Privacy Policy
Privacy Policy
PashaBen considers proper protection of users’ personal information an important responsibility and handles information under the following policy.
Translation Notice
This English version is provided for convenience. The Japanese version is the official version. If there is any inconsistency between versions, the Japanese version prevails.
1. Information We Collect
- Account information: email address, authentication provider identifiers, display name, profile image, bio, membership rank, role, warning or suspension status, login status, and similar information.
- Study data: study cards, questions, answers, options, explanations, tags, folders, card types, image IDs, study counts, quiz correctness, study dates, streaks, gold, items, and minigame or battle progress.
- Submitted and generated data: uploaded images, image metadata, image safety results, images submitted for OCR, OCR results, AI question creation inputs, outputs, history, models used, ticket consumption information, inquiry text, and inquiry attachments.
- Payment and purchase information: purchased products, membership plans, amounts, currency, payment status, subscription expiration dates, transaction IDs and event information from external payment platforms or app stores. The Service generally does not retain detailed payment information such as credit card numbers; payment providers process that information.
- Technical information: IP address, cookies, session information, device, OS and browser information, access logs, API logs, error logs, upload failure logs, notification tokens, notification settings, referrers, usage times, operation history, and other information necessary for service operation.
2. Purposes of Use
- To verify identity, handle login, manage accounts, change email addresses, reset passwords, maintain authentication status, and control permissions such as trial accounts.
- To provide Service features such as study card creation, image storage, tag and folder management, study sessions, study records, profiles, minigames, battles, gold, items, notifications, and support inquiries.
- To provide AI question creation, OCR, automatic tag generation, image conversion, image previews, image safety checks, moderation, storage capacity and count limits, ticket consumption, ticket returns, and similar features.
- To handle paid plans, AI tickets, subscriptions, purchase history, cancellation, refunds, payment events, membership rank, expiration dates, payment inconsistency checks, and support.
- To detect, prevent, and investigate abuse, rights infringement, Terms violations, security incidents, failures, spam, excessive access, and payment fraud.
- To respond to inquiries and send important announcements, image review results, individual notices, push notifications, email notifications, operator incident notices, new-registration notices, daily reports, and similar communications.
- To improve service quality and features, analyze usage, manage load, run tests, create statistics, improve support quality, and respond under laws and the Terms.
3. AI, OCR, and Image Processing
- When users use AI question creation or OCR, the Service handles submitted text, images, OCR results, generation settings, generated output, models used, processing logs, and related information to provide features, check quality, investigate failures, process tickets, and prevent abuse.
- AI question creation and OCR may send text, image URLs, or similar data to external AI or OCR APIs within the scope necessary for processing.
- For image uploads, the Service handles image files, image metadata, judgment results, and review history for format conversion, file-size compression, duplicate checks, safety checks, review isolation, approval or rejection, deletion, warnings, and suspension measures.
- AI output and OCR results are generated automatically, and the Service does not guarantee their accuracy or completeness. Users should confirm that output does not include personal information or content that infringes third-party rights.
4. Third-Party Provision and Outsourcing
- Except where required by law, necessary to protect life, body, or property, necessary to cooperate with public institutions, based on user consent, or falling within outsourcing or joint processing necessary to achieve the purposes of use, the Service does not provide personal data to third parties without the user’s consent.
- The Service may outsource or transmit information to cloud and hosting providers, payment and app store providers, AI/OCR providers, push notification providers, email providers, storage, monitoring, and log management providers within the scope necessary for service operation.
- Outsourced providers may include businesses outside Japan or businesses that process data on servers outside Japan. The Service reviews service details, contractual terms, and security measures of such providers and supervises them as necessary.
- When using external services such as payments, app stores, external login, push notifications, AI, or OCR, the terms and privacy policies of those external services may also apply.
5. Cookies, Device Information, and External Transmission
- The Service may use cookies, local storage, session storage, and similar technologies to maintain login status, support security, save settings, prevent CSRF, optimize display, understand usage, and investigate failures.
- Users’ devices may transmit IP addresses, device information, usage times, authentication information, data to be processed, logs, and similar information to external services for authentication, hosting, databases, storage, payments, AI/OCR, push notifications, email delivery, incident monitoring, and related purposes.
- Users may restrict cookies and notifications through browser or device settings, but doing so may make some features unavailable, such as login, card saving, payments, or notifications.
6. Security Management
- The Service works to prevent leakage, loss, damage, alteration, and unauthorized access through access control, RLS, authentication, permission management, signed URLs, encrypted communication, log management, backups, duplicate detection, image review, and administrator permission restrictions.
- Access permissions are granted only to personnel who need them for operations, and information is reviewed only within the scope necessary for inquiries, incidents, moderation, billing investigations, and legal compliance.
- Because of the nature of external services and communication environments, absolute security is not guaranteed. If a leakage or similar incident occurs, the Service will make necessary notifications, announcements, and recurrence-prevention measures under applicable laws.
7. Retention and Deletion
- The Service retains account information, study data, images, AI/OCR history, inquiries, notifications, billing information, logs, and moderation records for the period necessary to achieve the purposes of use.
- When users delete cards, images, profiles, or similar data, the data is removed from normal display and use. However, it may remain for a certain period in backups, audit logs, billing records, inquiry history, moderation records, or incident investigation logs.
- After account closure or deletion, the Service deletes or anonymizes data linked to the account. However, information necessary for legal compliance, abuse prevention, dispute response, refund and billing management, security, or operations may be retained for a reasonable period.
8. User Rights
- Users who want to confirm operator information, purposes of use, procedures for disclosure, or complaint contacts regarding retained personal data should contact the inquiry desk below.
- Users may request disclosure, correction, addition, deletion, suspension of use, erasure, suspension of third-party provision, disclosure of third-party provision records, and similar actions regarding their personal information held by the Service, under applicable laws.
- Users who want to make a request should contact the inquiry desk below with information necessary for identity verification. The Service will respond within a reasonable period and scope under applicable laws.
- Depending on the request, the Service may be unable to respond in whole or in part due to laws, identity verification, security management, operational record retention, or protection of third-party rights.
9. Use by Minors
- Minors must use the Service with consent from a parent or legal guardian.
- If it becomes clear that a minor provided personal information without consent, the Service will confirm and respond under applicable laws based on a request from the legal guardian.
10. Revisions
- The Service may revise this Privacy Policy due to changes in service content, legal revisions, external service specification changes, or operational needs.
- For important changes, the Service will notify users through in-app notices, the official website, email, notifications, or other appropriate methods.
- If a user continues to use the Service after revision, the user is deemed to have agreed to the revised Privacy Policy.
11. Contact
For questions about personal information handling, please contact in-app support (open the inquiry form).
Last updated: April 28, 2026