Kuro Brand Privacy Policy
Kuro (the "Brand") respects users' privacy and handles information obtained through websites, applications, software, APIs, documentation, templates, email delivery features, hosting support features, AI-related features, development support features, operations support features, and other related services provided or operated by the Brand (collectively, the "Services") in accordance with this Privacy Policy.
This Privacy Policy explains the information the Brand obtains, the purposes for which it is used, the scope of sharing, how users may manage their information, retention periods, security measures, and contact methods. If a separate policy, notice, or privacy statement applies to an individual service, that separate policy, notice, or statement applies together with this Privacy Policy.
1. Basic Policy
The Brand handles acquired information appropriately in light of the Act on the Protection of Personal Information of Japan, other applicable laws and regulations, relevant guidelines, and social expectations.
The Brand endeavors not to obtain personal information beyond the necessary scope, clarifies the purposes of use for acquired information, and implements reasonable security control measures to prevent unauthorized access, leakage, loss, damage, destruction, falsification, or alteration.
2. Information We Collect
The Brand may collect the following information to provide, operate, maintain, and improve the Services.
2.1 Information Provided by Users
- Names, display names, user names, company names, or organization names.
- Email addresses, inquiry details, and support request details.
- Information related to account registration, login, authentication, passkeys, and other identity verification.
- API keys, access tokens, and configuration information necessary for service integrations.
- Articles, images, templates, settings, logs, email content, and other information that users input, upload, store, or transmit through the Services.
- Payment, billing, contract, and application information, if paid services are provided.
- Information contained in surveys, feedback, bug reports, rights infringement claims, and other communications.
2.2 Information Automatically Collected When Using the Services
- IP addresses, browsers, operating systems, device types, language settings, time zones, referrer URLs, and access dates and times.
- Cookies, local storage, pixel tags, and similar identifiers.
- Usage logs, including page views, clicks, searches, operations, errors, crashes, delivery status, API requests, responses, rate limits, and authentication results.
- Operational logs for email delivery services, including transmission dates and times, recipient domains, delivery results, error details, bounces, suppression lists, rate limits, and service usage.
- Technical information necessary for security, prevention of unauthorized use, and troubleshooting.
2.3 Information Obtained from Third-Party Services or External Integrations
If a user configures integration with an external service, the Brand may obtain identifiers, authentication results, profiles, settings, integration target data, usage logs, and other information from the external service to the extent necessary for that integration.
The Brand may also obtain information necessary to provide the Services from contractors or providers of advertising, analytics, hosting, email delivery, payment, authentication, security, error monitoring, inquiry management, and similar services.
3. Purposes of Use
The Brand uses acquired information for the following purposes:
- Providing the Services, authentication, identity verification, account management, and displaying usage status.
- Providing content, templates, settings, email, APIs, management screens, and other functions.
- Responding to inquiries, support requests, failures, rights infringement claims, and important notices.
- Maintaining, monitoring, backing up, restoring, improving quality of, and analyzing use of the Services.
- Detecting, preventing, and investigating unauthorized access, unauthorized use, spam, excessive use, violations of terms, and security incidents.
- Rate limiting, usage measurement, billing, free tier management, contract management, and payment processing.
- Communicating new features, improvements, campaigns, important specification changes, and policy changes.
- Advertising delivery, advertising effectiveness measurement, affiliate tracking, and access analytics.
- Responding to laws, regulations, court proceedings, and requests from administrative agencies and other authorities.
- Protecting the rights, property, and safety of the Services, the Brand, users, or third parties.
The Brand will not use non-public content that users input or store in the Services beyond the purposes set forth in this Privacy Policy, including providing services to users, maintenance, troubleshooting, security response, and legal compliance.
4. Cookies and Similar Technologies
The Brand may use cookies, local storage, pixel tags, server logs, and other technologies to provide the Services, maintain login status, store settings, ensure security, prevent unauthorized use, perform access analytics, deliver advertisements, and track affiliates.
Cookies and similar technologies do not directly collect names, addresses, or similar information, but they may be treated as information relating to an individual when combined with other information.
Users may delete or disable cookies through browser or device settings. However, disabling cookies or similar technologies may affect some functions of the Services, including login, settings retention, security checks, and display optimization.
5. Advertising, Analytics, and Affiliates
The Brand may use third-party advertising delivery services, access analytics services, and affiliate programs to operate and improve the Services, deliver advertisements, measure advertising effectiveness, and track affiliates.
These third parties may use cookies and similar technologies to collect browsing information on the Services and other sites, device information, and information about interactions with advertisements, and may use such information for advertising delivery, measurement, and analysis of usage trends. Please refer to each third party's privacy policy or settings screen for details on how they handle information.
6. Sharing and Third-Party Provision of Information
The Brand will not provide acquired personal information to third parties without the individual's consent, except in the following cases:
- Where the individual has given consent.
- Where handling is entrusted to contractors or external service providers to the extent necessary for providing, operating, maintaining, improving, processing payments for, delivering email for, hosting, analyzing, advertising, securing, or supporting the Services.
- Where information is transmitted or made public to third parties based on the user's operation or settings, including external service integrations, publication features, sharing features, and API integrations.
- Where required by law.
- Where necessary to protect a person's life, body, or property and obtaining the individual's consent is difficult.
- Where particularly necessary for improving public health or promoting the sound growth of children and obtaining the individual's consent is difficult.
- Where cooperation is necessary for a national government agency, local public body, or its contractor to perform legally prescribed duties, and obtaining the individual's consent may impede the performance of those duties.
- Where information is transferred to the extent necessary in connection with business transfer, merger, company split, service transfer, or other business succession.
- Where necessary to protect the rights, property, or safety of the Brand, the Services, users, or third parties.
When entrusting contractors with handling personal information, the Brand endeavors to exercise necessary and appropriate supervision over such contractors.
7. Public Information and User Sharing
The Services may include features through which information is made publicly available by user operation, including articles, profiles, templates, comments, posts, deliverables, repositories, documentation, public APIs, and public pages.
Information published by users may be viewed, stored, redistributed, or quoted by search engines, third-party services, or other users. Users should confirm publication scope, sharing destinations, and external integration settings before use.
8. Protection of Information
The Brand implements reasonable security control measures to protect acquired information, including access controls, authentication, encryption, log monitoring, backups, permission management, separation of secrets, and vulnerability response.
However, internet communications, cloud services, external integrations, and user device management involve inherent risks, and the Brand does not guarantee complete security. Users must appropriately manage passwords, passkeys, API keys, access tokens, management screen URLs, backup files, and similar information.
9. Retention Periods
The Brand retains acquired information for the period necessary to achieve the purposes of use, for the duration of contracts or usage relationships, for periods required by law, and for periods necessary for dispute resolution or prevention of unauthorized use.
Examples of retention periods are as follows:
- Account information, contract information, and settings: for the duration of the account or contract and a reasonable period thereafter.
- Information concerning inquiries, support, and rights claims: for a reasonable period after completion of response, as necessary for follow-up inquiries, quality improvement, and dispute handling.
- Access logs, operation logs, security logs, email delivery logs, and API logs: for a reasonable period necessary for failure response, prevention of unauthorized use, audits, and legal compliance.
- Billing, payment, accounting, and tax information: for the period required by law.
- Information in backups: for the period necessary for backup operations.
Even where a user requests deletion, certain information may be retained for a certain period for backups, audit logs, legal compliance, prevention of unauthorized use, or dispute handling.
10. User Control, Disclosure, Correction, Deletion, and Related Requests
Users may request disclosure, correction, addition, deletion, suspension of use, erasure, suspension of third-party provision, and other handling of their personal information held by the Brand in accordance with applicable law.
To make a request, please contact the inquiry channel listed at the end of this Privacy Policy. The Brand will verify the identity of the requester and respond within a reasonable scope in accordance with law.
The Brand may be unable to comply with all or part of a request in the following cases:
- Identity cannot be verified.
- Retention or use is required by law.
- Compliance may harm the rights or interests of other users or third parties.
- Compliance may interfere with proper operation of the Services, security, prevention of unauthorized use, or dispute handling.
- Complete deletion is technically or operationally difficult immediately.
11. Children's Privacy
In principle, the Services are not intended to actively collect personal information from minors without parental consent. If a minor uses the Services, the minor should do so with the consent and supervision of a parent or guardian.
If the Brand confirms that it has improperly collected personal information from a minor without parental consent, the Brand will respond by deleting or suspending use of such information to the extent necessary under law and the operation of the Services.
12. Cross-Border Transfers
The Brand may store, process, or transfer information to business operators or servers located outside Japan in order to use external services such as cloud hosting, email delivery, analytics, advertising, payment, security, and support.
When having a foreign business operator handle personal information, the Brand endeavors to make necessary confirmations and take necessary measures in accordance with applicable law.
13. External Links and Third-Party Services
The Services may include links to or integrations with external sites, third-party services, open-source repositories, social networking services, payment services, advertisements, and embedded content.
The Brand is not responsible for information handling by external sites or third-party services. Please review the terms of use, privacy policies, and settings screens of each service.
14. AI, Anonymization, and Training Data
If the Brand provides AI features, anonymization features, summarization, classification, generation, search, audit, or other processing, data entered by users may be processed to the extent necessary to provide those features, maintain quality, ensure security, prevent unauthorized use, and respond to failures.
The Brand will not provide users' non-public content to third parties as training data for general-purpose AI models without the individual's consent. However, if a user expressly configures integration with an external AI service, the handling of information transmitted to that external service is governed by that external service's terms and privacy policy.
AI and anonymization processing may be useful for removing, abstracting, detecting, and classifying personal information, but completeness is not guaranteed. When handling important information, confidential information, or sensitive personal information, users are responsible for confirming outputs, publication scope, and transmission destinations.
15. Changes to this Privacy Policy
The Brand may change this Privacy Policy due to amendments to laws, changes to the Services, changes to external services used, or operational necessity.
When making material changes, the Brand will endeavor to notify users by posting on the Services, email, management screen notice, or other appropriate method. Unless otherwise specified, the revised Privacy Policy applies from the time it is posted on the Services.
16. Contact
For inquiries regarding this Privacy Policy, handling of personal information, disclosure, correction, deletion, suspension of use, suspension of third-party provision, or rights infringement claims, please contact:
- Brand name: Kuro Brand
- Operator: Kuro
- General contact: info@kuro.boo
- Rights contact: rights@kuro.boo
17. Establishment and Revision Dates
- Established: March 1, 2026
- Last revised: July 15, 2026