation thereof.
(4) Information collected additionally when the Plaintext Storage Feature is enabled (Pro plan or higher, opt-in only)
When you enable the Plaintext Storage Feature by explicit opt-in on the Pro plan or higher, we collect the following information in addition to the items in (3) above.
- Prompt body (text you transmit to the LLM API)
- AI model completion body (response text from the LLM API)
- Tool call (function calling) function name, arguments, and results
- Date and time of the Plaintext Storage Feature consent, source IP address, User-Agent, and version of the Consent Dialog
- Decryption access log for plaintext records (who accessed which record when)
- The bring-your-own-key for the chat feature (an OpenAI API key you optionally register; stored encrypted with AES-256-GCM and never used for any purpose other than response generation), and its registration timestamp
This information is stored encrypted with AES-256-GCM, and decryption by our operators leaves an entry in the audit log. See Article 4-2 for details.
The content of plaintext records must not contain end users' personal information, confidential information, trade secrets, or content that infringes third-party intellectual property rights under Article 4, Paragraph 2 of the Terms. We are not responsible for data sent in violation thereof.
Even when the feature is enabled, the SDK by default masks email addresses, credit card numbers, phone numbers, My Number, and IP addresses before transmission. You may disable this masking at your own responsibility.
(5) Information collected additionally when the AI Helper Feature is enabled (Pro plan or higher, opt-in only, independent of the Plaintext Storage Feature consent)
When you enable the AI Helper Feature (Article 4-3 of the Terms) by explicit opt-in on the Pro plan or higher, we collect the following information in addition to the items in (3) and (4) above.
- Date and time of the AI Helper Feature consent, source IP address, User-Agent, and version of the Consent Dialog
- Results of automatic safety classification (labels such as violence, sexual, hate, self-harm following the OpenAI Moderation API label set), identifiers of the call records classified, and the execution timestamp
- Logs of evaluation criteria proposal usage (length of the use-case hint, count of call records referenced, count of proposed evaluation criteria, execution timestamp, approximate fee paid to our subprocessor OpenAI, Inc.)
- Results of the plaintext PII secondary audit (detected categories, confidence scores, detection reason text, identifiers of the call records audited, and the execution timestamp)
- Results of automatic quality evaluation (scoring per evaluation criterion, scoring rationale text, identifiers of the call records evaluated, and the execution timestamp)
The destination, content, and treatment at the destination of plaintext data when the AI Helper Feature is enabled follow Article 4-3 of the Terms. Specifically, we transmit excerpts of plaintext data (up to 1,500 characters each of prompt body and AI completion body per call) to the OpenAI Moderation API or the Chat Completions API (gpt-4o-mini model) operated by OpenAI, Inc. (USA). Under our API agreement with OpenAI, Inc., we ensure that such data is not used to train OpenAI, Inc.'s AI models and is deleted from OpenAI, Inc.'s logs within at most 30 days.
(6) Information collected through use of the Chat Feature
When you use the chat feature within the management console (Article 4-4 of the Terms), we collect the following information.
- The question text you enter and the generated response text (stored as conversation history)
- The names and execution conditions of the aggregation tools run to generate the response (metadata such as the period referenced and the aggregation axes)
- The creation and update timestamps of the conversation
To generate Chat Feature responses, the question text, the context of the conversation, and aggregated metadata to the extent necessary to generate the response are transmitted to the Chat Completions API (gpt-5.4-mini model) operated by OpenAI, Inc. (USA). The body of plaintext records ((4)) is not transmitted via the Chat Feature. The treatment at the destination (exclusion from AI model training and deletion from logs within at most 30 days) is subject to the same conditions as (5) above.
Article 2 (Purpose of Use)
We use the collected information for the following purposes:
- Providing, operating, and improving the Service
- Notifications and contact to users (service updates, incident information, important policy changes, usage alerts, etc.)
- Statistics and analysis regarding use of the Service (conducted in a form that does not identify individuals)
- Detecting and preventing misuse and violations of the Terms
- Billing and payment processing
- Responding to user inquiries
- Use of the Plaintext Storage Feature by users who have enabled it (browsing, search, annotation, evaluation, and prompt improvement support within the dashboard)
- Provision of automatic safety classification, evaluation criteria proposal, plaintext PII secondary audit, and automatic quality evaluation to users who have enabled the AI Helper Feature (including processing via our subprocessor OpenAI, Inc. under Article 4-3 of the Terms)
- Generation of responses and provision of conversation history to users who use the Chat Feature (including processing via our subprocessor OpenAI, Inc. under Article 4-4 of the Terms)
However, the plaintext records defined in Article 1 (4) are excluded from Purpose 3 (statistics and analysis) and Purpose 4 (misuse detection). That is, plaintext records are intended exclusively for the user's own use (Purpose 7 above) and for processing under the AI Helper Feature for which the user has separately given explicit consent (Purpose 8 above), and are not used for our AI model training, aggregate statistics, or third-party provision for any other purpose.
Article 3 (Provision to Third Parties)
-
Except as required by law or in the following cases, we do not provide users' personal information to third parties:
- With the user's prior consent
- Where necessary to protect a person's life, body, or property
- Where necessary to improve public health or promote the sound upbringing of children
- Where necessary to cooperate with a national agency or local government, or a party commissioned by them, in performing statutory duties
-
Within the scope necessary to provide the Service, we may have the following subcontractors handle personal information. These do not constitute provision to third parties under the Act on the Protection of Personal Information.
| Subcontractor | Role | Location | Cross-border transfer |
|---|---|---|---|
| Stripe Inc. | Payment processing | USA | Yes (SCC executed) |
| Cloudflare, Inc. | Hosting, CDN, database (D1), encrypted storage of plaintext records (Workers Secret) | USA and global edge | Yes (SCC executed) |
| Resend (Resend, Inc.) | Transactional email delivery | USA | Yes (SCC executed) |
| Google LLC (Google Workspace) | Receiving email addressed to our domain | USA | Yes (SCC executed) |
| GitHub, Inc. | OAuth 2.0 authentication (signup / login) | USA | Yes (SCC executed) |
| Google LLC (Google OAuth) | OAuth 2.0 authentication (signup / login) | USA | Yes (SCC executed) |
| OpenAI, Inc. | (1) LLM inference for the AI Helper Feature (automatic safety classification, evaluation criteria proposal, plaintext PII secondary audit, and automatic quality evaluation) — transmission of plaintext excerpts to the OpenAI Moderation API and the gpt-4o-mini model (activated only when the user opts in to the feature); (2) generation of Chat Feature responses — transmission of question text and aggregated metadata to the gpt-5.4-mini model (activated only when the user uses the chat). | USA | Yes (under the API agreement, we ensure exclusion from training of our AI models and deletion from OpenAI logs within at most 30 days; DPA to be separately executed) |
- We provide necessary and appropriate supervision of subcontractors regarding the safe management of personal information.
Article 4 (Security Management)
-
To prevent leakage, loss, or damage of personal information, we take the following measures:
- Encryption of communication channels (TLS 1.2 or higher)
- Password hashing (PBKDF2-SHA256, random 16-byte salt, 100,000 iterations)
- Hashing of API keys, confirmation tokens, and reset tokens (SHA-256); no plaintext stored in the database
- AES-256-GCM encryption of plaintext records obtained through the Plaintext Storage Feature (per-account envelope encryption; master key managed as a Cloudflare Workers Secret)
- Complete audit logging of decryption access to plaintext records (both user review and our operators' support-purpose access)
- Minimization of access privileges
- Regular vulnerability scanning and security updates
- Optional two-factor authentication (2FA TOTP)
-
We provide necessary and appropriate supervision of personnel (including subcontractors) handling personal information.
Article 4-2 (User Rights Regarding the Plaintext Storage Feature)
-
Users who have enabled the Plaintext Storage Feature have the following rights in addition to those defined in Article 6 (User Rights):
- Right to one-click bulk deletion of plaintext records (executable via the "Bulk delete plaintext records" button in the settings screen; bulk deletion includes deletion of the scoring rationale texts of automatic quality evaluation and the detection reason texts of automatic safety classification and the plaintext PII secondary audit; results that contain no plaintext, such as scores and labels, are retained)
- Right to delete individual records (executable via the "Delete" button on each record detail screen of the dashboard)
- Right to review their own access log to plaintext records (the past 90 days can be reviewed from the settings screen)
- Right to revoke explicit consent to the Plaintext Storage Feature (turning the toggle off in the settings screen stops plaintext storage for subsequent calls)
-
We do not use plaintext records for any purpose other than the user's own review (we do not use them for AI model training, aggregate statistics, or provision to third parties). When our operators need to decrypt plaintext records for purposes such as customer support, we obtain the user's individual prior consent.
-
The retention period for plaintext records is the period you select in the settings screen (7, 30, or 90 days, as available on your subscribed plan; see the table in Article 5); records past the retention period are automatically physically deleted.
-
If you cancel the Pro plan or higher, all plaintext records associated with your account are physically deleted within 30 days from the cancellation date. If you re-subscribe to the same plan or higher within 30 days of cancellation, the deletion is not executed.
-
If a leak of the encryption keys for plaintext records or a serious vulnerability in the encryption method becomes known, we will notify users of such fact within 24 hours and take necessary actions, including reporting to the Personal Information Protection Commission and notification to the individuals concerned (Article 26 of the Act on the Protection of Personal Information).
Article 4-3 (User Rights Regarding the AI Helper Feature)
-
Users who have enabled the AI Helper Feature (Article 4-3 of the Terms) have the following rights in addition to those defined in Article 6 (User Rights):
- Right to revoke AI Helper Consent (turning the toggle off in the settings screen immediately stops transmission of plaintext excerpts to OpenAI, Inc. for subsequent calls)
- Right to export the automatic safety classification labels, evaluation criteria proposal logs, plaintext PII secondary audit results, automatic quality evaluation results, and the AI Helper Feature consent / revocation history (consent timestamp, IP address, User-Agent, and Consent Dialog version) via the
/v1/auth/account/exportendpoint - Right to request deletion of the automatic safety classification labels, the evaluation criteria proposal logs, the results of the plaintext PII secondary audit, and the results of automatic quality evaluation (by contacting us at the email address at the end of this Policy, or by using the account withdrawal feature to delete all data associated with your account)
-
We do not use the outputs of the AI Helper Feature (safety classification labels and candidate evaluation criteria) for our AI model training, third-party provision (excluding the subcontractors defined in Article 3, Paragraph 2 of this Policy), or aggregation for any purpose other than providing the AI Helper Feature.
-
AI Helper Feature usage logs (execution metadata such as the length of the use-case hint, the count of referenced call records, the count of proposed evaluation criteria, execution timestamp, and approximate fee) are retained for the duration the account is active as audit logs that allow us to track feature usage and verify consent state. These logs themselves do not contain plaintext samples (prompt body or AI completion body). Automatic safety classification labels, plaintext PII secondary audit results, and automatic quality evaluation results follow the retention period of the call records they were attached to (Article 5) and are deleted simultaneously with those call records.
-
If you cancel the Pro plan or higher, AI Helper Consent is automatically revoked upon cancellation, and remains revoked even if you re-subscribe afterward. To use the AI Helper Feature after re-subscribing, you must re-obtain consent via the dashboard settings screen (consistent with Article 4-3, Paragraph 7 of the Terms). AI Helper Feature usage logs are retained as audit logs while the account is active, for proof of feature usage and consent state. Automatic safety classification labels, plaintext PII secondary audit results, and automatic quality evaluation results follow the retention period of the call records they were attached to (Article 5); when cancellation places the account on the Free retention period, that shortened period applies. Treatment upon account withdrawal follows Article 5, Paragraph 2.
-
If there are material changes to the API terms of our subprocessor OpenAI, Inc. such that the treatment recorded in the subcontractor table in Article 3, Paragraph 2 of this Policy (exclusion from training of our AI models and deletion from OpenAI logs within at most 30 days) is no longer maintained, we will notify such change as a Policy revision and provide users with the opportunity to re-elect whether to continue using the feature.
Article 5 (Retention Period)
- While you continue to use the Service, we retain personal information and Call Records within the scope necessary to provide the Service. The retention period of Call Records varies by plan, and Call Records past the retention period are automatically deleted.
| Plan | Retention of Call Records (metadata) | Retention of plaintext records (opt-in only) |
|---|---|---|
| Free | 30 days | Not offered |
| Pro | 90 days | 7, 30, or 90 days (user-selectable) |
| Team | 90 days | 7, 30, or 90 days (user choice) |
| Enterprise | Individually arranged | Individually arranged |
-
If you withdraw from the Service, except for periods where retention is required by law, we will delete or anonymize your personal information and associated Call Records within 30 days after withdrawal. However, information necessary for misuse detection or retention of tax-related documents follows the separately defined retention period (7 years for tax-related records).
-
Before withdrawal, you may export or pre-delete your own data via the settings screen or by request to the email address in Article 10 (Contact).
Article 6 (User Rights)
-
You may make the following requests regarding your own personal information:
- Disclosure (Article 33 of the Act on the Protection of Personal Information)
- Correction, addition, or deletion (Article 34)
- Suspension of use or erasure (Article 35)
- Suspension of provision to third parties (Article 35, Paragraph 1)
- Data portability (equivalent to GDPR Article 20; the Service allows downloading, as a single JSON via the
/v1/auth/account/exportendpoint, your account info, subscription, billing history, alerts config, monthly usage history, Plaintext Storage Feature and AI Helper Feature consent / revocation history, AI Helper safety classification results, PII secondary audit results, and the various audit logs)
-
Please make the above requests by email to the contact at the end of this Policy. We will respond in accordance with law after verifying your identity.
-
You may perform the following with one click from the settings screen (self-service before a disclosure request):
- Export all data (JSON download)
- Withdrawal (deletion of account and associated data)
Article 7 (Rights of Overseas Residents)
For EU or EEA residents, under the GDPR, in addition to Article 6 above, you have the right to data portability (Article 20), the right to restriction of processing (Article 18), and the right not to be subject to automated decision-making (Article 22).
For California residents, under the CCPA, you have the right to opt out of the sale of personal information. We do not sell personal information.
Article 8 (Use of Cookies, etc.)
-
The Service may use cookies and similar technologies to provide the Service and analyze usage. Specifically:
- Session cookie (maintaining login state, HttpOnly + Secure + SameSite=Lax)
- OAuth state cookie (CSRF protection, 5-minute TTL)
- Cloudflare Web Analytics (aggregate only, no individual identification)
-
You may refuse cookies via your browser settings, but in that case some features of the Service (login persistence / OAuth linking) may become unavailable.
Article 9 (Changes to This Policy)
-
We may change this Policy in response to changes in law, changes to the content of the Service, or other needs.
-
When we change this Policy, we will notify the content and effective date within the Service in advance. Where the change does not conform to the general interests of users, we will notify it at least 30 days before the effective date.
Article 10 (Contact)
For inquiries about this Policy and requests for disclosure, correction, or deletion of personal information, please contact:
- Business operator: Yuto Makihara
- Email: [email protected]
- Personal information protection manager: Yuto Makihara