プライバシーポリシー / Privacy Policy

This Privacy Policy (the Policy) describes how Code Misogi (the Service) handles user information. By using the Service, you agree to this Policy. See the Terms of Service.

This English text is provided for convenience. If there is any conflict or inconsistency, the Japanese text will prevail.

1. Information We Collect

We may collect the following information:

Authentication data: account identifiers used for login (e.g., Google user ID), display name, email address, and similar profile data.
Billing data: purchase status, plan identifiers, and payment state (payment instrument details are generally retained by the payment provider, not by us).
Consent records: timestamps and versions of consent to the Terms and this Policy.
Technical data: minimal logs (e.g., IP address, user agent, referrer) when necessary for service delivery, maintenance, or fraud prevention.
App settings: UI preferences such as language settings (which may be stored in browser cookies).
Analytics data: when we use Google Analytics, usage information such as page views and interactions may be sent to Google via cookies or similar technologies (see Section 4).

2. Information We Do Not Collect

The Service does not transmit your source code contents, full repositories, or the actual values of secrets (such as API keys) to our servers, and it does not provide any feature to transmit them.

However, only when you use the report submission feature to help improve the Service, the Service may transmit the findings (e.g., rule IDs, finding types, counts) and the minimum information necessary for troubleshooting to our servers. Even in such cases, your source code contents and the actual values of secrets are not transmitted.

3. Purpose of Use

We use collected information for the following purposes:

Providing the Service, authentication, identity verification, and prevention of unauthorized use.
Billing, plan management, license/entitlement control, and payment-related support.
Consent management (confirming agreement and managing renewed consent).
Responding to inquiries and sending important notices.
Maintaining and improving service quality (including aggregated/anonymized analysis).
Analyzing usage using Google Analytics and similar tools (improving the Service and website).

4. Use of Third-Party Services

We may use the following third-party services:

Authentication: Firebase Authentication / Google (sign-in)
Data storage: Firebase (e.g., Firestore)
Payments: Stripe (e.g., Checkout / Customer Portal / Webhooks)
Analytics: Google Analytics (Google)

Handling of information by those third parties is governed by their own policies. We use such services only to the minimum extent necessary.

When Google Analytics is used, usage information such as viewed pages, interactions, and device/browser-related information may be sent to Google via cookies or similar technologies. You may be able to limit analytics by disabling cookies in your browser settings or using opt-out measures provided by Google.

5. Communications for DAST (Web Scanning)

When you use DAST (web scanning), the Service sends network requests to the URL/host you specify. As a result, the target site may receive information such as your IP address. We do not send your source code contents or the actual values of secrets to the DAST target site.

6. Third-Party Disclosure

We do not provide user information to third parties except where required by law or where the user has provided consent. Note that information is transmitted to the providers listed in Section 4 to the extent necessary to provide those services.

7. Retention Period

We retain user information only as long as needed to fulfill the purposes above, then delete or anonymize it using reasonable methods, except where longer retention is required by law.

8. Security Measures

We take reasonable security measures to prevent unauthorized access, leakage, or tampering of user information. However, due to the nature of the internet, absolute security cannot be guaranteed.

9. Requests (Access, Correction, Deletion)

You can request account deletion using the account-closing feature on the My Page screen. For other requests, please refer to the contact channel listed in the Commercial Transactions Act Disclosure.

10. Revisions

We may update this Policy. For material changes, we will provide notice through reasonable means and may require renewed consent where necessary.

1. Information We Collect

We may collect the following information:

Authentication data: account identifiers used for login (e.g., Google user ID), display name, email address, and similar profile data.

Billing data: purchase status, plan identifiers, and payment state (payment instrument details are generally retained by the payment provider, not by us).

Consent records: timestamps and versions of consent to the Terms and this Policy.

Technical data: minimal logs (e.g., IP address, user agent, referrer) when necessary for service delivery, maintenance, or fraud prevention.

App settings: UI preferences such as language settings (which may be stored in browser cookies).

Analytics data: when we use Google Analytics, usage information such as page views and interactions may be sent to Google via cookies or similar technologies (see Section 4).

2. Information We Do Not Collect

The Service does not transmit your source code contents, full repositories, or the actual values of secrets (such as API keys) to our servers, and it does not provide any feature to transmit them.

3. Purpose of Use

We use collected information for the following purposes:

Providing the Service, authentication, identity verification, and prevention of unauthorized use.

Billing, plan management, license/entitlement control, and payment-related support.

Consent management (confirming agreement and managing renewed consent).

Responding to inquiries and sending important notices.

Maintaining and improving service quality (including aggregated/anonymized analysis).

Analyzing usage using Google Analytics and similar tools (improving the Service and website).

4. Use of Third-Party Services

We may use the following third-party services:

Authentication: Firebase Authentication / Google (sign-in)

Data storage: Firebase (e.g., Firestore)

Payments: Stripe (e.g., Checkout / Customer Portal / Webhooks)

Analytics: Google Analytics (Google)

Handling of information by those third parties is governed by their own policies. We use such services only to the minimum extent necessary.