Privacy Policy

Last Updated: January 3, 2026

CloudInbox (hereinafter referred to as "we" or "our company") establishes this Privacy Policy (hereinafter referred to as "this Policy") regarding the handling of user information, including personal information of users, on this website and the Service (hereinafter referred to as "the Service").

Article 1 (Scope of Application)

This Policy applies to the handling of user information obtained by our company when users use the Service.

Article 2 (Information Collected)

Our company may collect the following information in providing the Service.

2.1 Information Provided by Users

  1. Account Information

    • Email address
    • Password (stored encrypted)
    • Display name (optional)

  2. Email Account Information

    • POP3 server information (hostname, port number, etc.)
    • Email account authentication information (passwords, etc., stored encrypted in Secret Manager)

  3. Email Data

    • Content of received emails (stored encrypted)
    • Sender, recipient, subject, body, attachments, etc. of emails

  4. Other Information

    • Inquiry content
    • Other information provided by users through the Service

2.2 Automatically Collected Information

  1. Log Information

    • IP address
    • Access date and time
    • Browser type and version
    • OS type and version
    • Referrer (referring URL)
    • URL of accessed pages

  2. Use of Cookies, etc.

    • Session information
    • User setting information
    • Other information necessary for providing the Service

Article 3 (Purpose of Use)

Our company uses the collected user information for the following purposes:

  1. Provision, operation, and improvement of the Service
  2. Responding to inquiries from users
  3. Sending notifications and communications to users
  4. Identifying users who violate the Terms of Service or attempt to use the Service for fraudulent or improper purposes, and refusing their use
  5. Sending information and notices regarding the Service
  6. Creating statistical data regarding the Service
  7. Other purposes incidental to the above purposes of use

Article 4 (Management of Personal Information)

  1. Our company maintains personal information of users in an accurate and up-to-date state, and implements necessary measures such as maintaining security systems, establishing management systems, thorough employee education, etc., to prevent unauthorized access, loss, destruction, alteration, or leakage of personal information, and implements security measures to strictly manage personal information.

  2. Email bodies are stored encrypted using Google Cloud KMS (Key Management Service).

  3. Email account authentication information (passwords, etc.) is securely managed using Google Cloud Secret Manager.

  4. User passwords are processed with appropriate hashing and are never stored in plain text.

Article 5 (Provision of Personal Information to Third Parties)

  1. Our company does not provide personal information to third parties except when consent is obtained from the user or when required by law.

  2. However, this does not apply in the following cases:

    • When it is necessary to protect the life, body, or property of a person and it is difficult to obtain the consent of the person
    • When it is particularly necessary to improve public health or promote the sound growth of children and it is difficult to obtain the consent of the person
    • When it is necessary to cooperate with a national agency, local government, or a person entrusted by them in performing affairs prescribed by law, and obtaining the consent of the person is likely to impede the performance of such affairs
    • Other cases where provision is permitted by law

Article 6 (Disclosure, Correction, and Deletion of Personal Information)

  1. Users may request our company to disclose, correct, or delete their personal information.

  2. When making a request under the preceding paragraph, please make the request to our company by the method separately prescribed by our company.

  3. When our company receives a request under the preceding paragraph from a user, it will perform identity verification and then promptly disclose, correct, or delete the information.

  4. However, disclosure, etc. may not be performed in the following cases:

    • When it is likely to harm the life, body, property, or other rights and interests of the person or a third party
    • When it is likely to significantly impede the proper implementation of our company's business
    • Other cases where it would violate laws

Article 7 (Use of Cookies, etc.)

  1. Our company may use technologies such as cookies in providing the Service.

  2. Cookies, etc. are used to improve user convenience and to the extent necessary for providing the Service.

  3. Users can refuse to accept cookies, etc. by setting their browser. However, in such cases, some functions of the Service may become unavailable.

Article 8 (Access Analysis Tools)

Our company may use access analysis tools to understand the usage status of the Service. Information collected through this is anonymized statistical information and does not include information that identifies individuals.

Article 9 (Use of External Services)

  1. Our company may use the following external services in providing the Service:

    • Google Cloud Platform (data storage, encryption, authentication, etc.)
    • Firebase (authentication, hosting, etc.)
    • Google Forms (inquiry form)

  2. User information may be processed in these external services. Please check each service's website for the privacy policies of external services.

Article 10 (Data Retention Period)

  1. Our company retains user information for the period necessary to provide the Service.

  2. When a user withdraws from the Service, our company will promptly delete user information except for the retention period prescribed by law.

  3. However, our company may retain user information for a period it deems necessary in the following cases:

    • When retention is required by law
    • When necessary for dispute resolution
    • Other cases where our company deems there is a legitimate reason

Article 11 (Data Transfer Overseas)

  1. Our company may store user information on servers outside Japan in providing the Service.

  2. When transferring data overseas, our company will implement appropriate security measures and strive to protect user information.

Article 12 (Personal Information of Minors)

  1. When a minor uses the Service, they shall use it after obtaining the consent of their guardian.

  2. When our company receives personal information from a minor, it shall be deemed that the guardian's consent has been obtained.

Article 13 (Changes to Privacy Policy)

  1. Our company may change this Policy as necessary due to changes in laws, changes in the content of the Service, or other reasons.

  2. When this Policy is changed, it will be posted on this website or notified to users.

  3. The changed Policy shall take effect at the time it is posted on this website.

Article 14 (Contact)

For inquiries regarding this Policy, please contact us at the following:

CloudInbox Contact

CloudInbox