Privacy Policy
Last updated: 2026-04-02
1. Introduction
This Privacy Policy explains how Arigato ("we", "us", "our") collects, uses, stores, shares, and protects your personal information when you use the Arigato application ("the App"). We are committed to protecting your privacy and handling your data responsibly in accordance with applicable data protection laws, including Japan's Act on Protection of Personal Information (APPI) and, where applicable, the EU General Data Protection Regulation (GDPR).
2. Data Controller
The data controller responsible for your personal data is the operator of Arigato. For questions or requests regarding your data, contact us at: djcxr956@gmail.com
3. Information We Collect
3.1 Information You Provide
| Data | Purpose | Legal Basis |
|---|
| Name, email address | Account creation and authentication | Contract performance |
| Profile photo | User identification within the App | Contract performance |
| Languages spoken | Matching with compatible users | Contract performance |
| Chat messages and photos | Communication between matched users | Contract performance |
| Reviews and ratings | Trust and safety system | Legitimate interest |
| Payment information (via Stripe) | Processing payments and payouts | Contract performance |
3.2 Information Collected Automatically
| Data | Purpose | Legal Basis |
|---|
| Device location (GPS) | Showing nearby requests, navigation, matching | Consent |
| Device information (model, OS version) | App functionality, bug fixes, crash reporting | Legitimate interest |
| Push notification tokens | Sending notifications about requests and messages | Consent |
| App usage data | Analytics and service improvement | Legitimate interest |
| Crash logs and diagnostics | Identifying and fixing bugs via Firebase Crashlytics | Legitimate interest |
3.3 Information We Do NOT Collect
- We do not collect or store your full credit card numbers, bank account details, or other sensitive financial data. All payment data is processed directly by Stripe.
- We do not collect biometric data, government-issued ID numbers, or health information.
- We do not use cookies or web tracking technologies within the App.
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process personal data on the following legal bases:
- Contract performance: Processing necessary to fulfill our service agreement with you (e.g., account management, matching, payments).
- Consent: Processing based on your explicit consent (e.g., location sharing, push notifications). You may withdraw consent at any time.
- Legitimate interest: Processing necessary for our legitimate business interests (e.g., fraud prevention, service improvement, safety), balanced against your rights and interests.
- Legal obligation: Processing necessary to comply with applicable laws (e.g., financial regulations, law enforcement requests).
5. How We Use Your Information
- Matching: To connect travelers with nearby helpers based on location and language preferences.
- Navigation: To provide real-time location sharing and route guidance during Meet Up Help sessions (only with your explicit consent).
- Communication: To enable chat and auto-translation between matched users.
- Payments: To process payments from travelers to helpers via Stripe.
- Safety: To investigate reports, enforce our Terms of Service, detect fraud, and maintain a safe community.
- Improvement: To analyze usage patterns and improve the App using aggregated, non-personal data only.
- Crash reporting: To identify and fix technical issues using Firebase Crashlytics.
- Notifications: To send you relevant updates about help requests, messages, and important account information.
6. Location Data
Location data is central to the App's functionality:
- Help requests: Your approximate location is attached to requests so nearby helpers can see them. Before submitting a request, you will be asked to consent to sharing your approximate location.
- Activity heatmap: Your approximate location (rounded to ~1km precision) may be displayed as part of an aggregated activity heatmap visible to helpers. This heatmap shows general areas of traveler activity using a glow effect and does not reveal your exact location, identity, or individual position.
- Live location sharing: During Meet Up Help, real-time location is shared with your matched user only. This requires explicit opt-in consent and can be stopped at any time.
- Storage: Live location data is temporary and is deleted from our servers when the session ends or when you stop sharing.
- Background tracking: We do not track your location when you are not actively using the App. The App does not access location data in the background.
- Withdrawal: You can revoke location permissions at any time through your device settings. Note that some features may not function without location access.
7. Auto-Translation
Chat messages may be sent to Google Cloud Translation API for automatic translation. Messages are processed for translation purposes only and are not stored by the translation service beyond what is necessary to provide the translation. Translation requests are made via encrypted connections.
8. Payments
The App uses Stripe for payment processing. When you make a payment or set up a payout account:
- Payment information (credit card details, bank account) is collected and processed directly by Stripe in accordance with PCI DSS standards. We do not store your full payment details on our servers.
- Stripe may collect additional information for identity verification and fraud prevention in accordance with their own privacy policy.
- A 10% platform fee is deducted from completed help sessions. The remaining amount is transferred to the helper's Stripe Connect account.
- We store only minimal transaction records (transaction ID, amount, date, status) necessary for accounting and dispute resolution purposes.
- For more information, see Stripe's Privacy Policy.
9. Data Sharing
We do not sell, rent, or trade your personal information to third parties. We share data only in the following limited circumstances:
- With matched users: Your name, profile photo, languages, and (with consent) live location are visible to users you are matched with for the duration of a Help Session.
- Service providers: We use the following third-party services that process data on our behalf:
| Provider | Service | Data Processed |
|---|
| Firebase (Google) | Authentication, data storage, push notifications | Account data, messages, device tokens |
| Firebase Crashlytics (Google) | Crash reporting and diagnostics | Device info, crash logs |
| Google Cloud Translation | Chat message translation | Message text (not stored) |
| Stadia Maps | Map display and routing | Location coordinates (for map rendering) |
| Stripe | Payment processing | Payment and identity data |
- Legal requirements: We may disclose information if required by law, court order, or governmental authority, or to protect the safety, rights, or property of our users or the public.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.
10. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States (where Google and Stripe servers are located) and Japan (where we operate). When transferring data internationally:
- Japan has been recognized by the European Commission as providing an adequate level of data protection under the EU-Japan adequacy decision.
- For transfers to the United States, our service providers (Google, Stripe) maintain appropriate safeguards including Standard Contractual Clauses (SCCs) and data processing agreements.
- We ensure that all international transfers comply with applicable data protection laws.
11. Data Storage and Security
- Your data is stored on Firebase (Google Cloud) servers with data centers in multiple regions.
- We implement industry-standard security measures including:
- Encryption of data in transit (TLS/SSL) and at rest
- Firebase Security Rules restricting data access to authorized users only
- Access controls on Firebase Storage for profile photos
- Regular review of security practices and configurations
- While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
12. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion request, except as required by law.
- Chat messages: Retained for the duration of the help session and for up to 90 days afterward for dispute resolution purposes.
- Live location data: Deleted immediately when the session ends or when you stop sharing.
- Reviews: Retained as long as both the reviewer and reviewee accounts exist.
- Transaction records: Retained for up to 7 years as required by Japanese tax and commercial law.
- Crash logs: Retained for up to 90 days for debugging purposes.
- You may request deletion of your account and associated data at any time (see Section 13).
13. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
13.1 All Users
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and associated data.
- Withdraw consent: Withdraw consent for location sharing or push notifications at any time via device settings or the App.
- Data portability: Request your data in a structured, commonly used, machine-readable format.
13.2 Additional Rights for EEA/UK Users (GDPR)
- Restriction: Request restriction of processing of your personal data in certain circumstances.
- Objection: Object to processing based on legitimate interest.
- Automated decision-making: We do not make decisions based solely on automated processing that produce legal effects concerning you.
- Supervisory authority: You have the right to lodge a complaint with your local data protection supervisory authority.
13.3 Additional Rights for Japanese Users (APPI)
- You have the right to request disclosure, correction, suspension of use, or deletion of your personal information under the APPI.
- We will respond to APPI requests within a reasonable period in accordance with the law.
To exercise any of these rights, please contact us at: djcxr956@gmail.com. We will respond to your request within 30 days.
14. Children's Privacy
The App is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information as soon as possible. If you believe a child under 18 has provided us with personal information, please contact us immediately.
15. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify affected users without undue delay and within 72 hours of becoming aware of the breach (where required by GDPR).
- Notify the relevant data protection authority as required by applicable law.
- Provide information about the nature of the breach, the data affected, and the measures taken to address it.
16. Local Storage
The App may store data locally on your device for the following purposes:
- Authentication tokens: To keep you signed in between sessions.
- Map tile cache: To improve map loading performance and reduce data usage.
- App preferences: To remember your language and notification settings.
Local data can be cleared by uninstalling the App or clearing the App's data through your device settings.
17. Changes to This Policy
- We may update this Privacy Policy from time to time. The "Last updated" date at the top will be revised accordingly.
- For material changes, we will notify you through the App at least fourteen (14) days before the changes take effect.
- Continued use of the App after changes constitutes acceptance of the updated policy.
- If you do not agree with the changes, you should stop using the App and request deletion of your data.
18. Contact
If you have questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, please contact us at: djcxr956@gmail.com
We will endeavor to respond to all legitimate requests within 30 days. In some cases, we may need to verify your identity before processing your request.