Privacy Policy

Information you provide

• Name (first / last, may be entered in Japanese or your native language)
• Contact details (email, phone number)
• Nationality, native language, residence status (required for brokerage)
• Income range, budget (used for listing matching — optional)
• Listings you favourite, save, or otherwise interact with
• Content you submit through the inquiry ("toiawase") form

Information collected automatically

• Access logs (IP address, browser type, operating system)
• Cookies and similar technologies (see "Cookies" below)
• Page navigation paths and time-on-page (used to improve the service)

Information we do NOT collect

• Sensitive personal data (medical, religion, political beliefs) — not actively collected
• Bank account or credit card numbers — we do not process payments
• Biometric data (fingerprints, facial recognition, etc.)

In accordance with PIPA Article 17, we use your personal information only for the following specified purposes:

1. To provide search, favourite, compare, and inquiry features
2. To forward your inquiries to Joyhome (the licensed broker) so they can reply
3. To send service notifications, new-listing alerts, and customer-service responses via email
4. To respond to your questions and support requests
5. To analyse service quality and improve features (using de-identified data)
6. To prevent fraud, abuse, or violations of our Terms of Service
7. To comply with laws and respond to lawful requests by authorities

Any use beyond the above purposes requires your prior consent.

The Service depends on the following third-party processors. We share information with them only to the extent necessary:

Joyhome (licensed real estate broker)

• Shared: your name, contact details, inquiry content, listings of interest
• Purpose: to complete real estate brokerage (viewing arrangements, contract signing)
• Legal basis: performance of the service agreement between you and us

Infrastructure providers

• Supabase (database, authentication, storage) — United States / data hosted in designated region
• Vercel (web hosting) — United States / global edge network
• Resend (email delivery) — United States
• Google (Maps API, Analytics) — United States / location varies by user

All providers have signed Data Processing Agreements (DPA) and comply with applicable security standards. We do not sell, rent, or use your personal information for unrelated marketing.

• Account data: duration of account + 1 year after closure (regulatory retention requirement)
• Inquiry records: 5 years (real-estate brokerage record-keeping)
• Access logs: 12 months
• Personal identifiers after account closure: anonymised or deleted

Retention periods required by law override the above.

Under PIPA Articles 33–35 you have the following rights regarding your personal information:

1. Right of disclosure: ask us what information we hold about you
2. Right of correction: have inaccurate information corrected
3. Right of deletion: have information deleted when legally permitted
4. Right to halt use: ask us to stop using your information
5. Right to halt sharing: ask us to stop sharing with third parties

You can exercise these rights via the contact details in the "Contact" section below. We will respond within a reasonable period (typically 30 days).

There is no fee for exercising your rights. However, if you submit the same kind of request unreasonably often (e.g. more than 3 disclosure requests in 1 year), we may charge actual costs.

We use cookies and similar technologies to provide a better experience:

Essential cookies (no consent required)

• Session maintenance (login state, CSRF protection)
• Language preference (zh-CN / zh-TW / en)

Analytics cookies (consent required)

• Vercel Analytics — page-view statistics (de-identified)
• Error monitoring (Sentry) — collected only when errors occur

You can decline cookies via your browser settings. Declining essential cookies may break login, favourites, and other features.

• All data in transit is encrypted with HTTPS / TLS
• Passwords are stored using bcrypt or equivalent (we do not see plaintext passwords)
• Our PostgreSQL database uses Row-Level Security (RLS) for row-level access control
• Staff access to personal information is authorised and logged
• Periodic security audits and vulnerability scans

We make reasonable efforts to protect your information, but no online system can guarantee 100% security. In the event of a data breach, we will report to the regulator and notify affected users in accordance with PIPA Article 26.

The Service is intended for users aged 18 and over. We do not knowingly collect personal information from minors under 18. If a guardian discovers that a minor has used the Service without consent, please contact us to delete the data.

Because we use overseas cloud services (Supabase / Vercel / Resend, etc.), your personal information may be transferred outside Japan (primarily the United States). We have signed Standard Contractual Clauses (SCC) or equivalent safeguards with all such providers.

This policy may be updated from time to time. Material changes (e.g. new categories of collection, new third-party recipients) will be notified by email or via a prominent notice on the site. Continued use of the Service after such notice constitutes acceptance.

For questions about this policy, personal-information matters, or to exercise your rights, please contact:

Operator

Hirosei (corporate name pending registration)

Responsible party

Personal Information Protection Manager (TBD)

Email

privacy@settletokyo.com (pending activation)

Hours

Weekdays 10:00 – 17:00 (JST)

⚠️ The above contact details are placeholders pending company registration. If you are not satisfied with our response, you can complain to the Personal Information Protection Commission (PPC) of Japan: https://www.ppc.go.jp/