KamuiDash Privacy Policy

Simdy LLC (hereinafter "the Company") establishes the following policy regarding the handling of information related to users of the PaaS "KamuiDash" (hereinafter "the Service").

---

1. Scope of Application

This policy applies to information related to users that the Company handles in connection with the provision of the Service.

※ Information related to end users of applications provided by users on the Service (e.g., personal information collected by user applications) is, in principle, collected and used by users at their own responsibility, and users shall provide appropriate privacy notices to end users.

---

2. Information We Collect

The Company collects the following information.

(1) Account Information

• GitHub ID, username, display name, avatar URL, email address, and other information obtained through GitHub OAuth that is necessary for user identification and login
• Email address, email verification status, role information, and information necessary for notices and communications
• Session IDs, authentication tokens, API key and Personal Access Token names, scopes, encrypted or hashed values, last used timestamps, and other information related to authentication and API use

(2) Service Usage and Configuration Information

• Information related to Projects, Apps, DBs, Jobs, custom domains, and other resources created or configured on the Service
• App names, DB names, replica counts, specs, environment variables, commands, health checks, languages, regions, connection settings, and other configuration information necessary for deployment and operation
• GitHub integration information, including GitHub App installation IDs, organization names or usernames, repository names, branch names, directories, webhooks, GitHub Actions IDs, and deployment metadata
• File uploads, source code, DB data, configuration information, and other User Content

(3) Payment and Billing Information

• Information necessary for billing and invoicing (payment status, billing history, etc.)
• Stripe Customer IDs, Payment Method IDs, invoice IDs, currency, billing amounts, tax amounts, payment status, and other information necessary for billing processing
• Payment information such as card numbers is handled by Stripe and is not retained by the Company. The Company may retain information necessary to confirm and manage payment methods, such as card brand, last four digits, expiration date, issuing country, and card identifiers.

(4) Log Information

The Company collects the following logs for service operation:

• Application logs (retained for 14 days or 1,000 lines, whichever comes first)
• Deployment logs (retained for 14 days)

The Company may also collect logs related to access to the admin panel, APIs, webhooks, etc. for stable operation, security, and fraud prevention purposes, including IP addresses, user agents, request times, request IDs, authentication methods, operation targets, URLs, queries, sanitized request bodies, response statuses, error details, and processing times.

(5) Inquiry Information

• Inquiry content, contact information, response history, etc.

---

3. Purpose of Use

The Company uses collected information for the following purposes:

1. Providing the Service, identity verification, and account management
2. Providing GitHub integrations, deployment, builds, hosting, DBs, custom domains, log display, and other Service features
3. Billing, payment processing, and handling of unpaid amounts
4. Service operation, maintenance, incident response, security, fraud prevention, and audit
5. Support and inquiry response
6. Sending important notices, lifecycle notifications, billing and payment notices, and other Service-related communications
7. Legal compliance, dispute resolution, and rights protection

---

4. Third-Party Disclosure and Outsourcing

1. The Company will not provide personal information to third parties without the individual's consent, except as required by law.
2. The Company may outsource payment processing (Stripe), GitHub integration, infrastructure operation, storage, DNS and delivery, email and notification delivery, monitoring, log management, and other tasks to third parties to the extent necessary to provide the Service. In such cases, the Company will appropriately supervise those parties.
3. Outsourced service providers may include businesses located outside Japan, and the Company will take necessary measures in accordance with applicable laws.

---

5. Company Access to User Content

The Company does not routinely access user applications or user content during normal operations. However, the Company may access such content to the minimum necessary extent in the following cases:

• When necessary to respond to a support request from a user
• When required by law, such as responding to a disclosure request
• When necessary to address a critical security issue

---

6. Retention Period and Deletion

1. The Company retains information related to users for the period necessary to achieve the purpose of use.
2. User content after account cancellation will be deleted one month after cancellation (except as required for legal compliance, etc.).
3. Log retention periods are as described in "2.(4) Log Information." However, information necessary for audit, security, legal compliance, dispute resolution, billing, accounting, or tax purposes may be retained for the necessary period.

---

7. Data Storage Location

Primary data related to the Service is currently stored and processed in cloud regions within Japan. Data may be stored or processed outside Japan by external services or outsourced service providers. If this changes in the future, the Company will notify users through appropriate means.

---

8. Cookies and Access Analytics

The Company uses identifiers such as cookies to maintain login sessions, provide security, manage language settings, manage OAuth authentication state, and improve the Service. The Company may also use access analytics tools using identifiers such as cookies.

---

9. Security Measures

The Company implements reasonable organizational, technical, and physical security measures to prevent leakage, loss, or damage of the information it handles.

---

10. Requests for Disclosure

Users may request disclosure, correction, or suspension of use of information held by the Company about themselves through the Company's designated procedures. Please contact the inquiry desk below for details.

---

11. Changes to This Policy

The Company may revise this policy in response to changes in laws, operations, or features. Updated policies will be communicated through means designated by the Company.

---

12. Contact

For inquiries regarding this policy, please contact: [email protected]