1. Introduction
KyotoTech LLC (合同会社KyotoTech) ("Company," "we," "us," or "our") is committed to protecting your privacy and handling your personal information responsibly.
This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our website (kyototech.co.jp), software products (including SaQura, KyotoTech Vault, and KisoStats), and services.
KisoStats — No Data Collection
KisoStats is a macOS menu bar system monitor and disk cleanup utility. KisoStats does not collect, transmit, store, or process any personal data whatsoever. The application operates entirely offline and locally on your Mac. It does not make network requests, does not contain analytics or telemetry, does not require user accounts, and does not communicate with any server. No data of any kind is sent to KyotoTech LLC or any third party. System metrics (CPU, RAM, SSD, network speed) are read from macOS system APIs, displayed in real-time, and are not stored or logged.
Legal Framework
As a Japanese company serving international customers, we comply with:
- APPI - Japan's Act on the Protection of Personal Information (個人情報保護法)
- GDPR - EU General Data Protection Regulation (for EU/EEA residents)
- Other applicable data protection laws in your jurisdiction
In case of conflict between this Policy and applicable law, the applicable law shall prevail.
2. Data Controller Information
Data Controller
KyotoTech LLC (合同会社KyotoTech)
〒612-8083 京都市伏見区京町2丁目237-202
Kyoto, Japan
Email: support@kyototech.co.jp
Data Protection Inquiries
For questions about this Privacy Policy or our data practices, please contact:
3. Personal Information We Collect
Information You Provide Directly
| Data Category |
Data Elements |
Purpose |
Legal Basis (GDPR) |
| Contact Information |
Name, Email, Phone (optional), Message |
Respond to inquiries |
Legitimate interest / Consent |
| License Information |
Email address |
License delivery |
Contract performance |
| Account Information |
Email, License Key |
License management |
Contract performance |
| Vault Account Information |
Email, Name, Organization Name, Password (hashed) |
Account management, file storage |
Contract performance |
| Vault Collaboration Guest Data |
Email address (provided by space owner) |
Guest access to shared folders |
Contract performance / Legitimate interest |
Information Collected Automatically
| Data Category |
Data Elements |
Purpose |
Legal Basis (GDPR) |
| License Activation Data |
License Key, Hardware ID (hashed), Machine Name, OS/Platform, Timestamp |
License validation, prevent abuse |
Contract performance |
| Technical Logs |
IP address (anonymized), Browser type, Access times |
Security, troubleshooting |
Legitimate interest |
| Vault Audit Logs |
IP address, User-Agent (browser), Timestamps, Actions performed (login, upload, download, rename, delete) |
Security audit trail, compliance, dispute resolution |
Legitimate interest |
| Vault Virus Scan Results |
File scan status, scan timestamps |
Malware protection |
Legitimate interest |
Information We Do NOT Collect
We explicitly DO NOT collect:
- Your encryption keys or passwords created with our Software
- Content of files you encrypt
- Usage patterns or telemetry from the Software
- Precise geolocation data
- Biometric data
- Data from children under 16
- Sensitive personal data (racial/ethnic origin, political opinions, religious beliefs, health data, sexual orientation)
4. How We Use Your Information
Purposes of Processing
| Purpose |
Categories of Data |
Legal Basis (GDPR) |
APPI Basis |
| Respond to inquiries |
Contact information |
Legitimate interest |
Specified purpose |
| Deliver licenses |
Email, License Key |
Contract performance |
Contract fulfillment |
| Validate licenses |
Activation data |
Contract performance |
Service provision |
| Prevent license abuse |
Hardware ID (hashed) |
Legitimate interest |
Fraud prevention |
| Provide technical support |
Contact info, License data |
Contract performance |
Customer service |
| Improve services |
Aggregated analytics |
Legitimate interest |
Service improvement |
| Legal compliance |
Various |
Legal obligation |
Legal requirement |
| Vault file storage & sharing |
Account data, uploaded files (encrypted) |
Contract performance |
Service provision |
| Vault collaboration guest access |
Guest email, IP address, User-Agent |
Legitimate interest |
Security / Service provision |
| Vault security audit trail |
Audit logs (all user/guest actions) |
Legitimate interest |
Security / Compliance |
| Vault malware protection |
Uploaded files (scanned locally) |
Legitimate interest |
Security |
What We Do NOT Do
- No Selling: We DO NOT sell, rent, or trade your personal information to third parties for marketing purposes.
- No Profiling: We DO NOT use your personal information for automated decision-making or profiling that produces legal effects.
- No Marketing: We DO NOT send unsolicited marketing emails unless you have explicitly opted in.
5. Data Sharing & Disclosure
Service Providers
We share personal information with the following categories of service providers:
| Provider Category |
Purpose |
Data Shared |
Location |
Safeguards |
| Payment Processor (Stripe) |
Payment processing |
Email (for receipts) |
USA |
Standard Contractual Clauses |
| Hosting Provider |
Website/API hosting |
All data processed |
Japan |
APPI compliance |
Legal Disclosures
We may disclose personal information when required by law, including:
- Court orders or legal process
- Requests from law enforcement agencies
- Protection of our legal rights
- Investigation of fraud or security incidents
- Protection of the rights, property, or safety of our users or the public
Business Transfers
In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity. We will notify you of any such change.
No Other Sharing
We do not share personal information with third parties except as described in this Policy.
6. International Data Transfers
Primary Storage
Personal information is primarily stored on servers located in Japan.
Cross-Border Transfers
When we transfer personal information outside Japan, we ensure adequate protection through the following mechanisms:
| Destination |
Mechanism |
Safeguards |
| EU/EEA |
Adequacy decision |
Japanese data protection law recognized as adequate by EU |
| USA (Stripe) |
Standard Contractual Clauses (SCCs) |
Contractual data protection obligations |
| Other countries |
Case-by-case assessment |
Appropriate safeguards per APPI |
Your Consent
For transfers to countries without adequate data protection, we will obtain your explicit consent where required by APPI or GDPR.
7. Data Retention
Retention Periods
| Data Category |
Retention Period |
Basis |
| Contact form submissions |
2 years after last contact |
Business necessity |
| License activation data |
Duration of license + 1 year |
Contract fulfillment |
| Payment records |
7 years |
Japanese tax law requirements |
| Support tickets |
2 years after resolution |
Customer service |
| Security logs |
1 year |
Security requirements |
| Vault account data |
Duration of account + 30 days |
Contract fulfillment |
| Vault uploaded files |
Duration of account (soft-deleted files purged after 30 days) |
Service provision |
| Vault collaboration audit logs |
1 year after collaboration space is revoked |
Security / Compliance |
| Vault collaboration guest data |
Duration of collaboration space + 1 year |
Audit trail |
Deletion
After the retention period expires, personal information is securely deleted or anonymized.
8. Data Security
Technical Measures
We implement appropriate technical security measures, including:
- Encryption of data in transit (TLS 1.3)
- Encryption of sensitive data at rest
- Secure password hashing for authentication
- Regular security updates and patches
- Access controls and authentication requirements
- Network security measures (firewalls, intrusion detection)
Organizational Measures
- Limited access to personal information on a need-to-know basis
- Employee training on data protection
- Incident response procedures
- Regular security assessments
KyotoTech Vault — Additional Security Measures
For KyotoTech Vault, we implement the following additional measures:
- End-to-end encryption: All uploaded files are encrypted at rest using AES-256 with per-organization RSA key pairs
- Automated virus scanning: All uploaded files are scanned using ClamAV (locally, no data sent to third parties)
- Collaboration guest security: Optional password protection and email-based OTP verification for shared spaces
- Comprehensive audit logging: All actions (login, upload, download, rename, delete) are logged with IP address, User-Agent, and timestamps
- Session management: Guest sessions expire after 7 days or 15 minutes of inactivity
Uploaded Content — Liability Disclaimer
Users and collaboration guests are solely responsible for the content they upload to KyotoTech Vault. KyotoTech does not review, endorse, or assume liability for uploaded content. We reserve the right to remove content that violates applicable laws or our Terms of Service. Files identified as malware by our automated virus scanning will be quarantined.
No Guarantee
While we implement reasonable security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
Breach Notification
In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law (APPI, GDPR).
9. Your Rights
Rights Under APPI (Japan)
Under Japan's Act on the Protection of Personal Information, you have the following rights:
| Right |
Description |
| Access (開示請求) |
Request disclosure of your personal information |
| Correction (訂正請求) |
Request correction of inaccurate information |
| Deletion (削除請求) |
Request deletion of your personal information |
| Suspension of Use (利用停止請求) |
Request cessation of use of your information |
| Third-Party Disclosure |
Request information about third-party disclosures |
Additional Rights Under GDPR (EU/EEA Residents)
If you are located in the EU/EEA, you additionally have the right to:
| Right |
Description |
| Data Portability |
Receive your data in a structured, machine-readable format |
| Restriction of Processing |
Request limitation of processing in certain circumstances |
| Object to Processing |
Object to processing based on legitimate interests |
| Withdraw Consent |
Withdraw consent at any time (where processing is based on consent) |
| Lodge a Complaint |
File a complaint with a supervisory authority |
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Response Time
- APPI: Without delay, and in any case within 2 weeks
- GDPR: Within 1 month (extendable by 2 months for complex requests)
Verification
We may require verification of your identity before processing requests.
No Fee
We will not charge a fee for reasonable requests, except as permitted by law for manifestly unfounded or excessive requests.
10. Cookies & Tracking
Cookies We Use
| Cookie Type |
Purpose |
Duration |
Consent Required |
| Essential |
Website functionality |
Session |
No (strictly necessary) |
| Language Preference |
Remember language selection |
1 year |
No (functional) |
KyotoTech Vault — Browser Storage
KyotoTech Vault uses browser storage (localStorage and sessionStorage) for the following purposes:
- Authentication tokens: JWT tokens stored in localStorage (registered users) or sessionStorage (collaboration guests) to maintain your session
- User preferences: Language and theme settings stored in localStorage
These are not cookies and are not sent to third parties. Session storage is automatically cleared when the browser tab is closed.
What We Do NOT Use
- Third-party advertising cookies
- Cross-site tracking
- Social media tracking pixels
- Fingerprinting technologies
Analytics
We use privacy-first analytics that:
- Does not use cookies
- Does not track individual users
- Collects only anonymous, aggregated data
- Does not share data with third parties
11. Third-Party Services
Payment Processing (Stripe)
We use Stripe for payment processing. When you make a purchase:
- Your payment information is processed directly by Stripe
- We do not receive or store your credit card information
- Stripe is PCI DSS compliant
- Stripe's privacy policy applies: stripe.com/privacy
NuGet Package Distribution
Our Software is distributed via NuGet (nuget.org):
- NuGet's privacy policy applies to package downloads
- We do not receive personal information from NuGet downloads
Links to External Sites
Our website may contain links to external sites. We are not responsible for the privacy practices of other sites. We encourage you to read their privacy policies.
12. Children's Privacy
Age Restriction
Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16.
Parental Notice
If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.
Contact Us
If you believe we have collected information from a child under 16, please contact us immediately at support@kyototech.co.jp.
13. Changes to This Policy
Right to Update
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
Notification
We will notify you of material changes by:
- Posting the updated Policy on our website
- Updating the "Effective Date" at the top
- For significant changes, sending email notification to affected users
Review
We encourage you to review this Policy periodically.
14. Contact Us
Privacy Inquiries
For any questions, concerns, or requests regarding this Privacy Policy or our data practices:
Postal Address
KyotoTech LLC (合同会社KyotoTech)
〒612-8083 京都市伏見区京町2丁目237-202
Kyoto, Japan
Supervisory Authorities
Japan (APPI):
Personal Information Protection Commission (個人情報保護委員会)
www.ppc.go.jp
EU/EEA (GDPR):
You have the right to lodge a complaint with a supervisory authority in your country of residence.
Version History
| Version |
Date |
Changes |
| 3.1 | March 17, 2026 | Added KisoStats: explicit no-data-collection statement for macOS system monitor utility |
| 3.0 | March 13, 2026 | Added KyotoTech Vault: file storage, collaboration spaces, guest access, audit logging, virus scanning, uploaded content liability disclaimer |
| 2.0 | December 31, 2025 | Major update: Added GDPR/APPI compliance details, international transfers, data retention, expanded rights |
| 1.0 | January 2025 | Initial release |