Privacy Policy
Last updated: 2026-07-02
This page explains how NihonLetter (“the Product” or “we”) collects, uses, shares, and protects your information. Please read this policy in full before using the Product.
Introduction and Scope
NihonLetter is an iOS app for foreign residents in Japan and multilingual families. You can scan or upload Japanese letters, documents, images, PDFs, and screenshots; the Product performs optical character recognition (OCR) and AI analysis to generate “action cards” for you (identifying the document type and extracting information such as deadlines, amounts, and institutions, and offering suggested actions), deadline calendar reminders, and Japanese reply templates. The output language of action cards is determined by your app language setting; currently Simplified Chinese, Traditional Chinese, and English are supported, and action cards default to Simplified Chinese in other language environments.
This policy applies to the collection and processing of information that occurs between you and the Product while you use it; it does not apply to the independent processing carried out by third-party websites, institutions, or services that you access on your own. For the related terms, see our Terms of Service.
Information We Collect
We collect information only to the extent necessary to provide and improve the service, mainly in the following categories:
- Account and authentication information: the current version primarily uses anonymous accounts, and we collect the internal identifier of the anonymous account. As sign-in methods such as LINE and Apple are rolled out in later versions, we will accordingly collect the user identifier returned by that sign-in method (provider user id), the email address you use to sign in or link, and so on. These sign-in methods are planned and will be rolled out gradually across versions; they may not yet be available in the current version, and what is actually available follows what is shown in your app version. Once the relevant sign-in method is available, you can link multiple identities to the same account. We do not use phone numbers for account registration or sign-in; if a file you upload contains information such as a phone number, it is recognized and processed as part of the uploaded content (see “Content you upload” above).
- Content you upload: the images and PDFs of the letters, documents, and screenshots you scan or upload, and the text extracted via OCR. This content may contain personal information (such as names, addresses, amounts, institution names, account numbers, etc.). Please upload only content you are entitled to process.
- Analysis outputs: the action cards, deadline reminders, and reply templates generated from the content you upload.
- Usage and log information: basic usage records and error logs, used to troubleshoot issues and improve the service.
- Calendar / reminder integration identifiers: when you use the “Add to Calendar / Reminders” feature, the identifier returned by the system for the created event or reminder is sent back and stored on our servers, used to mark that action as completed and to avoid creating duplicates. We do not obtain any other content from your calendar or reminders.
- Purchase and subscription information: when you purchase a subscription or make an in-app purchase, the resulting purchase / subscription status and transaction identifiers. We manage subscriptions through RevenueCat, using your account identifier (Supabase user ID) as the RevenueCat user identifier; the actual payment is handled by the Apple App Store, and we do not have access to your bank card or other payment details.
- Support requests (tickets): when you contact us via “Settings → Support”, the ticket category, subject, language, and message content you submit—this content may contain personal information.
How Information Is Used
- To perform OCR recognition and AI analysis on the Japanese content you upload, and to generate action cards, deadline reminders, and Japanese reply templates.
- To create and maintain your account, and to handle sign-in, identity linking, and session management.
- To provide, maintain, troubleshoot, and improve the features and stability of the Product.
- When you authorize it, to write deadline-related events or reminders to your device's calendar or reminders, and to send back the identifier returned by the system to mark completion and avoid duplicates.
- To manage your subscription and in-app purchase entitlements (through RevenueCat and the Apple App Store).
- To receive, process, and respond to the requests and tickets you submit through the support feature.
We do not sell your personal data to third parties.
Third-Party Processing and Sharing
To provide the Product's features, we entrust necessary information to the following types of third parties, to the extent required to deliver the service. We do not sell your personal data.
- AI analysis service providers: to perform recognition and analysis, the text extracted via OCR from your uploaded content is sent to the third-party AI service provider we use for processing (not the original images—images and PDFs are stored only on our self-hosted infrastructure and are not sent to the AI provider). We currently use Anthropic (the Claude model); depending on configuration we may also use OpenAI or other AI service providers. Such processing is subject to each provider's terms and privacy policy. Model training: your uploaded content will not be used to train AI models—we process data through these providers' commercial APIs, and under their API terms the submitted content is not used to train their models; we also do not use your uploaded content as externally shared quality-assurance (QA) samples.
- Authentication email delivery: email Magic Link and one-time passcode (OTP) emails are sent via Amazon SES (AWS).
- Sign-in identity providers: when you choose the relevant sign-in method, the sign-in process involves LINE and Apple as identity providers.
- Storage service: your data is stored on our self-hosted infrastructure (Supabase and object storage deployed on a VPS).
- Subscriptions and in-app purchases: we use RevenueCat to manage subscription and in-app purchase entitlements, which involves syncing purchase / subscription status and account identifiers; the actual payment transaction is handled by the Apple App Store and is subject to Apple's terms and privacy policy.
Where Data Is Stored and Security
Your data is stored on our self-hosted infrastructure (Supabase and object storage on a VPS). We take reasonable technical and organizational measures such as access control and encryption in transit to protect the security of your information.
Please note: no method of transmission or storage over the internet can guarantee that no risk will ever occur under all circumstances, and we cannot make an absolute guarantee of security. Please keep your sign-in methods and devices safe.
Data Retention and Deletion
We retain your information for as long as needed to provide the service and to meet compliance requirements. For the originals you upload, the Product offers an “original retention” feature: you can choose to keep the originals, or have them deleted automatically after they expire.
Important note about anonymous accounts: an anonymous account can be used without registration, and its session is the sole credential for the account. Signing out or losing that session may be equivalent to losing the account and its associated data, and it usually cannot be recovered. If you wish to retain your data long-term, we recommend linking a sign-in method such as LINE, Apple, or email once it becomes available (these sign-in methods are rolled out gradually across versions, subject to what is actually offered in the app).
You can delete your account at any time; once submitted, the deletion request is processed asynchronously in the background and is usually completed within a short time. It removes associated data such as your files, analyses, in-app reminder records, and support content, and cannot be recovered—see “Your Rights” below and Delete Account. Retention exception: to fulfill legal and compliance obligations, we de-identify finance / transaction-related records and retain them for a legally required period, and we keep one deletion audit record containing an account identifier as evidence that the deletion request was carried out; this data is used only for internal compliance purposes and is not provided externally.
Your Rights
To the extent permitted by applicable law, you may exercise the following rights over your own personal information:
- Access and correction: to know and update the information we hold about you.
- Deletion: you can delete your account and its associated privacy content (files, analyses, in-app reminder records) at any time in the app (Settings → Account → Delete Account); deletion cannot be recovered (see also the retention exception under “Data Retention and Deletion” above—to fulfill legal and compliance obligations, we de-identify finance / transaction- related records and retain them for a legally required period, and keep one deletion audit record containing an account identifier as compliance evidence). If you cannot do this in the app, you can contact us via our Support page.
- Withdrawal of consent: for processing carried out based on your consent, you may withdraw your consent; withdrawal does not affect processing already carried out before the withdrawal.
- APPI disclosure and other requests: if Japan's Act on the Protection of Personal Information (APPI) applies to you, you may make the following requests regarding the personal data we hold: disclosure; correction, addition, or deletion of content; suspension of use or erasure; and disclosure of records of provision to third parties. We will handle these in accordance with applicable law after verifying your identity by reasonable means; the point of contact and the process are described under “Personal Information Handling Business Operator” below.
If you are located in another region (for example, the European Economic Area where the GDPR applies), you may have other rights provided by local law; we will cooperate to the extent applicable.
Device Permissions
The following device permissions of the Product all require your active authorization within the app, and you can revoke them at any time in your system settings:
- Calendar and Reminders (EventKit): with your authorization, used to write deadline-related events to your device's Calendar, or to write reminders to Reminders. After writing, the identifier returned by the system for that event or reminder is sent back and stored on our servers, used to mark that action as completed and to avoid creating duplicates; we do not upload any other content from your calendar or reminders. Deleting your account only clears the data on our servers and does not automatically remove events or reminders you have already written to your device's Calendar or Reminders; if you want to clear them, please delete them yourself on your device.
- Camera and Photos: used to scan letters or select files and images for analysis.
Children's Privacy
The Product is intended for adult users, is not designed for children, and does not knowingly collect children's personal information. If you believe a child has provided us with personal information without a guardian's consent, please contact us via our Support page, and we will take reasonable measures to delete it.
International and Cross-Border Transfers
To provide the service, some of your information is entrusted to third parties for processing or storage. Regarding the provision of personal data to a foreign third party that must be disclosed under Article 28 of Japan's Act on the Protection of Personal Information (APPI): the AI analysis service providers Anthropic and OpenAI are located in the United States—the text extracted via OCR from your uploaded content is transferred to the United States for their processing, and the personal information protection regime in the United States differs from Japan's; for this we take security measures such as encryption in transit and access control. When you use the scan / document-analysis feature, you thereby initiate this processing—the text extracted via OCR from your uploaded content is transferred to the above AI service providers to generate analysis results; if you do not want such a cross-border transfer to occur, please do not use the relevant analysis feature. In addition, authentication email delivery (Amazon SES) and our self-hosted infrastructure (VPS, object storage) are deployed by the operator within Japan (the AWS Tokyo region), and the related processing does not involve the provision of personal data to a foreign third party; if the location of this deployment changes in the future, we will update this policy accordingly and handle it in accordance with the APPI.
Policy Updates
We may update this Privacy Policy from time to time. Updates will be posted on this page, and the “Last updated” date at the top of the page will be updated. For material changes, we will notify you by appropriate means.
Personal Information Handling Business Operator
The entity handling personal information for this Product (the personal information handling business operator) is the operator of NihonLetter (a sole proprietor in Japan). Under Japan's Act on the Protection of Personal Information, the operator's name and address are matters that can be made known to the individual: if you need them, upon your request we will disclose the operator's name and address without delay in writing or by email. For requests, inquiries, or complaints relating to the handling of personal information and the exercise of the rights above (disclosure, correction, suspension of use, deletion, etc.), please submit them via our Support page (support@nihonletter.app) as the point of contact; we will handle them without delay after verifying your identity in accordance with applicable law.
Contact Us
If you have any questions, comments, or requests regarding this Privacy Policy or the handling of personal information, please contact us via our Support page (support@nihonletter.app).