Data Controller

Atsuki Nakayama Contact: savingarknoah@gmail.com

1. Introduction

Satori Therapy respects your privacy and is committed to protecting your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This privacy policy explains what personal data we collect and how we process and protect it. By using our service, you are deemed to have consented to the processing of personal data as described in this privacy policy.

2. Personal Data We Collect

We collect the following categories of personal data:

• Account Data: Google account information (email address, display name), user ID
• Usage Data: Conversation history, mode selection, usage time, in-app activity, crystal usage history
• Device Data: IP address, device ID, browser type, operating system, language settings
• Communication Data: Conversations with Satori, customer support interactions
• Payment Data: Subscription status, purchase history (we do not store credit card information)
• Note: We do not intentionally collect personal data from individuals under 16 years of age. If you are under 16, please obtain parental consent.

3. Special Categories of Personal Data (GDPR Article 9)

Due to the nature of our service, we may process the following special categories of personal data:

• Health Data: Mental health, psychological state, stress levels, sleep patterns, other health-related information
• Sexual Life and Orientation Data: Love Mode conversations, romantic consultations, sexual concerns and consultations
• Religious or Philosophical Beliefs: Spiritual beliefs, philosophical views, religious views
• Political Opinions: Political views, opinions on social issues

Explicit Consent: By using our service and initiating relevant conversations, you are deemed to have provided explicit consent for processing these special categories of data. You have the right to withdraw this consent at any time.

Additional Safeguards: Special category data is protected by enhanced security measures including encryption, access restrictions, and regular audits.

Your Rights: Regarding special category data, you have all rights under GDPR, including deletion, restriction of processing, and objection.

4. Legal Basis for Data Processing

We process personal data based on the following legal bases:

• Consent: Data use for marketing purposes, advertising personalization
• Performance of Contract: Service provision, account management, subscription processing
• Legitimate Interests: Service improvement, fraud prevention, security, limited analytics
• Legal Obligations: Tax and accounting record keeping, law enforcement responses

5. Purposes of Data Processing

We process collected personal data for the following purposes: • Providing, operating, and improving our services • Providing personalized experiences • Customer support • Usage analysis and service improvement • Fraud prevention and security • Legal compliance • Marketing and promotions (with consent) • AI model improvement (anonymized data only)

6. Data Sharing with Third Parties

We share personal data with third parties only in the following cases:

• Service Providers: Firebase (Google), Stripe (payment processing), and other technical service providers. We have appropriate data processing agreements with these providers.
• Legal Requests: In response to laws, legal processes, or government requests
• Business Transfers: In case of merger, acquisition, or asset sale, under appropriate confidentiality agreements

7. Right to Opt-Out (Sale/Sharing)

Under the California Consumer Privacy Act (CCPA) and other applicable laws, our service clarifies the following: • Sale of Personal Information: We do not sell your personal information to third parties in exchange for monetary or other valuable consideration. • Sharing for Targeted Advertising: We do not share your personal information with third parties for cross-context behavioral advertising (targeted advertising). • Advertising Technology: We currently do not use third-party advertising networks or data brokers. • Future Changes: If we change these practices in the future, we will notify you in advance and provide appropriate opt-out mechanisms. Your privacy is our top priority, and we are committed to respecting and protecting your data.

8. Email Communication

We use your email address for the following purposes:

9. International Data Transfers

Your personal data may be transferred outside the EEA (including to Japan). We implement the following safeguards: • Transfers based on EU-Japan adequacy decision • Standard Contractual Clauses (SCCs) • Other appropriate safeguards recognized by GDPR Main countries where data is transferred: Japan, United States (technical service provider server locations)

10. Data Retention Period

Personal data is retained for the following periods: • Account data: While the account is active, and for 30 days after deletion (recovery period) • Conversation data: While the account is active • Payment data: Up to 7 years as required by law • Technical logs: Maximum 90 days After the retention period, data is securely deleted or anonymized.

11. Data Subject Rights

Under GDPR, you have the following rights. To exercise these rights, please contact us at the details below:

• Right of Access: Right to request a copy of your personal data
• Right to Rectification: Right to request correction of inaccurate personal data
• Right to Erasure (Right to be Forgotten): Right to request deletion of personal data under certain conditions (implementation planned)
• Right to Restriction: Right to request restriction of data processing under certain conditions
• Right to Data Portability: Right to receive data in a structured format (implementation planned)
• Right to Object: Right to object to processing based on legitimate interests
• Right Not to be Subject to Automated Decision-Making: Right not to be subject to decisions based solely on profiling
• Right to Withdraw Consent: Right to withdraw consent at any time (does not affect lawfulness of processing before withdrawal)
• Right to Lodge a Complaint: Right to lodge a complaint with a data protection supervisory authority

12. Security Measures

We implement the following security measures: • Data encryption (at rest and in transit) • Access control and authentication systems • Regular security audits • Employee data protection training • Incident response plan In case of a data breach, we will notify the supervisory authority within 72 hours as required by GDPR, and notify you if necessary.

13. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for basic service functionality (session management, security)
• Analytics Cookies: Currently not in use
• Functional Cookies: Language settings, user preference storage
• Advertising Cookies: Currently not in use

14. Protection of Minors

Our service is intended for individuals 18 years and older. Individuals under 16 should not provide personal data without parental consent. If we discover we have inadvertently collected data from someone under 16, we will promptly delete it.

15. Changes to Privacy Policy

This privacy policy may be updated from time to time. We will notify you of significant changes through the service. Continued use of the service after changes constitutes acceptance of the changes.

16. Contact Us

For privacy-related questions or to exercise your rights, please contact us at: Email: savingarknoah@gmail.com Data Protection Officer: savingarknoah@gmail.com When exercising your rights, please contact us from your registered email address or provide account information for identity verification. We will respond within one month in principle. [Regarding Data Access and Deletion Requests] Automated data export and deletion features are currently under development. To exercise these rights, please contact us at the above email address for manual processing.