Privacy Policy
プライバシーポリシー
Last updated: February 23, 2026
Introduction
STUDENT Inc. ("the Company," "we," "us," or "our") operates the AIS suite of AI creative services, including Giftframe, Skindraft, Hushloom, and Bedtale (collectively, "the Services"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Services.
By using the Services, you consent to the data practices described in this policy. If you do not agree with any part of this policy, please do not use our Services.
1. Information We Collect
We collect the following categories of information:
| Data Category | Examples | Purpose |
|---|---|---|
| Account Data | Email, display name, password hash | Account creation and authentication |
| Payment Data | Billing address, last 4 digits of card | Payment processing (via Stripe) |
| User Content | Photos, text prompts, preferences | AI content generation |
| Generated Content | AI-created images, audio, stories | Service delivery |
| Usage Data | Pages visited, features used, timestamps | Service improvement and analytics |
| Device Data | IP address, browser type, OS, device ID | Security and service optimization |
2. How We Use Your Information
We use the collected information for the following purposes:
- Providing, maintaining, and improving the Services
- Processing transactions and sending related information
- Personalizing your experience across our Services
- Communicating with you about updates, security alerts, and support
- Analyzing usage patterns to improve our AI models and user experience
- Detecting, preventing, and addressing fraud, abuse, or security issues
- Complying with legal obligations
We do not sell your personal information to third parties. We do not use your uploaded content to train our AI models without your explicit consent.
3. Third-Party Service Providers
We share data with the following categories of service providers:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform | Cloud infrastructure and hosting | All service data (encrypted) |
| Firebase | Authentication and database | Account data, user content |
| Stripe | Payment processing | Payment data only |
| OpenAI / Google AI | AI content generation | User prompts and preferences |
| Google Analytics | Usage analytics | Usage and device data |
All third-party providers are contractually obligated to protect your data and use it only for the specified purposes.
4. Data Retention
We retain your personal information as follows:
- Account data: Retained for the duration of your account plus 30 days after deletion request
- User content: Retained while your account is active. Deleted within 30 days of account deletion
- Generated content: Retained while your account is active unless you delete it earlier
- Payment data: Retained as required by tax and financial regulations (typically 7 years)
- Usage data: Aggregated and anonymized after 26 months
5. Data Security
We implement industry-standard security measures including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Regular security audits and penetration testing
- Access controls and least-privilege principles
- Secure development practices and code review
- Incident response procedures
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
6. European Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):
- Right to Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Request limitation of data processing
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Our legal bases for processing include: consent, contractual necessity, legitimate interests, and legal obligations. To exercise any of these rights, contact us at support@student.it.com.
7. California Users (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: What personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell personal information)
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To submit a CCPA request, contact us at support@student.it.com with the subject line "CCPA Request."
8. Japanese Users (個人情報保護法)
We comply with Japan's Act on the Protection of Personal Information (APPI). As a data handler (個人情報取扱事業者), we:
- Specify and publicly announce our purposes of data use
- Obtain consent before providing personal data to third parties (except as permitted by law)
- Implement appropriate security measures for personal data management
- Respond to requests for disclosure, correction, or deletion of personal data
- Comply with cross-border transfer requirements when transferring data outside Japan
For APPI-related requests, contact us at support@student.it.com.
9. Children's Privacy (COPPA)
Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.
Bedtale Service: While Bedtale creates children's stories, the service is intended to be used by parents or guardians on behalf of their children. We collect the parent's account information, not the child's. Character names and story preferences entered by parents are treated as parent-provided content.
If we discover that we have collected personal information from a child under 13 without proper consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected such information, please contact us immediately.
10. Cookie Policy
We use the following types of cookies and similar technologies:
- Essential Cookies: Required for basic site functionality (authentication, security). Cannot be disabled.
- Analytics Cookies: Help us understand how users interact with our Services (Google Analytics). Can be opted out.
- Preference Cookies: Remember your settings and preferences (language, theme). Can be disabled.
We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings.
11. International Data Transfers
Your data may be processed in countries outside your country of residence, primarily in Japan and the United States (for cloud services). We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) for EU data transfers
- Data processing agreements with all third-party service providers
- Compliance with applicable cross-border transfer frameworks
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email to registered users and/or by prominent notice on our website. We encourage you to review this policy periodically.
Contact Information
For privacy-related inquiries, data subject requests, or complaints, please contact us:
STUDENT Inc.
Email: support@student.it.com