Privacy Policy

Effective Date: April 5, 2026

1. Introduction

X Mirai Co., Ltd. ("we", "us", or "our") operates the Chrome Extension "JapaneseGo!" (the "Service"). This Privacy Policy explains how we collect, handle, store, and share your personal information when you use the Service.

This policy covers: (a) what personal data we collect; (b) how we handle and use that data; (c) how and where data is stored; and (d) with whom data is shared.

2. Data Collection

We collect only the data necessary to provide the Service:

• Account Information: Your email address and username when you register or log in. If you use Google OAuth, we receive your public Google profile (name and email address). When logging in with email and password — whether through the Chrome extension or the web dashboard (japanesego.xmirai.net) — your credentials are transmitted over HTTPS to our authentication server at api.xmirai.net solely for identity verification. Passwords are never stored in plaintext — they are cryptographically hashed before storage on our servers.
• Analysis Text: Japanese text you submit is forwarded to Gemini AI for processing. We do not store the original text itself. To avoid redundant AI calls for identical input, we cache only the SHA-256 hash of the text and the analysis result for up to 90 days. This cache is not linked to any user ID. We strongly recommend not submitting text that contains personal or sensitive information.
• Usage Logs: Statistical data such as analysis count, subscription plan type, and timestamps.
• Payment Information: Credit card and payment data are processed directly by Stripe. We do not store any payment credentials.

Data we do NOT collect: We do not collect your browsing history, web activity, visited URLs, keystrokes, or any webpage content beyond the specific Japanese text you explicitly submit for analysis. We do not use cookies on this website or in the extension.

3. Data Handling

We handle collected data solely for the following purposes:

• Service Delivery: Account data is used to authenticate you and manage your subscription. Submitted text is forwarded to Gemini AI to generate analysis results, then discarded.
• Service Improvement: Anonymized usage logs (analysis count, plan type, timestamps) are used to monitor performance and prevent abuse.
• Customer Support: Account information (email) is used to respond to support inquiries and send service notifications.
• Payment Processing: Subscription status is used to grant or restrict access to paid features. Raw payment data is handled entirely by Stripe.

We do not use your data for advertising, profiling, or any purpose beyond operating the Service.

4. Data Storage

Your data is stored on Cloudflare's infrastructure, which operates globally with data centers primarily in the United States and Europe.

• Account information (email, username): Stored in Cloudflare D1 (SQLite database) for the lifetime of your account.
• Analysis cache (SHA-256 hash + analysis result): Stored in Cloudflare KV store for up to 90 days. Not linked to any user identity.
• Usage logs: Stored in Cloudflare D1 for up to 12 months.
• Authentication tokens (JWT): Stored locally on your device only, never on our servers.
• Payment data: Stored and managed entirely by Stripe. We store only your subscription status.

All data in transit is protected by HTTPS/TLS encryption. Data at rest is protected by Cloudflare's built-in security infrastructure and JWT-based access controls.

5. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with the following third-party service providers, strictly for the purposes stated below:

• Google Gemini AI: The Japanese text you explicitly submit for analysis is sent to Google's AI infrastructure for processing. No account or identifying information is shared. Governed by Google's Privacy Policy.
• Google OAuth: If you sign in with Google, your public Google profile (name and email) is shared with Google to authenticate your identity.
• Stripe: Your subscription status and billing details (excluding raw card numbers) are shared with Stripe to process payments. All card data is handled directly by Stripe under PCI-DSS compliance.
• Cloudflare: Your account information, usage logs, and analysis cache are stored on Cloudflare's infrastructure (D1 database and KV store) as part of our backend operations.

No other third parties receive your data.

6. Extension Permissions & Browser Data Access

The Chrome extension requests the following browser permissions. All data accessed via these permissions is used solely to provide the Service and is not stored on our servers unless explicitly described in this policy.

• activeTab: Reads the content of the currently active tab only to extract Japanese text you select or highlight for analysis. Page content is not stored or transmitted beyond the selected text.
• scripting: Injects a content script into the current page to detect and retrieve selected text. No page data is stored.
• clipboardRead: Reads clipboard contents only when you explicitly paste text into the analysis input field. Clipboard content is sent to Gemini AI for analysis but is not stored by us.
• storage: Stores your authentication token (JWT) locally on your device only. No browsing data is stored.
• identity: Initiates the Google OAuth sign-in flow within the extension.
• sidePanel: Displays the extension's user interface in Chrome's built-in side panel.

7. Data Retention & Deletion

We retain your data only as long as necessary:

• Account information (email, username): Retained while your account is active. Deleted promptly upon request.
• Analysis cache (SHA-256 hash + result): Retained for up to 90 days. Not linked to any user identity.
• Usage logs: Retained for up to 12 months for service monitoring and abuse prevention.
• Payment & subscription data: Managed by Stripe per their data retention policy. We retain only your subscription status.

To delete your account and all associated personal data, contact us at [email protected]. We will process your request promptly.

8. Security

We implement the following security measures to protect your data:

• HTTPS/TLS encryption for all data in transit
• JWT-based authentication with 30-day expiry for all API access
• Cloudflare's DDoS protection, WAF, and infrastructure-level security
• No storage of plaintext passwords — email/password credentials are cryptographically hashed before storage on our servers

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your account and all associated personal data.
• Portability: Request your data in a portable format.

To exercise any of these rights, contact us at [email protected]. We will respond within a reasonable timeframe.

10. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at [email protected] and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The updated policy will be posted on this page with a revised effective date. For material changes, we will notify you via the email address associated with your account at least 7 days in advance.

12. Contact Us

If you have any questions about this Privacy Policy, please contact:

X Mirai Co., Ltd.
Email: [email protected]