Legal
Privacy Policy
Last updated 2026-07-03
Overview
This policy explains what personal data JINSEI.STUDIO collects, why we collect it, and the choices you have. It applies to founders, builders, program operators, instructors, and investors who use the JINSEI.STUDIO console.
By using the service you agree to the collection and use of information as described here. If you do not agree, please do not use the service.
Information We Collect
Account and authentication data: your name, email address, role, and sign-in metadata (passkey or session token metadata, a hashed IP address used for security). You can sign in with a password, a passkey, a one-time sign-in link, or through Google or GitHub.
Program and workspace content: the material you submit as part of a program, including decisions, evidence artifacts, interview notes, and questionnaire responses.
Optional financial connection data: if you choose to connect a bank account, we receive read-only account and transaction data through our financial data provider, Plaid. You control when this connection is made and can disconnect it at any time.
Billing information: subscription and payment processing is handled by Stripe. We store your subscription status and Stripe customer identifiers; we do not store your full card number.
Support communications: messages you send us for help, which may include free-text content you choose to share.
Usage and device data, and cookies: standard technical information (browser type, pages visited, timestamps) and the cookies described below.
How We Use Information
To operate the program console: run your workspace, track progress, and generate the operator and investor views your program enables.
To evaluate submitted work, which may include AI-assisted evaluation performed by a third-party AI service provider on the content you submit.
To connect founders and investors, but only where your program's sharing settings and your own consent allow it.
To process payments, provide support, secure the platform, and comply with applicable law.
International Data Transfers
Your data is primarily hosted on Google Cloud Platform. Some processing, notably AI-assisted evaluation, takes place in the United States. Where required, we rely on appropriate safeguards for cross-border transfer, including the mechanisms recognized under the GDPR and, for transfers of personal information originating in Japan, the cross-border transfer requirements of Article 28 of the Act on the Protection of Personal Information (APPI): we transfer only to recipients in a country the Personal Information Protection Commission recognizes as providing an equivalent level of protection, or under a data processing agreement that imposes APPI-equivalent safeguards, or with your consent.
Data Retention
Program and workspace data is retained for the duration of your program, plus a retention window configured at the end of your cohort. Security audit logs are retained for seven years for accountability. AI-generated evaluation outputs are retained for a limited window, then deleted. Aggregated benchmarking metrics are anonymized and may be retained indefinitely.
Your Rights
Wherever you are located, you can ask us to give you a copy of your personal data, correct it, or delete it. Where applicable law grants additional rights, we honor those rights, including the specific regimes below. To exercise any of these rights, use the contact details at the end of this policy.
If You Are in the EU or UK (GDPR)
Under the GDPR and UK GDPR you have the right to access, rectify, erase, or restrict processing of your data, to object to certain processing, and to receive your data in a portable format. We aim to respond within the statutory one-month deadline. You also have the right to lodge a complaint with your local data protection authority.
If You Are in Japan (APPI)
Under the Act on the Protection of Personal Information (APPI), you have the right to request disclosure of your retained personal data and the record of third-party provision, to request correction, addition, or deletion where the data is inaccurate, and to request suspension of use, erasure, or discontinuation of third-party provision where your data has been handled in violation of the Act or is no longer needed for its stated purpose. We will respond without undue delay, as APPI requires. Requests may be made using the contact details below; we may ask for identity verification consistent with APPI's disclosure procedures. You also have the right to lodge a complaint with the Personal Information Protection Commission (個人情報保護委員会).
Security
We encrypt data in transit and at rest, apply field-level encryption to particularly sensitive fields, and isolate each tenant's data at the database level. Audit records are tamper-evident. No system is perfectly secure, and we cannot guarantee absolute security.
Children's Privacy
JINSEI.STUDIO is not directed to children under 16, and we do not knowingly collect personal data from them.
Changes to This Policy
If we make material changes to this policy, we will update the date above and, where appropriate, notify you directly.
Contact Us
Questions about this policy or your data can be sent to privacy@jinsei.studio.