BooLabbeta ver.

Privacy Policy

BooLab (URL: https://boolab.net, hereinafter "the Site") considers the protection of users' personal information an important responsibility. In compliance with Japan's Act on the Protection of Personal Information and other relevant laws, we establish the following Privacy Policy (hereinafter "this Policy").

1. Operator Information

For operator information, please refer to our Operator Information page.

2. Personal Information We Collect

The Site may collect the following information:

2-1. Information Collected at Account Registration

  • Email address (obtained from OAuth provider)
  • Display name (obtained from OAuth provider, changeable)
  • Avatar image URL (obtained from OAuth provider)
  • Authentication provider information (Google / GitHub)

2-2. Information Collected During Service Use

  • Content of Boo posts (complaint and feedback submissions)
  • "I agree!" button click data
  • Ratings and reactions to posts
  • Points, levels, and badge acquisition history

2-3. Automatically Collected Information

  • IP address
  • Browser type and version, OS information
  • Access date and time, pages viewed
  • Referrer (referring URL)
  • Device information (screen resolution, language settings, etc.)
  • Cookie data

3. Purpose of Use of Personal Information

Collected personal information is used for the following purposes:

  1. User authentication and account management: Login authentication, session management, and storing account settings
  2. User-generated content management: Receiving Boo posts, automated review through AI moderation, and managing post display
  3. AI analysis and statistical processing: Automated classification, sentiment analysis, and statistical processing of post content by AI (original text is never published on the web)
  4. Creation and provision of anonymized statistical data: Aggregation of anonymized statistics per product/service, creation of weekly AI digests, and use of anonymized statistics in business reports
  5. Points and level system operation: Awarding points and managing levels and badges
  6. Notification delivery: Important service announcements and notifications of reactions to posts
  7. Service improvement and development: Usage analysis, new feature development, and user experience enhancement
  8. Prevention of unauthorized use: Detection and prevention of unauthorized access, spam, and terms of service violations
  9. Customer support: Responding to user inquiries

4. Disclosure of Personal Information to Third Parties

The Site will not provide users' personal information to third parties except in the following cases:

  1. When the user has given consent
  2. When disclosure is required by law
  3. When necessary for the protection of life, body, or property of a person, and it is difficult to obtain the consent of the individual
  4. When cooperation is necessary for a national or local government entity to carry out duties prescribed by law

Regarding anonymized statistical data: Data that has been anonymized and aggregated from post content may be used in business reports in a form that cannot identify individuals. In such cases, original texts of individual posts and information that could identify the poster are never disclosed.

5. Service Providers

The Site may entrust the handling of personal information to the following service providers to the extent necessary to achieve the purposes of use. Appropriate oversight is maintained over these providers.

  • Supabase Inc.: Database and authentication infrastructure (data storage and authentication processing)
  • Vercel Inc.: Website hosting (server operations)
  • Anthropic PBC: AI analysis and content generation (Claude API)
  • Google LLC: Analytics (Google Analytics), advertising (Google AdSense), OAuth authentication
  • Functional Software, Inc.: Error monitoring (Sentry)
  • Resend Inc.: Email delivery

6. Cookies and Tracking Technologies

6-1. Types of Cookies Used

TypePurposeProvider
Essential CookiesAuthentication and session management (JWT)Supabase
Analytics CookiesAccess analysis and usage monitoringGoogle Analytics (GA4)
Advertising CookiesDelivery of personalized advertisementsGoogle AdSense
Error MonitoringError detection and performance measurementSentry

6-2. Managing Cookies

Users can refuse to accept cookies through browser settings. However, disabling essential cookies (authentication and session management) may prevent the use of certain services such as login functionality.

6-3. Google Analytics Opt-Out

To disable data collection by Google Analytics, please use the opt-out add-on provided by Google.

7. Data Storage and Security

  1. Users' personal information is stored in encrypted form on Supabase (AWS infrastructure).
  2. Row Level Security (RLS) is enabled on all database tables to protect data from unauthorized access.
  3. Communications are protected by SSL/TLS encryption (HTTPS).
  4. Authentication tokens (JWT) are managed with access tokens (valid for 1 hour) and refresh tokens (valid for 7 days).
  5. The Site takes reasonable security measures to prevent leakage, loss, or damage of personal information, but cannot guarantee complete security for communications over the internet.

8. Data Retention Period

  • Account information: Retained until the user requests account deletion.
  • User-generated content: Retained for the period necessary for service operations. Anonymized statistical data may be retained as statistical information even after the original post is deleted.
  • Access logs: Retained for a reasonable period for service improvement and security purposes.
  • Contact inquiries: Deleted after being retained for a reasonable period following completion of the response.

9. User Rights

Users have the following rights regarding their personal information:

  1. Right to access: Users may request disclosure of their personal information held by the Site.
  2. Right to correction, addition, and deletion: Users may request correction, addition, or deletion when personal information is not factually accurate.
  3. Right to suspension and erasure: Users may request suspension or erasure of use when personal information is handled beyond the scope of the purpose of use or has been unlawfully obtained.
  4. Account deletion: Users may request account deletion at any time. After deletion, personal information will be erased within a reasonable period. However, anonymized statistical data is not subject to erasure as it cannot identify individuals.

To make any of the above requests, please contact us through the contact form after identity verification.

10. Privacy of Minors

The Site does not intentionally collect personal information from persons under the age of 16. If a person under 16 wishes to use the Site, they should do so with parental consent. If it is discovered that personal information of a person under 16 has been collected, the information will be promptly deleted.

11. International Users

The Site is operated from Japan, and collected personal information is handled in accordance with Japanese law. Users accessing from overseas should be aware that data protection standards different from those of their country of residence may apply.

Users within the EU/EEA may have rights under the GDPR (General Data Protection Regulation), including the right of access, right to rectification, right to erasure (right to be forgotten), right to data portability, right to restriction of processing, and right to object. To exercise these rights, please contact us through the contact form.

12. Changes to This Privacy Policy

  1. The Site may change the content of this Policy as necessary.
  2. For significant changes, we will endeavor to provide notice through appropriate means such as announcements on the Site.
  3. The amended Policy shall take effect from the time it is published on the Site.

13. Contact

For inquiries regarding this Policy, or to request disclosure, correction, or deletion of personal information, please use the contact form.

Effective: February 27, 2026