Privacy Policy

Information we collect

• Name, company, role, and contact details
• Inquiry details, quote and contract information
• Billing and payment-related information
• Operational information shared for service delivery
• Cookies, access logs, device and technical information

Purposes of use

• Responding to inquiries and preparing proposals, quotes, and contracts
• Delivering services, maintenance, incident response, audit, and evidence preservation
• Billing, payment, and refund handling
• Quality improvement, fraud prevention, security response, and legal compliance

Third-party sharing

We do not provide personal information to third parties without consent except where required by law. We may share necessary data with service providers involved in payments, hosting, email delivery, forms, analytics, development, or maintenance.

External services

We may use services such as Stripe, Cloudflare, Google, and OpenAI. Data may also be processed under those providers' policies and terms.

International transfers

Where necessary for service delivery, information may be processed outside Japan. We implement reasonable safeguards in accordance with applicable law.

Security and Technical/Organizational Measures (TOMs)

We take reasonable administrative, technical, and physical measures to reduce the risk of unauthorized access, leakage, alteration, loss, or damage. Specifically, we operate the following three layers:

• Technical: HTTPS/TLS encryption, Cloudflare WAF/DDoS protection, append-only audit log, access control, hashed/non-stored secrets, security response headers (HSTS, CSP, X-Frame-Options, etc.) applied to all paths.
• Organizational: Operator limited to one individual (Kosei Izumida). AI assistance runs under audit log and approval gates. Confidentiality is contractually enforced.
• Physical: Access control to business equipment, locked storage for confidential documents, secure disposal (shredding/data wipe).

Retention

We retain information only as long as needed for the purposes above, or where required for legal, tax, security, or audit reasons. Indicative retention periods (subject to individual contracts):

• Inquiry-response records: 1 year after first response completed
• Quote / contract / billing information: legal retention period (e.g., 7 years for tax records under Japanese law)
• Operational data shared during service: 1-3 years after contract end (per individual contract)
• Audit logs and evidence: at least 12 months (for incident response)
• Cookies / access logs: within 90 days (Cloudflare Web Analytics policy); GA4 default 14 months

Lawful bases (GDPR Article 6)

Where the EU General Data Protection Regulation (GDPR) applies, we rely on the following lawful bases as appropriate:

• Performance of a contract (Art 6(1)(b)): for service delivery, billing, support.
• Legitimate interests (Art 6(1)(f)): for security, fraud prevention, internal analytics.
• Consent (Art 6(1)(a)): for analytics cookies (Google Analytics 4, Cloudflare Web Analytics) gated through the on-page consent banner.
• Compliance with legal obligation (Art 6(1)(c)): for tax/accounting records.

Data Protection Officer

This service is operated by an individual proprietor and does not appoint a formal Data Protection Officer (DPO) under GDPR Article 37. The Representative (Kosei Izumida) acts as the contact point for data protection inquiries. EU data subjects may also lodge complaints with their local supervisory authority.

Regulatory references

Where applicable, we aim to align with: the Japanese Act on the Protection of Personal Information (APPI), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). Specific protections may be subject to local law and individual contractual terms; nothing on this page constitutes legal advice.

Your rights

You may request access, correction, deletion, restriction, or other actions available under applicable law.

Cookies / Analytics / Consent

This site uses the following analytics services:

• Google Analytics 4 (measurement ID G-SWSQ3ZMTWW): page views, sessions, dwell time, referrers, device types.
• Cloudflare Web Analytics (privacy-friendly, no cookies, IP anonymization): page views and performance metrics.

Both scripts are loaded only after you press "Accept" on the consent banner displayed at the bottom of the page on your first visit. If you press "Decline", neither script is loaded. Your choice is stored in localStorage (key mao_consent_v1) and persists across visits. To reset, clear your browser's localStorage.

EU/UK data subjects: you may withdraw consent at any time by clearing localStorage; analytics will be disabled until consent is granted again. You also have the right to lodge a complaint with your national supervisory authority.

Business information

Business name: MIRAI AI ORCHESTRA
Representative: Kosei Izumida
Address and contact: use the officially published business details

This page supplements the pages.dev site. Final commercial terms should be confirmed in the applicable quote, order form, or contract.