TOMOKO Closed Beta — Privacy Policy
Last updated: March 13, 2026
Article 1 (Introduction)
Authentic AI, Inc. (株式会社オーセンティックAI, hereinafter "the Company") is committed to protecting the personal information and data of users of the "TOMOKO" AI fashion designer service closed beta ("Service"). This Privacy Policy ("Policy") describes the types of data we collect, the purposes of use, disclosure to third parties, and users' rights.
Article 2 (Data We Collect)
2.1 Account Information
Through our authentication platform, we collect:
- Email address
- Name (optional)
- Authentication-related information (password hashes, OAuth tokens, etc.)
2.2 User-Provided Data
We collect data that users input or upload through the Service:
- Chat messages: Conversations with the AI (including text and image attachments)
- Designer profile: Name, company, role, design philosophy, message (optional)
- Project information: Project names, guidelines, reference materials (URLs, images, PDFs, DOCX files)
- Uploaded files: Images (PNG, JPEG, WebP, GIF), documents (PDF, DOCX), audio files
- Bookmarks and labels: AI responses saved by users and their classification
- Feedback: Opinions and bug reports for service improvement (stored locally in the browser)
2.3 Automatically Collected Data
- Usage data: Tool usage frequency and types, credit consumption history, session count
- Preferences: Theme (light/dark), language setting (Japanese/English)
- Technical information: Browser language setting (Accept-Language header)
2.4 Data We Do Not Collect
- We do not use external tracking tools (such as Google Analytics)
- We do not use advertising tracking cookies
- We do not collect location data
Article 3 (Purpose of Data Use)
We use collected data solely for the following purposes:
| Purpose | Data Used |
|---|---|
| Providing Service functionality (AI conversation, image generation, etc.) | Chat messages, uploaded files, project information |
| Personalizing the user experience | Profile, preferences, bookmarks |
| Account authentication and security | Account information |
| Usage management and rate limiting | Usage data |
| Service improvement and bug fixes | Usage data, feedback |
| Important notifications (Terms changes, service termination, etc.) | Email address |
Article 4 (Data Storage)
4.1 Storage Locations
| Data Type | Storage Provider | Location |
|---|---|---|
| Account information | External authentication service | United States |
| Chat history, profiles, projects, etc. | Cloud database | United States |
| Uploaded and generated images | Cloud storage | United States |
| Theme and language settings (local copy) | Browser localStorage | User's device |
4.2 Retention Period
- During the beta period, data is retained unless the user performs a deletion action.
- Handling of data upon beta termination will be communicated separately before termination.
- When users delete sessions, bookmarks, or project resources, the corresponding data is promptly removed from the database.
Article 5 (Data Sharing with Third Parties)
5.1 External AI Services
To provide Service functionality, user data may be transmitted to third-party AI services. Data transmission is limited to what is necessary for Service functionality.
| Category | Data Transmitted | Purpose |
|---|---|---|
| AI conversation and generation services | Chat messages, context information, images | AI conversation, design assistance, image/video generation |
| Image analysis and text extraction services | Images, text, URLs, documents | Content analysis and text conversion |
| Web search services | Search queries | Trend research and information retrieval |
| Speech processing services | Audio files | Speech-to-text |
Each service processes data in accordance with its own terms of service and privacy policy. For details on specific third-party services used, please contact us.
5.2 Infrastructure Services
The following categories of third-party infrastructure services are used to operate the Service:
| Category | Data Transmitted | Purpose |
|---|---|---|
| Authentication service | Account information | User authentication and account management |
| Database service | User data (encrypted in transit) | Data persistence |
| Cloud storage | Images and files | Uploaded file storage |
| External service integration platform | OAuth connection information | Integration with SNS and other external services |
5.3 When We Do Not Share Data
- We do not provide user data as training data for third-party AI models.
- We do not sell or share data for advertising purposes.
- We do not share data with parties other than those listed above, except when required by law.
Article 6 (Cookies and Browser Storage)
6.1 Cookies
The Service uses the following cookies:
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| Authentication cookie | Maintaining login state | Essential (httpOnly, Secure) | Session |
We do not use marketing or analytics cookies.
6.2 localStorage
The following preferences are stored in the browser's localStorage. These are stored only on the user's device and are not transmitted to the server (except for database synchronization).
- tomoko-theme: Theme setting (light / dark / system)
- tomoko-locale: Language setting (ja / en)
- tomoko-feedbacks: Feedback content (local only)
Article 7 (Data Security)
We implement the following security measures to protect user data:
- Authentication: Authentication enforced on all API endpoints and pages
- Data isolation: Multi-tenant isolation by user ID. Users cannot access other users' data
- Rate limiting: API request throttling (preventing abuse and overload)
- Encryption in transit: HTTPS (TLS) for all communications
- Access control: URL validation and file access path verification to prevent unauthorized access
- File validation: File type and size restrictions on uploads
However, as a beta service, we cannot guarantee 100% security for data transmitted over the internet.
Article 8 (User Rights)
8.1 Access
- Users can view their chat history, profile, projects, bookmarks, and usage statistics within the Service.
8.2 Correction
- Profile information, project information, and settings can be modified at any time within the Service.
8.3 Deletion
- Chat sessions, bookmarks, and project resources can be individually deleted within the Service.
- To request full account deletion, please contact us using the information in Article 12. All associated data will be removed from our databases upon account deletion.
8.4 Data Export
- To request a data export, please contact us using the information in Article 12.
8.5 Withdrawal of Consent
- Users may withdraw their consent to data collection at any time by deleting their account.
Article 9 (Minors)
The Service is intended for users aged 16 and older. If we become aware that a user under 16 is using the Service, we will promptly delete the account and associated data.
Article 10 (International Data Transfers)
The Service's infrastructure primarily uses servers located in the United States. For users accessing from Japan, user data is transferred outside of Japan. We ensure that the service providers at the transfer destination maintain appropriate data protection measures before transferring data.
Article 11 (Changes to This Policy)
- The Company may update this Policy in response to legal changes, service modifications, or data handling reviews.
- For significant changes, users will be notified in advance of the changes and effective date via the Service or email.
- Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
Article 12 (Contact)
For inquiries regarding this Policy or data handling, please contact:
- Company: Authentic AI, Inc. (株式会社オーセンティックAI)
- Email: info@authenticai.co.jp
- Website: https://authenticai.co.jp