Privacy Policy

This Privacy Policy (the "Policy") describes how Masanori Iwata (Sole proprietor, "we" / the "Operator"), operating under the "Orumio" brand at orumio.com (the "Site"), handles the personal information and related information of visitors and pre-registrants ("users").

We operate the Site in compliance with the Act on the Protection of Personal Information of Japan ("APPI").

1. Scope

The Site consists of a single Orumio brand statement page (/) and validation landing pages ("validation LPs") that present hypotheses for new products. On validation LPs, we may collect pre-registration details (such as an email address) from interested users.

The Site is primarily intended for residents of Japan. We do not currently provide services that meet the personal-data-protection requirements of jurisdictions such as the EEA, the United Kingdom, or California, USA (e.g., a dedicated GDPR / CCPA rights window or a cookie consent banner). Residents of those regions are welcome to visit, but please understand that the Site is not offered as a compliant service for those regions.

Browsing the Site and pre-registering are intended for users aged 13 and older.

2. Operator (Business Information / Data Controller)

The Site is provided under the "Orumio" brand. The legal operator is:

• Operator: Masanori Iwata (Sole proprietor)
• Email: privacy@orumio.com
• Personal Information Protection Manager: Masanori Iwata
• Service brand: Orumio
• Data controller: The Operator above
• Address / phone: Provided promptly upon request by document or email, per Consumer Affairs Agency Specified Commercial Transactions Act Guidelines Q17. Please contact the email above to request.

3. Information We Collect

From the pre-registration form on validation LPs, we collect only:

• Email address
• Whether you opted in to follow-up contact
• First-touch referral parameters (such as UTM tags)
• Browser User-Agent string

The Site does not persistently store IP addresses.

When browsing pages other than the pre-registration form, we anonymously collect:

• Browse events (anonymous distinct_id, page, timestamp, referrer)
• Display-quality metrics (Web Vitals: LCP / FID / CLS / FCP / TTFB / INP)
• Technical information (browser / device info, cookie / SDK identifiers, language)

4. How We Collect

• User input (pre-registration form)
• Automatic collection during use (cookies, SDKs, logs)
• Optional inquiries

5. Purposes of Use

• Aggregation and analysis of validation signals
• Sending validation results or service-launch communications to those who consented
• Quality improvement of the Site (access analytics, error log analysis)
• Prevention of abuse / fraud and security
• Compliance with laws, protection of rights, dispute resolution

6. Cookies and Analytics

Analytics tools

• PostHog: We record event signals (page navigation, clicks) as you use the Site. With person_profiles: 'identified_only', anonymous visitors do not get a persisted profile (only an anonymous distinct_id is set). When you pre-register, we identify your distinct_id with your email address in PostHog.

Types of cookies

We use cookies for functionality and analytics. For specific cookie names, purposes, retention, and categories, please see the Cookie Policy.

7. Sharing with Third Parties

We engage third parties only as needed and with appropriate contracts and controls.

• Infrastructure: Vercel (hosting, Functions), Neon (PostgreSQL database)
• Analytics: PostHog (event capture)
• Compliance, business succession, etc.

We never sell the information we collect.

8. International Data Transfers (APPI Article 28)

Our servers and processors may be located outside Japan. Per the amended APPI (effective 2022), we disclose the country of operation, the adequacy status of each country's data-protection regime, and the safeguards in place:

"Adequacy" refers to the country-level data-protection regime; each individual provider implements its own Data Processing Agreement (DPA) and Standard Contractual Clauses (SCC) safeguards.

9. Legal Bases (APPI)

The legal bases for our processing under APPI Articles 17 et seq.:

• Specification and publication of purpose (Arts. 17, 21): see §5
• Lawful collection (Art. 20): user input (pre-registration) or use-based collection
• Restrictions on third-party transfer (Art. 27): under §7
• International transfers (Art. 28): under §8, with prior disclosure of country and safeguards

You may withdraw your opt-in consent for follow-up contact at any time (see §13 Your Rights). Withdrawal does not affect the lawfulness of processing before the withdrawal.

10. Retention

We retain information only for as long as the validation purpose requires, and delete or anonymize it promptly thereafter. We comply with any statutory retention obligations.

11. Security

We implement reasonable safeguards including access controls, encryption in transit and at rest, and audit logging. We do not, however, guarantee absolute security.

12. Minors and Age Conditions

• Browsing the Site and pre-registering are intended for users aged 13 and older.
• If we become aware that a pre-registration was made by a user under 13, we will delete the relevant information.

13. Your Rights

Under APPI, we respond to requests for disclosure, correction, suspension of use, and deletion (subject to statutory exceptions). Please contact privacy@orumio.com.

14. Marketing Communications

For users who opted in to follow-up contact at pre-registration, we may send communications related to this validation and the related service to the registered email address. You may change your preferences at any time; each message includes unsubscribe instructions.

15. Changes to this Policy

We may revise this Policy in response to changes in law or in the Site. We will announce material changes on the Site or by email and update the "Last updated" date at the top of this Policy.

16. Contact

• Operator: Masanori Iwata (Sole proprietor)
• Service brand: Orumio
• Email: privacy@orumio.com

17. Related documents

• Terms of Service
• Cookie Policy