Privacy Policy

Brain Power Solutions Inc. (doing business as HimitsuBako) respects your privacy and is committed to processing your information securely in accordance with the principles outlined below. This Privacy Policy explains the information we collect, the purposes for which it is collected, how we use and share that information, your rights regarding your information, and how you can contact us if you have any questions.

Overview of the Privacy Policy

This is an overview of our Privacy Policy. To read the full framework regarding the handling of personal information, please scroll down.

Scope of this Privacy Policy

This Privacy Policy is intended to explain the following:

  • The types of personal information we collect and use, and how we collect it
  • When and with whom we share your personal information
  • Your choices regarding the collection, use, and sharing of personal information
  • How to access and update your personal information

What Is Personal Information?

When we provide services to you, we may collect information about you, including information that constitutes personal information. “Personal information” means data that can be used to identify an individual. This Policy describes the collection, protection, use, retention, disclosure, and other processing of personal information, as well as your rights in relation to these activities.

Personal Information We Collect and How We Collect It

We collect personal information in the following cases:

  • When you provide it to us
  • When it is collected automatically
  • When we receive it from third parties

You provide personal information to us when you create an account on our website or register to receive offers or information. In addition, when you visit our website, we may collect similar personal information through automated technologies such as cookies placed in your browser, where applicable, with your consent.

How We Share Personal Information

We share information with trusted third parties to operate and improve our services and website. Details on how we share personal information are described in the full framework regarding the handling of personal information below.

Your Rights and Choices

You can exercise your data protection rights in various ways. For example, you can stop receiving marketing communications by clicking the “Unsubscribe” link in an email, changing the relevant account settings, or contacting Brain Power Solutions Inc. at privacy@himitsubako.jp. Further details about available options and your data protection rights and choices are described in our notice regarding the handling of personal information.

We recognize the importance of protecting personal information and will manage and operate it appropriately.

We have been awarded the PrivacyMark certification by the Japan Information Processing and Development Center (JIPDEC).

How to Contact Us

If you have any questions or requests regarding the handling of personal information, please contact us using the information below.

Company NameBrain Power Solutions Inc.
Address4-2-20 Tenjin, Chuo-ku, Fukuoka City, Fukuoka 810-0001, Japan
Tenzin Saiwai Building
Contactprivacy@himitsubako.jp
Contact Form LinkHimitsuBako Contact Form

Handling of Personal Information

1. Introduction


Purpose of this Framework for Handling Personal Information

This framework regarding the handling of personal information explains the information we collect, how we use and share it, and how you can exercise your rights in connection with our service website (https://web.himitsubako.jp) and related applications and services (http://himitsubako.jp/) (collectively, the “Services”).

The Services are operated (unless otherwise stated) by Brain Power Solutions Inc., doing business as HimitsuBako (the “Services,” “our Services”). Please also read our Terms of Use, which set forth the terms and conditions applicable to the Services.


Scope of this Framework

HimitsuBako processes your information both for its own business purposes (as a “controller”) and in providing services to corporate customers (as a “processor”). This framework regarding the handling of personal information applies, unless otherwise stated, where HimitsuBako is the controller of your personal data. Where we provide our Services based on a contract with an organization (e.g., your employer), that organization is the controller of your information processed through the Services. Information processed in connection with services provided to organizations is referred to as “Customer Data.” For details, please refer to our “End User Notice,” which describes our privacy practices in our capacity as a data processor. This framework does not apply to the extent that we process your information as a processor on behalf of such organization.

In some cases, we may cooperate with other companies, affiliates, and/or third-party organizations to operate the Services for you and our customers.


Definition of “What Is Personal Information?”

When we provide services to you, we may collect information about you, including information that constitutes personal information. “Personal information” means data that can be used to identify an individual.


Our Privacy Practices for the Services and the Operating Company

HimitsuBako is an IT service operated by a company headquartered in Fukuoka, Japan. As the controller of your personal information, we place importance on handling it appropriately and fulfilling our accountability obligations.

If you have any questions about how we handle personal information or about this framework regarding the handling of personal information, please contact us using the contact details provided in “How to Contact Us.”


Who This Applies To

We collect information about the following three types of users: individuals, business account owners, and business end users.


  • Individuals: visitors to our website, people who engage with our content or marketing, and people who use the Services directly with a personal or family account. This framework regarding the handling of personal information applies to your information.
  • Business account owners and administrators: people who represent organizations that use the HimitsuBako Services through a business account. We collect and use contact information as described in this Privacy Policy.
  • Business end users: people who use the Services provided through an organization’s business account. For business end users, use of the Services is governed by your organization’s privacy policy. For details, please review the End User Notice.

2. Types of Information We Collect

Information We Collect About You

We collect information about you in the following ways:
(1) information you provide to us directly
(2) data you store on the Services
(3) information collected automatically in connection with the provision and operation of the Services
We may also obtain information from trusted third parties as necessary.

(1) Information You Provide

Account Registration Information

When you register to use the Services and set up your account, we collect the following information:

  • Name
  • Email address
  • Organization name
  • Phone number
  • Other information you choose to provide

Contact Information and Communications

We collect and record your contact information and communications with us in connection with inquiries, feedback, survey responses, event participation, and similar interactions.

This may include:
name, email address, address, phone number, job title, company name, company size, survey responses, participation history, services you expressed interest in, etc.

(2) Data You Store (Customer Data / Secure Data)

You may store any information on the Services (the “Secure Data”). Secure Data includes text information you enter or upload, attachments, and any other information you store on the Services. All rights in Secure Data belong to you, and we do not claim any rights to such Secure Data except to the extent necessary to provide and maintain the Services, ensure security, and comply with applicable laws and regulations. Secure Data is encrypted using encryption keys managed by you or an account administrator designated by you, and we do not retain such encryption keys. Due to the current technical design of the Services, we do not have any means to decrypt Secure Data or access or view it in a readable form, and we do not receive Secure Data in an unencrypted state. However, we may take necessary actions to the extent required if we receive a legally valid request for disclosure, or if you explicitly request data export or other processing through the functions of the Services.

(3) Information Collected in Connection with Use of the Services (Service Data)


To provide, maintain, improve the Services, and provide technical support, we collect or generate the following information (the “Service Data”).

(Definition of Service Data)

Service Data means information that we collect or generate in the course of providing, operating, and managing the HimitsuBako Services and related technical support, and does not include Secure Data stored by customers in the vault.
Service Data includes, but is not limited to, the following information.


Usage and Technical Information

To understand usage of the Services and ensure stable operation, we collect the following information:

  • Log information
  • Device information
  • IP address
  • Cookies and other identifiers


Account-Related Information and Metadata

For account creation, management, and security, we collect the following information:

  • Account settings information (e.g., name, email address, vault name, location)
  • Profile information (including profile images)
  • Identifiers for devices you use and information about trusted devices or browsers
  • Information about a family account (e.g., family name, information about invited users), where applicable

Payment Information

To process payments for service fees, we use third-party payment processors that comply with PCI DSS.

We handle payment methods, card information, and billing information through such processors. Where required by law, we also retain records related to contracts, invoicing, payments, refunds, taxes, and other billing-related operations.



Support Data and Communication Records

For customer support and service operations, we collect and record communications with you and related information.

This includes:

  • Inquiry details and communication records (including email, phone, website, chatbots, social media, etc.)
  • Problem descriptions, summaries, and technical information necessary to respond
  • Related materials necessary to provide support

If you use chatbots or other automated communication tools, those tools may collect and record communications.

We may provide this information to service providers as necessary for support delivery, service improvements, summary generation, and internal operations.



Information Obtained Through Participation in Events and Programs

When you participate in webinars, training sessions, contests, surveys, whitepaper downloads, or other events or programs, we may collect the following information from you:

  • Name
  • Contact information
  • Company name and organization information
  • Location
  • Other identifying information, including information about your employer


Information Automatically Collected When You Use the Services

When you use our Services (including browsing our website and performing certain actions within the Services), we collect information about you. As described below, we may request permission before collecting information automatically.

Diagnostic data is data we collect to protect, maintain, and improve our Services. Diagnostic data may include the following information:

Technical Usage Information

When you access or use the Services, we collect information from your browser or device as technical usage information. This may include information about your device, applications, operating system, cookies, server logs, IP address, location information, analytics, software errors and crash data, authentication details, quality and performance metrics, and other technical details necessary to operate and maintain our Services. In some cases, we may ask you to provide diagnostic reports or other information necessary to identify and resolve issues with our Services. This information is submitted on a case-by-case basis, or only by users who choose to participate in our beta software program or who explicitly opt to send diagnostic data.

Account Settings

When you register for our Services, we collect information related to your account settings. For example, based on your location at the time of account creation (e.g., your country), we record the hosting setting you select. We also collect information about your vault settings, including the number of vaults, the number and types of items in a vault, the users who have access permissions, and the dates, times, and locations of access to a vault.

Service Usage Information

With your permission, and in a privacy-protective manner, we collect information about how you and your systems use our website and Services. This helps us understand service performance, improve your experience, and keep everything running smoothly. This may include information about interactions with applications, websites, browsers, and extensions—for example, pages viewed, features used, and time spent in different areas of the Services. It may also include data from automated or system-initiated activities such as service account usage, API calls, and command-line operations. We may also collect information about how our systems responded to these actions, such as performance, latency, and error events. In some cases, Service Usage Information may overlap with limited Technical Usage Information. We may also use aggregated or anonymized usage information to understand usage trends, improve service reliability, customize communications to you based on your interactions with the Services, and support service adoption and development.

Information We Receive from Other Sources

We receive information about you from other users of the Services, third-party services, affiliates, marketing platforms, public databases, and business partners. We may combine this information with information collected through other means described above. This helps us update and improve our records, identify new customers, deliver advertisements, and suggest services that may be relevant to your interests. We receive information from the following sources:

Brain Power Solutions Inc.

We receive information about you from our affiliates in accordance with their terms and policies.

Integrated Services

If an organization uses a SaaS management service, administrators may choose to connect with third-party services (which we refer to as “Integrated Services”). When an Integrated Service is connected, we may receive information such as name, email address, username, account status, job title, and other user-related metadata, depending on what that service provides. This data is collected and processed on behalf of the organization and is obtained only when an administrator explicitly approves the connection or manually imports user data. The scope of information shared with us is determined by the Integrated Service settings and the organization’s configuration choices. In addition to enhancing core functionality, this information may be used to better understand HimitsuBako usage within the organization, enabling customized onboarding, effective troubleshooting, and relevant recommendations, including information about appropriate additional features and services. Administrators can view, update, or disconnect integrations at any time in account settings. We recommend reviewing the applicable privacy settings and policies of each Integrated Service to understand what data may be shared with HimitsuBako.

Cookies and Other Technologies

HimitsuBako and our marketing partners use cookies and other tracking technologies to collect information about interactions with our website and Services for essential functions, functionality, analytics, and advertising purposes. For details, please see our Cookie Policy, which includes information on how to control these cookies and tracking technologies and how to opt out.

HimitsuBako Partner Network

We work with channel partners, technology partners, system integrators, and hyperscalers that provide consulting, implementation, training, and other services related to the Services. Some of these partners also assist with marketing and promotion of our Services, lead generation, and resale. We may receive information from these partners such as billing information, contact information for billing and technical representatives, company name, services you have purchased or may be interested in, evaluation information you provided, events you attended, your region or country, and other service data.

3. Purposes of Use

Purposes of use:

Store information in a way that the service operator cannot view it

(We adopt end-to-end encryption so that user data cannot be decrypted on the server side.)

More than just password management

  • Service provision
  • Account management
  • Maintaining security
  • Customer support
  • Billing and payments
  • Service improvement
  • Legal compliance

We use the information we collect for the following purposes:

To Provide the Services to You

We use your information to create your account so that you can create and store passwords, passkeys, and other information in your vault. We use your information to provide a robust customer experience, including troubleshooting and support services. In particular, we use your information to provide insights, usage reports, and other information related to your account and use of our Services. We use your contact and billing information to process and receive payments for our Services.

To Support and Communicate with You

We use your contact information to provide urgent and proactive service notices, service updates, scheduling of calls, and marketing and promotion of the Services and other commercial offerings. These communications are provided via email, postal mail, telephone, or system notifications, based on your permissions where required. We also use the information we collect or receive to provide support services in response to your questions and requests for information. Depending on your request, we may use collected information about your use of our Services to troubleshoot the subject of your inquiry.

Communications with you may be used for training and quality assurance (e.g., understanding and managing the volume of incoming requests, ensuring the quality and accuracy of responses provided, and dispute resolution). We use automated technologies to analyze communications to improve the support experience. For example, we may use chatbots and other automated technologies to identify the subject of your request, suggest articles or content to help respond, and collect feedback from you.

Marketing Our Services

We use information about your use of our website and Services—such as the services and features you used, training you attended, content you requested, promotions you engaged with, and browsing activity—to optimize advertising delivery and measure the effectiveness of our marketing initiatives. Our Cookie Policy further explains how we use cookies and similar tracking technologies to market our Services.

To Operate and Improve Our Services

We use information about you that we collect or receive to conduct research, study the Services, and measure the effectiveness of training programs and the Services. We may use third-party services to assist us in collecting or analyzing data about you. We also develop insights about how our Services are used using aggregated data or other data that does not identify individuals.

To Protect Our Services

We use information about you that we collect or receive to enforce our Terms of Use, prevent, detect, and investigate fraud, combat spam, control access to the Services, and monitor, enhance, and improve the security of the Services we provide.

To Comply with Legal Obligations

We use information about you that we collect or receive to protect the rights and interests of us and our users, to defend ourselves, and to respond to requests from law enforcement, other legal authorities, and requests made as part of legal proceedings. We also use collected information to comply with laws and requirements related to security and counter-terrorism, anti-bribery, customs and immigration, and other due diligence matters.

Legal Basis

Depending on your region, our legal basis for collecting and using personal data as described in this notice may vary depending on the type of personal data and the specific circumstances in which it is collected. In some cases, we may rely on more than one legal basis to process your data. For example, our legal bases for processing your personal data include:

  • Performance of our contract with you (including providing and maintaining our Services). To provide, improve, and protect our Services, we need to process your contact information, Secure Data, Service Data, and Diagnostic Data.
  • Pursuit of our legitimate interests. We process your contact information, Service Data, and Diagnostic Data to develop and train new technologies, analyze and improve existing Services, and customize content used for marketing purposes. If we or our customers (e.g., your employer) use your information based on legitimate interests, you have the right to object to such use; however, in some cases this may mean you cannot continue using the Services.
  • Your consent—for example, where you allow the use of location information or the use of non-essential cookies and similar technologies. Where we process information based on your consent, you can withdraw your consent at any time, although this may not affect processing already carried out.
  • Compliance with legal obligations, including responding to lawful requests by public authorities (including requests related to national security or law enforcement), and establishing, exercising, or defending legal claims in litigation, arbitration, or similar legal proceedings.

We take reasonable measures to ensure that the information we collect is reliable, accurate, complete, and up to date in light of the purposes for which it is used. If you would like more information about the specific legal basis we rely on to process data for a particular purpose (including our legitimate interests in processing such information), please contact us using the method described in “How to Contact Us.”

How We Share Information

We share your personal information as described below and in this notice, and to the extent permitted by applicable law.

Brain Power Solutions Inc.

We may share your information within Brain Power Solutions Inc. and, in some cases, with future affiliates, for the purposes of operating and improving related services and marketing to you. This includes affiliates that we own, operate, or support in order to provide the Services. Unless otherwise notified, information shared with affiliates will also be subject to this notice.

Account Administrators

Our Services allow an account to be created on behalf of another person through a family account. A person who creates an account on behalf of someone else is referred to as an “Account Administrator.” If you are invited to an account not created by you, we share certain information about you and your use of the Services that we collect with the Account Administrator. For example, we may share invite acceptance status, last login date and time, number of devices signed in, number of items in the vault (including private vaults), whether two-factor authentication is enabled, and other analytics data configured by the Account Administrator.

Third Parties You Designate

We may share your information with other HimitsuBako users, invited guests, or other third parties that you approve or consent to. For example, when you invite a guest to access your vault or invite someone to your family account.

Business Account Administrators

If you register for the Services using an email domain owned by our corporate customer, we may share your contact information (including limited technical information) with the Business Account Administrator who requested your participation under a separate contract—for example, to invite you to join a HimitsuBako Business account or to allow the administrator to manage access controls for approved Services when switching between a personal account and a company-managed account.

Service Providers

We share information with third parties in connection with providing the Services to you and operating our business. These third-party service providers are obligated to protect the information we share and may not use personally identifiable information for any purpose other than the services they provide under contract. They are also not permitted to use the information we share for their own direct marketing purposes (unless you separately consent under the terms established by such third party).

Marketing Partners

We may disclose your information to third-party marketing services that help us advertise the Services to you. This may be considered a “sale” or “sharing” of personal information under applicable privacy laws. Depending on where you live, you may have the right to opt out of sharing information for this purpose. For details on the use of tracking technologies for targeted advertising, please see our Cookie Policy.

Legal Obligations

We may disclose your information and related records where necessary to enforce our Terms of Use, to satisfy tax or other regulatory reporting requirements (including payment of certain taxes in connection with payment processing), or where disclosure is permitted by applicable law (or where we in good faith determine that disclosure is necessary), such as in response to subpoenas or other legal requests, in connection with actual or anticipated litigation, or to protect our rights or interests.

In accordance with applicable law and our contract with you, we may provide Service Data and encrypted Secure Data to law enforcement authorities. Where permitted, we will notify you whether we have received such a request and whether we can respond to it. Because your Secure Data remains encrypted with keys we do not hold, we can provide Secure Data only in encrypted form.

Corporate Transactions

We may share your personal information in connection with any anticipated or actual corporate transaction, such as a sale of business, merger, consolidation, transfer, or sale of assets, or in the event of bankruptcy. If an acquisition occurs, we will notify the acquirer that your information may only be used for the purposes disclosed in this notice.


4. Data Retention Period

  • Retained while you are using the Services
  • Deleted after cancellation following a certain period
  • Retained as required by law
  • Securely protect your information

We recognize and fulfill our responsibility to protect your information. We adopt strict access-control mechanisms such as network segmentation and encryption to ensure that only authorized personnel can access your information. For details on how HimitsuBako protects your Secure Data, please see the relevant information provided by us.

Retention and Deletion

We retain your personal information for as long as necessary to achieve the purposes described in this notice, unless a longer retention period is required or permitted by law, or you instruct us to delete the information. If we use personal information for analytics purposes or long-term trend analysis, we will anonymize, aggregate, delete, or otherwise mask such information. Copies of information that you update, correct, or delete may remain in our systems for a certain period, and we may retain copies of such information as part of our business records.

5. Disclosure to Third Parties and Outsourcing


We appropriately create and retain records regarding the handling of personal data and do not provide users’ personal data to third parties except as set forth below.


(1) Disclosure to Contractors (Outsourcing)

To the extent necessary to provide and operate the Services, we may outsource the handling of personal data to external contractors.

Examples of principal contractors include:

  • Cloud infrastructure providers
  • Payment processing providers
  • Email delivery service providers
  • Customer support service providers

When selecting contractors, we evaluate their security standards and personal data protection systems and require appropriate security measures and confidentiality obligations by contract.

After outsourcing, we conduct audits and evaluations periodically or as necessary and provide necessary and appropriate supervision.



(2) Disclosure to Third Parties

We may provide personal data to third parties only in the following cases:

  • With the user’s consent
  • When required by applicable law
  • When it is necessary to protect a person’s life, body, or property and it is difficult to obtain the person’s consent
  • When it is particularly necessary for improving public health or promoting the sound growth of children
  • When it is necessary to cooperate with a national agency or local government in carrying out duties prescribed by law


(3) Cross-Border Transfers

In connection with providing the Services, we may provide or outsource the processing of personal data to third parties or contractors located outside Japan.

In such cases, we will implement one of the following appropriate safeguards in accordance with applicable laws (including the GDPR):

  • Transfer to a country or region recognized as providing an adequate level of protection by the European Commission
  • Execution of appropriate safeguards such as Standard Contractual Clauses (SCCs)
  • Adoption of other appropriate transfer mechanisms permitted by law

We also strive to understand the personal data protection regime and security measures in the destination and to take any additional measures as necessary.


(4) Transfers Due to Business Succession

If our business is succeeded due to a merger, company split, business transfer, or other event, personal data may be transferred as part of such succession.

In such cases, we will require the successor to handle personal data at a level equivalent to this Policy and to be subject to ongoing oversight (audits and evaluations).


6. International Data Transfers

  • Explanation when using overseas servers/contractors
  • Safeguards such as SCCs
  • Notice to users
  • International data transfers

Secure Data is hosted in the location selected by the individual or corporate customer (currently Japan, depending on the country), except where a user uses the item-sharing feature. In that case, while an item is being shared, the data is stored in Japan.

Service Data, Diagnostic Data, and other information we process may be accessed, processed, or transferred from countries other than your country of residence or the country where the data is hosted. Our employees may access your information from various countries around the world, and those countries may have data protection laws that differ from the laws of your country.

Our customer support and email services are primarily hosted in the United States and Canada. Information sent to us via email or through customer support systems may be transmitted through and stored by multiple intermediary services. If you wish, you can encrypt emails to us using our PGP public key.

We implement appropriate measures and safeguards to ensure that access to, processing of, or transfers of your information are protected in accordance with this Privacy Notice and applicable data protection laws. These measures are intended to provide protection for your data that is equivalent to or greater than the level of protection provided under comparable local laws in your country, regardless of where your data is accessed, processed, or transferred from.

These measures include:

  • European Commission adequacy decisions: decisions confirming that a country outside the European Union provides an adequate level of data protection (under consideration).
  • We ensure that third-party partners, vendors, and service providers receiving international data transfers have appropriate mechanisms in place to protect your personal information. For example, our contracts with such third parties include strict data transfer provisions (including, where applicable, model clauses for restricted transfers to third countries issued by the European Commission or the United Kingdom), which obligate all contracting parties to protect personal information processed in accordance with applicable data protection laws. Where applicable, we may also require certification under approved privacy frameworks established by the European Commission, or include provisions applying Binding Corporate Rules (BCR) to service providers.
  • To ensure compliance with laws related to data transfers, we conduct regular risk assessments and implement various technical and organizational measures.

Your Rights and Choices

Depending on your jurisdiction, you may have certain rights and choices regarding your information. Below we describe your rights and how to exercise them:

  • Access to information. You may request confirmation as to whether we process your personal information, receive details about such processing, and access much of the information you provided when you logged into your account. To request access, please contact us using the method described in the “How to Contact Us” section.
  • Correction of information. You can update information from the settings screen and change what you have provided through your account. To edit personal information, please access the profile page in your account settings. You may also contact us to request correction or updates using the method described in the “How to Contact Us” section.
  • Download your information. We want you to be satisfied—we are not trying to lock you in. We do not restrict your access to your own data. However, we cannot decrypt your Secure Data; decryption requires your account password and private key. You can export a copy of your Secure Data from your HimitsuBako account.
  • Owners of individual and family accounts have the right to instruct us to delete data completely from our systems and backups. To ensure that data is not deleted without the account holder’s consent, you must first delete your account through an authenticated session. After account deletion, the account owner may contact us to request data erasure. Once the request is authenticated, we will begin deleting your information from active systems. If you would like permanent deletion of personal information, please contact us using the method described in the “How to Contact Us” section. Please note that we may retain some of your information in accordance with our retention policies or until it is overwritten.
  • Objection to certain uses. Where we process personal information based on our legitimate interests, you may object unless we have compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where processing is necessary for the establishment, exercise, or defense of legal claims. In some cases, objecting to our use of your information may mean you cannot continue using the Services. To exercise this right, please contact us using the method described in the “How to Contact Us” section of this Privacy Notice.

Restriction of Use of Information

In certain circumstances (e.g., if you want to contest the accuracy of data), you may request that we restrict the processing of personal information. You may also request that your account be frozen at any time by contacting us using the method described in the “How to Contact Us” section of this Privacy Notice. Once an account is frozen, you will not be able to provide ongoing or future data related to that account.

Withdrawal of consent. If our processing is based on consent you previously provided, you may withdraw your consent. In certain cases, we may continue processing your information after withdrawal where there is another legal basis or where your withdrawal is limited to certain processing activities. For example, you may withdraw consent for the collection of product usage information. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Managing communications from us. You can change your communication settings at any time by clicking here. You can also unsubscribe from our marketing emails directly via the link in the email body. For sales and marketing calls, you can tell us during the call or contact us using the method described in the “How to Contact Us” section and we will stop. Please note that you cannot opt out of important notices regarding account management or privacy.

Cookie settings. For certain cookies set through our website, you can opt out through the consent banner or your browser settings. For details, please see our Cookie Policy.

Complaints. If you have concerns about our handling of your information, please first contact us using the method described in the “How to Contact Us” section. We respond to all requests received from individuals seeking to exercise their data protection or privacy rights under applicable data protection laws. To respond to your request safely and efficiently, we may ask you to verify your identity. Depending on the laws of your region, you may be able to appeal decisions related to your rights. Depending on where you live, you may also have the right under the GDPR and other applicable laws to lodge a complaint with a data protection authority regarding the collection and use of your personal data. Where you have the right to object to a decision not to respond to your request, we will describe the procedure in our response. (e.g., insert inquiry email address here)

If you use the HimitsuBako Services through an account provided by your employer or organization, please contact your organization. We provide administrative tools to support corporate customers in responding to data subject requests.

7. Security Measures

To protect users’ personal data, we implement organizational, human, physical, and technical security measures based on applicable laws and industry standards.

(1) Technical Safeguards

1. Encryption

We protect data at rest and data in transit using appropriate encryption technologies.

Depending on the nature of the Services, we may adopt technologies such as end-to-end encryption for users’ confidential information.

2. Protection of Communications

Our Services are protected by encrypted communications such as TLS.

3. Zero-Knowledge Design

We may adopt a design (a “zero-knowledge model”) in which we do not retain users’ master keys or information necessary for decryption.

(2) Access Control

Access to personal data is limited to the extent necessary for business operations and is strictly managed under appropriate authentication and authorization controls.

(3) Operational Safeguards

1. Incident Response

If a security incident occurs, we will respond appropriately in accordance with applicable law and notify users as necessary.

2. Contractor Management

When outsourcing the handling of personal data, we appropriately select contractors and provide necessary and appropriate oversight.

8. Cookies / Tracking Technologies

We use cookies and other tracking technologies to provide and improve the Services.

(1) Essential Cookies

These are essential for providing the Services and are used for login authentication, session management, maintaining security, etc.

These may not be able to be disabled.


(2) Functional Improvement / Analytics Cookies

These are used to analyze usage of the Services and improve functionality.

This may include analytics tools and similar services.


(3) Opt Out

Users can limit or refuse the use of cookies by changing browser settings or using methods provided by us.

However, doing so may make some features of the Services unavailable.


(4) More Information

For details about cookies and tracking technologies, please refer to our Cookie Policy.

9. User Rights

Requests for Disclosure, etc.

Under the Act on the Protection of Personal Information, users may make the following requests regarding their personal data held by us:

  • Notification of the purpose of use
  • Disclosure of personal data
  • Disclosure of records of third-party provision

Upon receiving a request, we will verify the requester’s identity and respond without delay in accordance with applicable law.


Correction, Addition, or Deletion

If the content of a user’s personal data is not accurate, the user may request that we correct, add to, or delete such personal data.

We will conduct necessary investigations and respond within a reasonable scope based on the results.


Requests to Stop Use, etc.

In the following cases, users may request that we stop using, delete, or stop providing personal data to third parties:

  • When the personal data is handled beyond the scope of the stated purposes of use
  • When the personal data was obtained by improper means
  • When the personal data is handled in violation of applicable law

If we determine that the request has merit, we will take necessary measures without delay.


How to Make a Request

The above requests must be made using the methods designated by us.

When making a request, we may ask you to submit identity verification documents or to authenticate your account.

Depending on the content of the request, we may charge a fee within the scope permitted by law.


Exceptions

We may not be able to comply with all or part of a request in the following cases:

  • When it may violate applicable law
  • When it may harm the rights or interests of other users or third parties
  • When it may significantly hinder the proper conduct of our business operations

Contact Point

For inquiries regarding the handling of personal data and requests under this section, please contact the following:

Company NameBrain Power Solutions Inc.
Address4-2-20 Tenjin, Chuo-ku, Fukuoka City, Fukuoka 810-0001, Japan
Tenzin Saiwai Building
Contactprivacy@himitsubako.jp
Contact Form LinkHimitsuBako Contact Form

International Rights

Depending on applicable laws, we also support the following rights (where applicable):

  • Right to data portability
  • Right to request restriction of processing
  • Right to object
  • Right to withdraw consent

For how to exercise these rights, please contact the point listed above.


Data Portability

Users may request to obtain their personal data held by us in a structured, commonly used, and machine-readable format.


Withdrawal of Consent

Users may withdraw their consent to the handling of personal data at any time.

However, this does not affect the lawfulness of processing carried out before the withdrawal.

10. Use by Minors

  • Prohibited for children under 13
  • Deletion if collected in error

Consent for Minor Registration

Individuals under 13 years of age may not use the Services. Minors should use the Services with the consent of a parent or guardian. The administrator of a family (parental authority or legal guardian) account is responsible for ensuring appropriate permission when adding a person under 13 to an account.

11. Changes to This Privacy Policy

  • How we notify you of updates
  • Notice of material changes

Updates to This Privacy Notice

If we make changes to this Policy, we will notify you on this website. We reserve the right to modify this notice from time to time and will indicate the date of the last revision. Please check regularly if you need to review updates to this Privacy Notice. Important changes may be available on the news page of this website.

12. Contact

If you have any questions, concerns, or other inquiries regarding the handling of your personal information that we hold, please contact the HimitsuBako support desk or use the Contact Form. For questions regarding Brain Power Solutions Inc.’s efforts to protect personal information, please contact the point of contact below.

Company NameBrain Power Solutions Inc.
Address4-2-20 Tenjin, Chuo-ku, Fukuoka City, Fukuoka 810-0001, Japan
Tenzin Saiwai Building
Contactprivacy@himitsubako.jp
Contact Form LinkHimitsuBako Contact Form

We have been awarded the PrivacyMark certification by the Japan Information Processing and Development Center (JIPDEC) and operate a personal information protection management system.