Privacy Policy
Last updated: February 26, 2026
1. Introduction
GramAgent (hereinafter referred to as "the Service") is operated by Tomoya Sawai (hereinafter referred to as "the Operator"). The Operator complies with the Act on the Protection of Personal Information (APPI) of Japan and establishes this Privacy Policy as set forth below. This Policy explains what information the Service collects and how it is used and protected.
2. Information We Collect
The Service collects the following information: - Account information: email address, display name, password (stored as hash) - Google OAuth information: name, email address, and profile image URL when registering with a Google account - Usage data: generation history, plan information, usage count - Upload data: product images, reference images (uploaded for generation processing) - Payment information: processed through Stripe; the Service does not directly store credit card information - Access logs: IP address, browser information, access date and time (automatically collected as server logs)
3. Purpose of Use
Collected information is used for the following purposes: - Providing, operating, and improving the Service - Managing and authenticating user accounts - Billing and subscription management - AI image and text generation processing - Providing customer support - Analyzing Service usage patterns - Compliance with laws and regulations (fraud prevention, tax compliance, etc.)
4. Information Sharing with Third Parties
The Service shares information with the following third-party services: - Supabase: Authentication, database, storage - OpenAI: User-entered text and uploaded images are sent to the OpenAI API for AI image and text generation. Data sent to the OpenAI API is not used for model training, in accordance with OpenAI's API data usage policy. - Stripe: Payment processing - Vercel: Hosting These services process information in accordance with their respective privacy policies. Personal information will not be provided to third parties other than those listed above, except when required by law.
5. Data Storage and Deletion
User data is securely stored on Supabase servers. Retention periods for generated images and generation history are as follows: - Free: 14 days - Lite: 30 days - Standard: 30 days - Pro: Indefinite (while account is active) Data is automatically deleted after the retention period expires. You can delete your account from the settings page. When an account is deleted, related personal data will be deleted within a reasonable period.
6. Use of Cookies
The Service uses cookies for authentication session management. When using Google account authentication, Google cookies may also be used. Cookies for analytics or tracking purposes are not used.
7. Security
The Operator implements appropriate security measures to protect user personal information, including SSL/TLS encrypted communication, password hashing, and data access control through Supabase Row Level Security (RLS). However, communication over the Internet cannot be guaranteed to be completely secure.
8. Disclosure, Correction, and Deletion of Personal Information
Users may request the Operator to disclose, correct, add, delete, suspend use of, or erase their personal information. Upon such request, we will verify your identity and respond within a reasonable period. Contact: info@gram-agent.com
9. Policy Changes
This Privacy Policy may be revised as needed due to changes in laws or service content. In the event of significant changes, we will notify you through the Service or by email.
10. Contact
For inquiries regarding this Policy, please contact us at: Operations Responsible Person: Tomoya Sawai Email: info@gram-agent.com