Privacy Policy / プライバシーポリシー

Privacy Policy and Cookie / External Transmission Notice

This policy explains how Jokin collects, uses, stores, delegates processing of, and deletes personal information when providing subsidy matching, accounts, inquiries, application support, and document organization.

Last updated: 2026-05-29

1. Information We Collect

  • Account information: email address, Google login identifiers, Stytch user ID, session state, and login timestamps.
  • Company and application information: company name, corporate number, address, representative or contact name, contact details, industry, employee count, capital amount, answers, drafts, and matched subsidy results.
  • Uploaded and generated materials: application files uploaded by users, filenames, file types, file sizes, file IDs tied to drafts, generated application packages, and prefilled files.
  • Inquiry information: name, company name, email, phone number, inquiry content, and follow-up records sent by email or forms.
  • Access and security logs: IP address, User-Agent, access time, request URL, Cookie or session identifiers, error logs, and operation logs.

2. Purposes of Use

  • To provide subsidy search, company profile generation, matching recommendations, Q&A filtering, document organization, prefill, and application package generation.
  • To create and manage accounts, maintain login sessions, prevent unauthorized access, respond to inquiries, and send important notices.
  • To improve service quality, investigate errors, verify document processing results, and understand anonymized or aggregated usage.
  • To keep records required for legal, regulatory, audit, security, and dispute handling purposes.
  • This page publicly states the purposes of use at the time personal information is obtained. If separate consent is requested, the notice shown at that time will apply.

3. Third-Party Services and External Transmission

Information may be transmitted from the browser or server to the following external services for account authentication, hosting, security, and troubleshooting.

Stytch Inc.
Email address, authentication state, session identifiers, device and browser information are transmitted for login, session management, and security.
Google LLC
When Google login is used, authentication requests are sent and Google account identifiers, email address, name, and other information consented to by the user may be received for third-party login.
Hosting / API infrastructure
IP address, request URL, User-Agent, access time, and error information may be transmitted for page/API delivery, load handling, security monitoring, and troubleshooting.
Analytics, ads, and support tags
This repository does not currently show Google Analytics, Vercel Analytics, Sentry, advertising tags, HubSpot, heatmaps, or chat widgets. If introduced later, transmitted information, recipient, and purpose will be disclosed on this page.

4. Cookies and Local Storage

  • Necessary Cookies or browser storage may be used to maintain login state, language settings, session continuity, and security controls.
  • The subsidy matching flow may store in-progress company information, answer progress, or candidate results in the browser so users can continue after refreshing.
  • If optional analytics, advertising, or heatmap Cookies are introduced, they will be used after obtaining consent or providing an opt-out method where required.

5. Delegated Processing and Third-Party Disclosure

  • The operator may delegate authentication, hosting, file storage, email delivery, log management, and system maintenance to external service providers as necessary to provide the service.
  • Personal information will not be sold to third parties except where required by law, consented to by the user, necessary for business succession, safety protection, dispute handling, or service provider processing.
  • Application materials may be shared with lawyers, administrative scriveners, or other experts only within the scope requested or consented to by the user.

6. Retention Periods

  • Account information is generally retained until account deletion or service termination.
  • Application drafts, uploads, and generated files are generally retained until the processing purpose is completed. Long-unused data may be deleted or anonymized within 3 years from the last use.
  • Access logs, security logs, and error logs are generally retained for up to 1 year. Backup data may remain for up to 90 days.
  • Retention may be extended where necessary for legal, audit, dispute, or security investigation purposes.

7. Requests for Disclosure, Correction, Deletion, and Suspension

  • Users may request disclosure, correction, addition, deletion, suspension of use, suspension of third-party provision, or account deletion.
  • Identity verification may be required. If a request cannot be fulfilled in whole or in part under applicable law, the operator will explain the reason.
  • Once application materials or official submission files have been downloaded, shared with external experts, or submitted to public authorities, this service may not be able to delete every copy by itself.

8. Contact

  • Privacy and personal information inquiries: japanshirabe@gmail.com
  • Operator contact: Jokin operations office