d-bye

Privacy Policy

Effective date: June 23, 2026

This Policy describes how Osakaya System (a sole proprietorship; "we" or "us") handles personal information in "d-bye" (the "Service").

1. Information We Collect

We collect: (1) account information (email, name, and identifiers and profile information provided by external authentication services). If you use our native login, passwords are stored hashed and never in plaintext; if you use external authentication such as Google or GitHub, we do not receive your password for that service. (2) usage data (AI token usage, number of projects, storage used, etc.); (3) billing information (processed by our payment provider; we do not store card numbers); (4) project data and files you create or upload; (5) cookies and browser local storage used for authentication and saving settings; (6) the content of your inquiries; and (7) usage events and logs for improving the Service (metadata; see Section 7).

2. Purpose of Use

We use personal information to provide the Service; for identity verification, authentication, billing, and contract/invoice management; to analyze usage; to maintain and improve features; for troubleshooting and security; to respond to abuse and Terms violations; to handle inquiries; to send important notices; and to exercise rights and perform obligations under law or our Terms.

3. AI Processing

The AI generation features send the text and instructions you enter, project information (project names, table definitions, screen definitions, etc.), generated code, error messages, and other information necessary for AI processing to external AI providers (currently OpenAI in the United States) via their APIs. We do not use your input to train our own AI models. The handling of data by external AI providers is subject to those providers' terms and policies and our configuration (OpenAI's API, by default, does not use data submitted via the API to train its models). If we add or change external AI providers, we will give notice by posting on the Service or other appropriate means. Please do not include sensitive information (credit card numbers, government IDs, health information, or third parties' personal or confidential information) in your input.

4. Subprocessors

To the extent necessary to provide the Service, we may entrust operations such as payments, authentication, AI processing, hosting, data storage, and inquiry handling to external service providers. In such cases, we exercise necessary and appropriate supervision over them.

5. Disclosure to Third Parties

We do not provide personal data to third parties except as required by law, with your consent, in connection with a business succession, or as otherwise permitted under applicable data protection law.

6. International Transfers

To provide AI processing, payments, and infrastructure, your personal information may be handled by providers located in the United States or other countries. Principal recipients include OpenAI, L.L.C. (AI processing / United States) and Stripe, Inc. (payment processing / United States). We review these providers' privacy policies, security measures, and contractual terms, and take necessary and appropriate measures. If we add or materially change the recipient countries or providers, we will give notice by posting on the Service or other appropriate means.

7. Usage Analytics and Error Monitoring

To improve the quality of the Service and identify problems, we collect and analyze event and log data about your interactions (features used, screen usage, durations, device/browser type, error details, etc.). This is processed by systems we operate ourselves and is not sent to external analytics providers. The information is limited to metadata and does not include the business data you enter, the content of your AI inputs, or the contents of your files. You can opt out of analytics at any time using the switch below.

Usage analytics: on

8. Cookies and Local Storage

We use cookies and browser local storage to keep you signed in, authenticate requests, save settings, and analyze usage. We do not use them for advertising tracking.

9. Retention and Deletion

We retain personal information for as long as necessary to fulfill its purpose. If you cancel a paid plan, we promptly delete your server-side project data and uploaded files at the end of the current billing period. If you close your account, we delete the associated personal information within a reasonable period, except for information we are legally required to keep, payment/accounting records, inquiry records, and logs necessary for abuse prevention. After account closure, usage analytics data may be retained for statistical analysis after removing information that identifies you. Deleted data may persist for a limited period in such records and in backups and logs created in the ordinary course of operations; we use these only for purposes such as disaster recovery and delete them after the applicable retention period.

10. Security

We take necessary and appropriate measures to prevent the leakage, loss, or damage of personal information, including encryption in transit (TLS), access controls, appropriate protection of credentials, log management, backup management, selection and supervision of subprocessors, and measures against unauthorized access.

11. Your Rights

You may request access to, correction of, addition to, deletion of, or suspension of use of your personal information. We may ask you to verify your identity in connection with such requests. To make a request, please contact us using the details below.

12. U.S. and California Residents

We respond to rights requests from eligible users in accordance with applicable privacy laws. Where residents of California or other U.S. jurisdictions have rights under the CCPA/CPRA or other applicable laws (such as the right to know what personal information we collect, to request its deletion, and to opt out of the sale or sharing of personal information), we will respond in accordance with those laws. We do not sell personal information for monetary consideration, nor do we share it for purposes of behavioral targeted advertising.

13. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

14. Contact

For inquiries about how we handle personal information, please contact us at [email protected]. For business information, see our Commercial Disclosure.

Provider: Osakaya System (sole proprietorship) / Effective date: June 23, 2026