Privacy Policy
HOPY (the “Service”) values a conversational experience that users can rely on with confidence. This Privacy Policy explains the types of information the Service may collect, the purposes for which it is used, how it is managed, and the rights of users regarding privacy.
The Service follows a basic policy of handling only the minimum necessary information within clear purposes, in an appropriate and secure manner. The Service is operated with practical use cases in mind, including login via third-party authentication such as Google accounts and usage patterns that may be closer to anonymous use, while taking into account applicable laws and region-specific privacy protections.
Effective date: March 10, 2026
1. Scope
This Policy applies to information collected in connection with the Service’s website, applications, conversational features, related support, inquiry handling, and other Service-related activities.
Where the Service integrates with third-party services, the handling of information by those services may be governed by the policies and terms established by their respective providers.
2. Information We Collect
The Service may collect information such as the following.
• Display name, email address, profile image, authentication identifiers required for third-party sign-in, and other information necessary for account creation or authentication
• Chat content, input text, attached data, settings, saved conversations or notes, and other information provided by users to the Service
• Usage date and time, access source information, device type, browser information, operating system, language settings, IP address, cookies, local storage, and other information about the usage environment
• Purchase information, subscription or contract information, and billing-related information where paid features or plans are offered
• Inquiry details, contact information, and communication history provided when contacting the Service
• Log information necessary for incident investigation, misuse prevention, quality improvement, and security measures
3. How We Collect Information
• Directly from users when they register, enter, send, save, change settings, or make inquiries
• Through logs and technical information automatically generated and collected through use of the Service
• Lawfully from third-party services used for authentication, payment, analytics, hosting, and similar functions
4. Purposes of Use
• To provide, operate, maintain, support, and improve the Service
• For user authentication, account management, identity verification, and misuse prevention
• To provide chat features, saving functions, display optimization, and other experiences requested by users
• To improve safety, stability, responsiveness, efficiency, and overall service quality
• For bug investigation, incident response, auditing, and security measures
• For support handling, inquiry handling, and sending important notices
• For legal compliance, rights protection, dispute response, and other legitimate operational needs
• To conduct statistical analysis and trend review in a way that does not directly identify individuals, and to use those insights to improve the Service
• Where paid features or plans are offered, to process payments, manage billing, prevent fraudulent payments, handle refunds, and manage related transactions
5. AI Responses and Conversation Data
To provide conversational features, the Service may process, store, or refer to user input and the responses generated in relation to that input.
Conversation data may be used to the extent necessary for continuity of user experience, safety, quality improvement, misuse prevention, incident investigation, and support handling.
The Service recognizes that conversations may contain personal or sensitive information, and places importance on avoiding overly broad use, avoiding excessive retention, and managing such information securely.
6. Legal Basis for Processing
Depending on applicable law, the Service processes personal information on lawful grounds such as performance of a contract, legitimate interests, compliance with legal obligations, user consent, or other valid legal bases.
The specific legal basis may vary depending on the user’s place of residence, the features used, and the nature of the information provided.
7. Sharing and Disclosure
Except in the following cases, the Service does not sell user information to third parties and does not disclose it in ways not permitted by law.
• Where the user has given consent
• Where disclosure is necessary to service providers or partners for authentication, payment, hosting, analytics, communications, support, or similar functions
• Where paid features or plans are offered, disclosure to payment processors, billing managers, or other providers necessary for the transaction
• Where disclosure is required by law
• Where necessary to protect life, body, or property and obtaining the individual’s consent is difficult
• Where necessary to address rights violations, misuse, or major security issues
• Where information is transferred in connection with a business succession, merger, business transfer, or organizational restructuring
8. International Data Transfers
Due to the use of cloud infrastructure or third-party services, the Service may store or process user information outside Japan.
In such cases, the Service will implement reasonable safeguards in accordance with applicable law, including contractual protections, operational security management, and due diligence of service providers.
9. Retention Period
The Service retains information for the period necessary to achieve the purposes of collection, the period required by law, and the period reasonably necessary for dispute response and security management.
When information is no longer needed, the Service will delete, anonymize, or securely erase it, taking into account applicable law and technical constraints.
10. Cookies and Similar Technologies
The Service may use cookies, local storage, and similar technologies to maintain login status, save settings, optimize display, understand usage patterns, analyze incidents, and implement security measures.
Users may be able to disable cookies through browser settings, but doing so may cause some functions not to work properly.
11. Security Measures
The Service implements reasonable security measures against unauthorized access, leakage, loss, alteration, and similar risks involving personal information, including access controls, authentication management, communication protection, log monitoring, provider management, and necessary operational rules.
However, complete security of internet transmission and electronic storage cannot be guaranteed, so users are also asked to manage authentication information and devices appropriately.
12. Information Relating to Minors
The Service takes care to protect the privacy of minors in accordance with applicable law. If a minor uses the Service, they should do so with the consent of a parent or other legal guardian where required.
13. User Rights
Under applicable law, users may have rights regarding their personal information, including access, correction, addition, deletion, suspension of use, restriction of processing, objection, data portability, and other rights.
The Service will respond within a reasonable scope in accordance with applicable law after identity verification and other necessary procedures.
14. Region-Specific Notes
In addition to Japan’s Act on the Protection of Personal Information and other applicable laws, the Service seeks, where possible, to take into account rights and requirements recognized under GDPR, UK GDPR, CCPA/CPRA, and other relevant laws depending on the user’s region.
However, the specific legal assessment and details of region-specific handling may be reviewed depending on service regions, service scale, feature scope, and legal changes.
15. Changes to This Policy
The Service may revise this Policy due to legal changes, feature changes, operational needs, or other reasonable reasons.
If material changes are made, the Service will provide notice through posting within the Service or by other reasonable means. Unless otherwise specified, the revised Policy becomes effective upon posting or notice.
16. Contact
For inquiries regarding this Policy or the handling of personal information by the Service, please use the inquiry path within the Service or the separate contact channel provided by the Service.