Privacy Policy
Last updated: [EFFECTIVE_DATE]
DRAFT — pending professional legal review. Not yet in force.
This Privacy Policy explains what personal data KaijiWatch (operated by [OPERATOR_NAME], the data controller) collects and how it is handled.
1. Data we collect
We practice data minimization. We collect only:
- Email address — to deliver the newsletter and (for paid users) watchlist alerts.
- Watchlist — the tickers and investor names you choose to track, so we can filter alerts. You control this; you may use a plan that does not require a watchlist.
- Payment data — handled entirely by Stripe; we do not store card numbers. We receive only a customer identifier and subscription status from Stripe.
We do not sell personal data. The public website is a static site and uses no advertising or tracking cookies in its MVP form (any change will be reflected here).
2. Purpose and legal basis
We process your data to provide the Service you subscribed to (contractual necessity) and to send communications you opted into (consent). You can withdraw consent at any time by unsubscribing.
3. Processors
| Processor | Purpose |
|---|---|
| Stripe (Stripe, Inc. — United States/Ireland) | Payment processing and subscription management |
| Resend (United States) | Email delivery |
| GitHub, Inc. (United States) | Access-restricted private repository storing the subscriber file (email + watchlist), until migration to a managed database |
4. Retention
We keep your data while your subscription is active and for up to 12 months after cancellation, then delete it; we will delete it sooner on request.
5. Your rights
You may request access to, correction of, or deletion of your personal data by emailing [CONTACT_EMAIL]. We will respond within a reasonable time. For EU/UK users, you also have the right to data portability, to restrict or object to processing, and to lodge a complaint with your local supervisory authority. We honor these on a best-effort basis. (We do not actively target the EU/UK market; if our practices change, this policy will be updated.)
6. International transfers
The Service is operated from Japan. By using it, you understand your data may be processed in Japan and by the processors listed above (which may operate internationally).
7. Security
Subscriber data is currently stored in a private, access-restricted repository. On a deletion request we remove your data from the active file promptly; because the file is version-controlled, traces may remain in the private history — accessible only to the operator — until we migrate to a managed database, at which point historical copies are purged. The private repository is kept on a strict need-to-know basis in the interim.
8. Changes
Material changes will be posted with an updated date.
9. Contact
[OPERATOR_NAME] — [CONTACT_EMAIL]