Privacy Policy
Last updated: February 18, 2026
1. Introduction
Niatteru LLC ("we," "us," or "our") operates Hanashi, an AI-powered meeting assistant (the "Service"). This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our Service. We comply with Japan's Act on the Protection of Personal Information ("APPI") and other applicable data protection laws.
2. Data Controller
The entity responsible for your personal information is:
Niatteru LLC
Location: United States
Email: privacy@hanashi.ai
3. Types of Personal Data We Collect
3.1 Information You Provide
- Account Information: Email address, name, and password when you create an account
- Payment Information: Billing details processed securely by our payment provider, Stripe, Inc. (we do not store full card numbers)
- Audio Data: Audio you record using the Service
- Text Data: Transcripts and AI-generated summaries produced from your recordings
3.2 Information Collected Automatically
- Usage Data: Features used, recording duration, and interaction patterns (collected via PostHog, Inc. analytics)
- Website Analytics: Page views, referrer information, and approximate region (collected via Vercel Inc. analytics)
- Device Information: Operating system, app version, and device identifiers
- Log Data: Error logs and performance data
4. Purpose of Use
We use your personal information for the following purposes:
- Provide and maintain the Service
- Process your audio into transcripts and AI-generated summaries
- Process payments and manage subscriptions
- Send important service updates and communications
- Improve the Service based on usage patterns
- Detect and prevent fraud or abuse
- Comply with legal obligations
If we change the purposes for which we use your information, we will notify you and, where required, obtain your consent.
5. How We Process Your Audio and Text
Important: Your audio recordings are processed as follows:
- Cloud Transcription: Audio is sent through our backend servers to Deepgram, Inc. (United States), a speech recognition service, to generate text in real time. Audio is not permanently stored on Deepgram's servers.
- AI Summaries: Transcript text (not audio) is sent through our backend servers to Anthropic, PBC (United States), an AI service, to generate summaries.
- Local Storage: Recordings are stored locally on your Mac by default. Cloud sync is an optional feature.
We do not use your recordings or transcripts to train AI models without your explicit consent.
6. Third-Party Service Providers
We engage the following third-party service providers to help operate the Service. Where personal data processing is outsourced, we ensure appropriate oversight in accordance with APPI Article 25.
| Provider | Purpose | Location | Data Handled |
|---|---|---|---|
| Deepgram, Inc. | Audio transcription | United States | Audio data |
| Anthropic, PBC | AI summary generation | United States | Transcript text |
| Supabase, Inc. | Authentication and database | United States | Account information, metadata |
| Stripe, Inc. | Payment processing | United States | Payment information |
| PostHog, Inc. | Product analytics | United States | Usage data, device information |
| Vercel Inc. | Website hosting and analytics | United States | Access logs, page views |
We do not sell your personal information to any third parties.
7. Cross-Border Data Transfers
In accordance with APPI Article 28, we inform you that your personal data is transferred to servers and service providers located outside Japan, specifically in the United States.
7.1 Destination Country
Your personal data is transferred to the United States. All service providers listed in Section 6 above are located in the United States.
7.2 Data Protection in the United States
The United States does not have a comprehensive federal data protection law equivalent to Japan's APPI. However, data protection is addressed through sector-specific federal laws (such as the FTC Act) and state laws (such as the California Consumer Privacy Act).
7.3 Safeguards We Implement
We take the following measures to protect your personal data during cross-border transfers:
- Contractual agreements with data protection provisions with each service provider
- Encryption of data in transit and at rest (TLS/HTTPS)
- Real-time processing of audio data (no permanent storage on Deepgram servers)
- Local storage by default with optional cloud sync
- Regular review of service providers' security practices
8. Data Security
In accordance with APPI Article 23, we implement the following security measures to protect your personal data:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest for stored data
- Secure authentication and access controls
- Regular security audits and updates
- API communications routed through backend proxy (API keys managed server-side only)
9. Your Rights Under APPI
Under Japan's APPI, you have the following rights regarding your personal information:
- Notification of Purpose of Use (Article 32): You may request to be notified of the purpose for which we use your personal information.
- Disclosure (Article 33): You may request disclosure of the personal information we hold about you.
- Correction, Addition, or Deletion (Article 34): If your personal information is inaccurate, you may request correction, addition, or deletion.
- Cessation of Use or Erasure (Article 35): If your personal information is being handled beyond the stated purpose or was obtained improperly, you may request cessation of use or erasure.
- Cessation of Third-Party Provision (Article 35): If your personal information is being provided to third parties without your consent, you may request cessation of such provision.
- Data Portability: You may request to export your personal information in a commonly used, machine-readable format.
To exercise any of these rights, please contact us using the information in Section 15 below. We will verify your identity and respond within a reasonable time. We will not refuse a request without legitimate grounds.
10. Additional Jurisdictional Rights
10.1 California Residents
California residents have additional rights under the CCPA, including the right to know what personal information we collect and how it is used, the right to deletion, and the right to opt out of the sale of personal information (we do not sell personal information).
11. Cookies and Tracking Technologies
We use the following technologies to collect information:
- PostHog (Product Analytics): We use PostHog, Inc.'s analytics service to understand and improve how the Service is used. Data is stored in localStorage and sent to servers in the United States (us.i.posthog.com).
- Vercel Analytics (Web Analytics): We use Vercel Inc.'s analytics service to analyze website performance and usage.
12. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. You can delete your recordings at any time. When you delete your account, we delete your personal data within 30 days, except where we need to retain it for legal purposes.
13. Children's Privacy
The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.
15. Contact Us
If you have questions about this Privacy Policy, or wish to make a request regarding disclosure, correction, cessation of use, or any other right, please contact us at:
Niatteru LLC
Privacy Inquiries
Email: privacy@hanashi.ai
You may also file a complaint with Japan's Personal Information Protection Commission regarding our handling of personal information.