Nokos

Privacy Policy

Last updated: March 2026

Nokos (hereinafter referred to as "the Service") respects your privacy and pays the utmost attention to the protection of personal information. This Privacy Policy describes the information the Service collects from you, how it is used, how it is disclosed, and your rights.

1. Operator Information

For operator details (name, address, contact), please refer to the Specified Commercial Transactions Act page.

2. Information We Collect

The Service may collect the following information: - Account Information: Information provided during account registration, such as username, email address, and password (hashed). - Usage Information: Information about your use of the Service (e.g., note creation/editing history, AI feature usage, login history). - Device Information: Type of device, OS, browser type, IP address, etc. - Payment Information: If you use a paid plan, payment information is processed via Stripe. The Service does not directly store your credit card information.

3. Purpose of Information Use

The collected information is used for the following purposes: - To provide, operate, maintain, and improve the Service. - To provide customer support and respond to inquiries. - To analyze data for new feature development and service improvement. - To prevent fraudulent use and ensure security. - For billing and payment processing.

4. Information Sharing and Disclosure

The Service will not disclose or share your personal information with third parties, except in the following cases: - With your consent. - When required by law or requested by government agencies. - When outsourcing necessary operations to third parties (e.g., Stripe for payment processing, Google Gemini for AI processing, GCP for infrastructure). - For legal action against violations of the Service's Terms of Use. - To protect the rights, property, or safety of the Service.

5. Legal Basis for Data Processing (GDPR Compliance)

The Service processes your personal information based on the following legal grounds: - Consent: Where you have given consent for specific processing purposes. - Contractual Necessity: Where processing is necessary for the performance of a contract with you. - Legal Obligation: Where processing is necessary for compliance with a legal obligation. - Legitimate Interests: Where processing is necessary for our legitimate interests, except where such interests are overridden by your rights and freedoms.

6. Data Subject Rights (GDPR/CCPA/APPI Compliance)

You have the following rights regarding your personal information: - Right of Access: The right to confirm whether your personal data is being processed and to access that data. - Right to Rectification: The right to have inaccurate personal data corrected. - Right to Erasure (Right to be Forgotten): The right to have your personal data erased under certain circumstances. - Right to Restriction of Processing: The right to restrict the processing of your personal data under certain circumstances. - Right to Object: The right to object to the processing of your personal data under certain circumstances. - Right to Data Portability: The right to receive your personal data in a machine-readable format. - Right to Withdraw Consent: The right to withdraw your consent at any time for processing based on consent. You can exercise most of these rights directly from the Settings page: account deletion, data export (JSON format with media download links), and preference management are all self-service. For any other requests, please contact support@nokos.ai.

7. International Data Transfers

The Service stores your personal information in GCP regions within Japan. However, your personal information may be transferred to and processed outside Japan when utilizing third-party services such as Stripe (payment processing) and Google Gemini (AI processing). These international data transfers are conducted in accordance with applicable data protection laws (e.g., GDPR, APPI) with appropriate safeguards in place.

8. Non-Sale of Personal Information (CCPA Compliance)

The Service does not sell your personal information to any third parties.

9. Children's Privacy

The Service does not knowingly collect personal information from children under the age of 13. If we become aware that a child under 13 has provided us with personal information, we will promptly delete such information.

10. Cookies and Tracking Technologies

The Service may use cookies to provide the service and improve functionality. You can refuse the use of cookies through your browser settings, but some functions of the Service may become unavailable.

11. Details of AI Processing

The Service performs the following AI processing: - Memo text is sent to Google Generative AI (Gemini) for metadata generation (title, tags, category, sentiment, importance), diary and monthly report generation, chat responses, and natural language search. - Vector embeddings (gemini-embedding-001) are generated from memo text for semantic search. - In accordance with Google's policies, your data will not be used to train AI models. - The accuracy of AI processing results is not guaranteed.

12. Security

The Service implements technical and organizational security measures to prevent leakage, loss, or damage of your personal information. Data is encrypted at rest using AES-256 on GCP and encrypted in transit using TLS. Row-level security ensures strict data isolation between users.

13. Use of Data for AI Training

privacy.trainingDataDesc

14. Changes to the Privacy Policy

The Service may revise this Privacy Policy as necessary. We will notify you of any significant changes on the Service or via email.

Privacy Policy