Last updated: April 2026
This Privacy Policy ("Policy") is established by the operator of EatSafe ("we", "us") under the Act on the Protection of Personal Information ("PIPA") and other applicable laws to describe how we collect, use, transfer, and protect your personal information.
We collect (1) Account: email and name (optional) provided via Google/Apple sign-in (2) Food allergy and dietary information (including Special-Care Personal Information described below): allergens, severity, dietary restrictions, EpiPen status (3) Settings: country, language, card display (4) Payment-related: transaction info processed by Stripe (we do not store card numbers) (5) Usage: access logs, IP, user agent, usage patterns (6) Invitation-related: invitation code, consent timestamp, consent version.
Food allergies, intolerances, and EpiPen-carrier status constitute "Special-Care Personal Information" (medical history) under Japan’s Act on the Protection of Personal Information (PIPA). We obtain such information solely through the user’s own input into the Service. Third-party provision of Special-Care Personal Information (including disclosure to event organizers) is performed only with the user’s prior explicit consent in accordance with PIPA Article 27(2). The consent screen displays the recipient (organizer), the data items, the purpose of use, and the method to withdraw consent. Users may delete their information and stop sharing with organizers (withdraw from an event) at any time from account settings. Withdrawal takes effect prospectively only; information already obtained or recorded by an organizer (e.g., printed PDFs) is governed by that organizer’s own data-handling responsibilities (see Article 14).
We use personal information solely for (1) generating and displaying allergy cards and printed briefings (2) account, authentication, and payment management (3) invitation issuance, validation, participant management (4) Service operation, quality maintenance, troubleshooting (5) fraud prevention (including Stripe card-fingerprint matching to prevent free-event abuse) (6) compliance with legal obligations (7) sending important Service announcements. We do not use Special-Care Personal Information for service-improvement, analytics, advertising, or any other purpose.
We use the following third-party service providers to deliver the Service. Each provider is contractually bound to process personal data only within the specified purpose, refrain from improper use, implement appropriate technical and organizational safeguards, supervise employees, control sub-subprocessor selection, and refrain from further third-party transfers (1) Supabase (authentication, database, storage) (2) Stripe (payment processing, qualified invoicing) (3) Vercel (hosting, CDN, logs) (4) Google / Apple (OAuth sign-in) (5) Resend (transactional email, where applicable) (6) Sentry (error monitoring, where applicable). The up-to-date list of subprocessors, their locations, and primary processing activities is published on our "Subprocessors" page.
In connection with the third-party services above, we may transfer your personal data to third parties located in the following countries. Such transfer is conducted under PIPA Article 28; users consent to the transfer by accepting this Policy. [Destinations and major recipients] • United States: Stripe, Inc.; Vercel Inc.; Google LLC; Apple Inc.; Resend; Sentry • Singapore, EU, or United States: Supabase, Inc. (depending on project region) [Personal-data protection regimes] For an overview of each destination country’s personal-data protection regime, refer to the reference materials published by Japan’s Personal Information Protection Commission (https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku ). The United States does not have a comprehensive federal personal-data protection law and is regulated by state-level and sector-specific laws. [Safeguards] (a) Contracts with recipients incorporate Standard Contractual Clauses (SCC) approved by the European Commission or equivalent, including obligations to process within the specified purpose, implement safeguards, and prohibit further transfer. (b) We implement encryption in transit (TLS), encryption at rest, least-privilege access controls, and audit logging. (c) Recipient certifications (SOC 2 Type II, ISO 27001, etc.) are part of our selection criteria.
We implement reasonable and appropriate technical and organizational measures to prevent leakage, loss, or damage of personal data, including (1) encryption in transit (HTTPS/TLS) (2) database row-level security (RLS) (3) hashed storage of authentication credentials (4) appropriate supervision of employees and subprocessors (5) access logging and periodic auditing (6) reporting to the Personal Information Protection Commission and notification to data subjects in case of leakage (PIPA Article 26).
We use only cookies necessary for authentication and session management. We do not use tracking cookies, behavioral advertising cookies, or third-party advertising-network cookies.
Under PIPA you have the right to (1) request disclosure of retained personal data (Article 33) (2) request correction, addition, or deletion (Article 34) (3) request suspension of use or erasure (Article 35) (4) request suspension of third-party provision (Article 35) (5) data portability (electronic disclosure). Contact us at the address in Article 13 to exercise these rights. We will respond within a reasonable period after identity verification.
We retain personal data for the following periods (1) Account / allergen information: while the account is active, plus 30 days after account deletion. Deleted thereafter unless retention is required by law. (2) Event-related information (B2B): 90 days after the event-pass validity period ends (later of event-end + 30 days or purchase + 180 days). Deleted thereafter. (3) Payment records (including qualified invoices): retained for 7 years from the end of the relevant tax period under the Corporate Tax Act and Electronic Books Maintenance Act (5 or 7 years for sole proprietors). (4) Access logs / usage data: 12 months from collection. (5) Consent records: 5 years from acquisition (to evidence the validity of consent). Personal users can perform immediate self-deletion at any time via the "Delete account" button in account settings. Accounts with B2B event records (as participant or organizer) cannot self-delete immediately, to avoid disrupting the organizer's business operations (PDF reprints, aggregate views, etc.); please use the "Request account deletion" category in the feedback form. We will process the deletion within a reasonable period after the relevant event-pass retention window (per (2) above) expires.
The Service is intended only for users 18 years or older. We do not knowingly collect personal information from anyone under 18. We may ask for age confirmation at sign-up. If we learn that we have collected information from a person under 18, we will delete it promptly unless parental consent has been obtained. Where a B2B event includes minor participants, the organizer is responsible for obtaining parental consent for both Service use and the provision of Special-Care Personal Information to the organizer (see B2B Terms of Service).
We may amend this Policy when laws change, the Service evolves, or otherwise as we reasonably consider necessary. For material changes, we will notify users of the new content and effective date at least 30 days in advance via the Service or by email. Users who do not agree may discontinue use by deleting their account before the effective date. Continued use after the effective date constitutes acceptance.
For questions about this Policy, complaints regarding our handling of personal information, or requests for disclosure, contact us via the form or email address on our website. [Authorized Personal Information Protection Organization] We are not currently a member of any authorized personal information protection organization. Please contact us first using the address above. [Personal Information Protection Commission] For consultation regarding our handling of personal data, you may contact Japan’s Personal Information Protection Commission’s consultation hotline at +81-3-6457-9849 (https://www.ppc.go.jp ).
When you join the Service via a B2B event invitation link, the following information is disclosed to the organizer only after your explicit consent at the time of joining (1) registered allergens and severity (2) dietary restrictions (3) whether you carry an epinephrine auto-injector (4) card setup status. Because this is Special-Care Personal Information, it is provided only with prior explicit consent under PIPA Article 27(2). The organizer may use this information solely to coordinate and communicate dietary needs to restaurants visited during the event and to prepare for emergency response. Use for any other purpose (social media, commercial use, sale, disclosure beyond what is necessary for event operations, repurposing of printed records for insurance / HR / etc.) is prohibited (see Section 8 of the B2B Terms). Because the organizer processes the participant data under their own control, the organizer may qualify as a "personal information handling business" or processor under PIPA, and is independently responsible for legal obligations including safeguards, breach notification, retention limits, and prompt deletion. We are not responsible for the organizer’s handling of data after they have downloaded or printed it. If you do not wish to participate via the invitation link, you may decline at the consent screen and use the Service via standard personal account registration. After joining, you may withdraw at any time from account settings; thereafter the organizer can no longer view your information via the dashboard, but information already downloaded or printed by the organizer remains under that organizer’s control.
The legally binding version of this document is the Japanese version. Other language versions are provided for reference only. Personal information handled by the Service is governed by Japan's Act on the Protection of Personal Information (PIPA).