manabi← Back to Home
Home/Privacy Policy

Privacy Policy

Last updated: March 12, 2026

manabi (URL: https://getmanabi.ai, hereinafter "the Service"), operated by manabi Inc. (Japan), recognizes the protection of personal information as an important responsibility. We comply with Japan's Act on the Protection of Personal Information (APPI), the EU General Data Protection Regulation (GDPR) where applicable, and other relevant laws and guidelines, and have established this Privacy Policy (hereinafter "this Policy") to ensure the appropriate handling and protection of personal data.

Article 1 (Basic Policy on Personal Data Protection)

The Service complies with applicable data protection laws and regulations and will appropriately manage and protect the personal information entrusted to us by our users. We strive for continuous improvement in the handling of personal information to provide an environment where users can use the Service with confidence.

  • We collect personal information through lawful and fair means with clearly stated purposes
  • We use collected personal information only within the scope of the stated purposes
  • We implement appropriate security measures to prevent unauthorized access, loss, destruction, alteration, or leakage of personal information
  • We comply with applicable data protection laws, regulations, and standards, and continuously review and improve this Policy

Article 2 (Types of Personal Information Collected)

The Service may collect the following personal information:

(1) Account Information

  • Email address
  • Authentication credentials linked to Google accounts (when using Google OAuth authentication)
  • Authentication credentials linked to Apple accounts (when using Sign in with Apple)
  • Display name and profile picture (when obtained from Google or Apple accounts)

(2) Service Usage Data

  • Video summary generation history (generation date/time, target video URL, generated note content)
  • Favorites and collection registration information
  • Subscription plan information and generation counts
  • Referral program information (referral codes, referrer/referee relationships)

(3) Payment Information

  • Information related to payment processing through Stripe (external payment service)
  • Subscription status (plan type, validity period, renewal date, etc.)

Important: Credit card numbers, security codes, and other payment card information are directly collected and managed by Stripe, Inc. and are never stored on the Service's servers. Stripe is a PCI DSS Level 1 certified payment processor.

(4) Access Logs and Technical Information

  • IP address
  • Browser type and version
  • Operating system information
  • Referrer URL
  • Access date/time and pages viewed
  • Device information (screen resolution, language settings, etc.)

(5) Cookie Information

  • Cookies for Google Analytics 4 access analysis
  • Referral code tracking cookies (validity period: 30 days)
  • Authentication session management cookies

Article 3 (Purpose of Use of Personal Information)

The Service uses collected personal information for the following purposes:

  • Provision, operation, and maintenance of the Service (including generation, display, and storage of video summary notes)
  • Creation, authentication, and management of user accounts
  • Payment processing, subscription management, and billing for paid plans
  • Operation of the Referral Program and management of rewards
  • Customer support and responding to inquiries
  • Analysis of usage and improvement of features
  • Distribution of notifications about new features, updates, campaigns, etc.
  • Prevention of fraudulent use and response to Terms of Service violations
  • Legal compliance and protection of rights

If we change the purpose of use, we will do so only within a scope reasonably related to the original purpose and will notify or publicize the changed purpose.

Article 4 (Disclosure of Personal Information to Third Parties)

The Service will not provide personal information to third parties without the prior consent of the user, except as provided below.

(1) Third-Party Service Providers Necessary for Service Operation

The Service entrusts the handling of personal information to the following external services for the provision of the Service. These service providers handle personal information only within the scope of the Service's stated purposes of use.

Stripe, Inc.

Purpose: Payment processing and subscription management

Data shared: Email address, payment-related information

Privacy policy: https://stripe.com/privacy

Google LLC

Purpose: User authentication (Google OAuth), access analytics (Google Analytics 4)

Data shared: Authentication credentials, access logs, usage data

Privacy policy: https://policies.google.com/privacy

Apple Inc.

Purpose: User authentication (Sign in with Apple)

Data shared: Authentication credentials, email address (if shared by user)

Privacy policy: https://www.apple.com/legal/privacy/

Supabase, Inc.

Purpose: Database management and user authentication infrastructure

Data shared: Account information, all service usage data

Privacy policy: https://supabase.com/privacy

fal.ai (fal AI, Inc.)

Purpose: AI image generation (infographics, thumbnails, etc.)

Data shared: Text data included in generation requests

Privacy policy: https://fal.ai/privacy

Resend, Inc.

Purpose: Email delivery (notifications, etc.)

Data shared: Email address

Privacy policy: https://resend.com/legal/privacy-policy

Google LLC (Gemini API)

Purpose: AI summary generation

Data shared: Video subtitle text (generally does not include personal information)

Privacy policy: https://ai.google.dev/terms

Vercel, Inc.

Purpose: Hosting and content delivery

Data shared: Access logs, IP addresses

Privacy policy: https://vercel.com/legal/privacy-policy

(2) Cases Required by Law

Personal information may be provided to third parties without the user's consent in the following cases:

  • When required by law
  • When necessary for the protection of life, body, or property of a person and it is difficult to obtain the consent of the individual
  • When specifically necessary for improving public health or promoting the sound development of children and it is difficult to obtain the consent of the individual
  • When it is necessary to cooperate with a government agency or local government in executing affairs prescribed by law and obtaining consent may impede such execution

Article 5 (Data Security Measures)

The Service implements the following measures to prevent leakage, loss, or damage of personal information and to ensure its security.

(1) Organizational Security Measures

  • A data protection officer responsible for the handling of personal information has been appointed
  • Regular audits and reviews of personal information handling practices are conducted
  • An incident response and reporting system has been established for data breaches

(2) Technical Security Measures

  • All communications are encrypted using SSL/TLS (HTTPS)
  • Database access is strictly controlled through row-level security (RLS)
  • Authentication credential management uses Supabase Auth with proper password hashing and security measures
  • Sensitive information such as API keys is managed as environment variables and is not included in source code
  • Secure authentication methods (OAuth 2.0, etc.) are used for integration with external services

(3) Physical Security Measures

  • Data is stored on reliable cloud services (Supabase / Vercel), and physical server management complies with the security standards of these cloud providers
  • Personal information that is no longer needed is promptly deleted using methods that make recovery impossible

Article 6 (Cookies and Access Analytics)

The Service uses cookies and similar technologies to improve the convenience of the Service and to analyze usage patterns.

(1) Use of Google Analytics 4

The Service uses Google Analytics 4 (hereinafter "GA4"), provided by Google LLC, to understand and improve service usage.

  • GA4 uses cookies to collect usage information (access date/time, pages viewed, time spent, traffic sources, etc.)
  • Collected data is processed statistically and is not used to identify individuals
  • Data collected by GA4 includes IP addresses (anonymized), browser information, and device information
  • Data is transmitted to and stored on Google LLC servers (including those in the United States)

For information on how Google collects and processes data, please refer to "How Google uses information from sites or apps that use our services". To opt out of data collection by GA4, please install the Google Analytics Opt-out Browser Add-on.

(2) Referral Code Tracking Cookies

The Service's Referral Program uses cookies to track access via referral links.

  • Cookie name: referral code (ref)
  • Validity period: 30 days
  • Purpose: To identify the referring user and properly manage Referral Program rewards
  • Stored content: Only the referral code (a random string). No personally identifiable information is included

(3) Cookie Management

You may configure your browser settings to reject cookies. However, please note that if you disable cookies, some features of the Service (such as maintaining login sessions) may not function properly.

Article 7 (Your Data Rights)

Under applicable data protection laws (including Japan's APPI and, where applicable, the GDPR), you have the following rights regarding your personal information held by the Service:

  • Right to be informed of the purpose of use of your personal information
  • Right to access (disclosure of) your personal information
  • Right to correction, addition, or deletion of your personal information
  • Right to request cessation of use or erasure of your personal information
  • Right to request cessation of provision of your personal information to third parties
  • Right to data portability (where applicable under GDPR)
  • Right to object to processing (where applicable under GDPR)

How to Submit a Request

To exercise any of the above rights, please contact us at the email address below along with information to verify your identity.

Contact

support@getmanabi.ai

Upon receiving your request, we will verify your identity and respond within a reasonable period. However, we may not be able to comply with your request in the following cases:

  • When your identity cannot be verified
  • When there is no legal obligation to disclose or take action
  • When compliance may harm the life, body, property, or other rights of you or a third party
  • When compliance may significantly impede the proper operation of the Service

Account Deletion

You may request the deletion of your account by contacting us at the email address above. Upon receiving a deletion request, the Service will delete all personal information associated with your account within a reasonable period, except for information required to be retained by law. If you are on a paid plan, you must first cancel your subscription before requesting account deletion.

Article 8 (Use by Minors)

The Service is not intended for use by individuals under the age of 18. If you are under 18, please obtain the consent of your parent or legal guardian before using the Service.

Explicit consent from a parent or legal guardian is particularly required for subscriptions to paid plans.

If a parent or guardian discovers that their child has provided personal information without their consent, please contact us at the inquiry address below. We will promptly take measures to delete such personal information.

Article 9 (International Data Transfers)

In providing the Service, we use external services listed in Article 4 (Stripe, Google, Apple, Supabase, fal.ai, Resend, Vercel), whose servers may be located outside of Japan (including the United States and other countries).

When transferring personal information to third parties in foreign countries, we ensure the following safeguards:

  • The recipient is located in a country with a personal data protection system equivalent to that of Japan
  • The recipient has implemented measures equivalent to those required under applicable data protection laws (confirmed based on each provider's privacy policy and security standards)
  • By agreeing to the Service's Terms of Service, users consent to the transfer of personal information to foreign countries

For EU/EEA Users: Where we transfer your personal data outside the European Economic Area, we ensure that appropriate safeguards are in place, including standard contractual clauses approved by the European Commission or reliance on the service provider's compliance with recognized data protection frameworks. The legal basis for processing your data is your consent (provided when you agree to these terms), the performance of a contract (providing the Service), and our legitimate interests (improving the Service and preventing fraud).

Article 10 (Changes to this Privacy Policy)

The Service may change the content of this Policy due to changes in laws, changes in service content, or other reasons.

  • The revised Privacy Policy takes effect upon posting on the Service's website
  • For significant changes, we will notify you through a notice on the website or by email
  • If you continue to use the Service after changes are made, you are deemed to have agreed to the revised Privacy Policy

Article 11 (Contact)

For inquiries regarding this Policy, requests for disclosure of personal information, or any other questions about the handling of personal data, please contact us below.

Service

manabi (getmanabi.ai)

Operator

manabi Inc. (Japan)

Data Protection Contact

support@getmanabi.ai

Response Time

We will respond within 3 business days as a general rule

Enacted: March 10, 2026