logo

Privacy Policy

Last updated:

1. Introduction

NanoHuman Inc. (“NanoHuman,” “we,” “us,” “our”) is a corporation organised under the laws of Japan. We develop and distribute the SuperIntern desktop application and its related websites, APIs and customer‑support channels (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, store, transfer and safeguard your personal data when you use the Service.

We process personal data in accordance with the EU/EEA General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), Japan’s Act on the Protection of Personal Information (APPI), and other applicable data‑protection and privacy laws worldwide.

By accessing or using the Service you acknowledge that you have read and understood this Privacy Policy.

2. Definitions

  • Account – a unique set of credentials enabling you to access the Service.
  • Application – the SuperIntern desktop software installed on your computer and its related websites, APIs and customer‑support channels.
  • Cookies – small text files placed on a device to store information.
  • Device – any computer, smartphone, tablet or other equipment used to access the Service.
  • Personal Data – any information relating to an identified or identifiable natural person.
  • Processor / Service Provider – a third party that processes Personal Data on our behalf.
  • Usage Data – data automatically collected from the Service infrastructure (e.g. log files, analytics events).
  • User / you – the individual using the Service, or an organisation on whose behalf such individual acts.

3. Personal Data We Collect

  1. Account Data – name, business e‑mail address, password (hash), preferred language and subscription tier.
  2. Payment Data – tokenised credit‑card information, billing address and transaction identifiers handled by Stripe, Inc. (Card numbers are never stored on our servers.)
  3. Meeting Content – audio captured via microphone/speaker loopback, optional screen video captures, screenshots, transcripts, summaries, speaker labels and AI‑generated metadata.
  4. Usage Data and Diagnostics – IP address, Device/OS/browser version, session timestamps, feature usage events, crash logs.
  5. Cookie & Tracking Data – identifiers stored via cookies, localStorage, pixels or similar technologies.

We collect data (a) directly from you, (b) automatically via the Application or website, and (c) from third‑party integrations that you explicitly connect (e.g. calendar or conferencing tools).

4. Purposes for Processing & Legal Bases (GDPR Art. 6)

PurposeLegal Basis
Provision and operation of the Service, account authentication, subscription management and billing.Contract performance (Art. 6 1 (b))
AI processing of meeting content, feature improvement, security monitoring, debugging and fraud prevention.Legitimate interests (Art. 6 1 (f))
Compliance with tax, bookkeeping, consumer‑protection and other legal obligations.Legal obligation (Art. 6 1 (c))
Sending product‑related announcements and customer‑care communications.Legitimate interests (Art. 6 1 (f)) – opt‑out available
Sending marketing e‑mails about new products or services to non‑customers.Consent (Art. 6 1 (a)) – opt‑in required

5. Sharing of Personal Data

We disclose Personal Data only for the purposes described in this Policy:

  • Processors / Service Providers
    • Stripe, Inc. (USA) – payment processing
    • Amazon Web Services, Inc. (Japan & US regions) – cloud hosting
    • OpenAI, L.L.C. (USA) – AI‑processing
    • Google LLC (USA) – AI‑processing
    • ElevenLabs, Inc. (USA) – AI‑processing (speech‑to‑text)
    • Mux, Inc. (USA) – video hosting
  • Business transfers – in connection with a merger, acquisition or asset sale.
  • Legal or regulatory authorities – when required by applicable law or valid legal process.
  • With your consent – where you have explicitly authorised additional disclosures.

International Data Transfers

Our primary servers are located in Japan and the United States. Where Personal Data originating from the European Economic Area or the United Kingdom is transferred to a country that has not received an adequacy decision, we rely on the European Commission’s Standard Contractual Clauses (SCCs) together with appropriate technical and organisational measures (e.g. end‑to‑end encryption, strict access controls).

EU/UK Representative (GDPR Art. 27): [Insert appointed representative details or state “Not applicable – exemptions apply.”]

6. Data Retention

Meeting audio/video are retained for 90 days by default unless you delete them earlier via the Application interface. Billing records are stored for seven (7) years to comply with tax and commercial‑law requirements. We may retain minimal log data for security and audit purposes as long as reasonably necessary.

7. Your Privacy Rights

You may exercise the rights available to you under applicable law, including:

  • Access – obtain confirmation and a copy of your Personal Data.
  • Rectification – correct inaccurate or incomplete data.
  • Erasure – request deletion (“right to be forgotten”).
  • Restriction / Objection – limit or object to certain processing activities.
  • Data Portability – receive your data in a structured, commonly‑used format.
  • Withdraw Consent – at any time, if processing is based on consent.
  • Opt‑out (CCPA/CPRA) – opt‑out of “sale” or “sharing” of Personal Data, and restrict use of sensitive data.

To exercise any right, please e‑mail contact@nanohuman.co.jp. We will respond within one month (or the shorter timeframe required by local law). EU/EEA and UK residents may lodge a complaint with their local Data Protection Authority.

8. Security Measures

We implement industry‑standard administrative, technical and organisational safeguards, including TLS 1.3 encryption in transit, AES‑256 encryption at rest, multi‑factor authentication for staff, least‑privilege access controls, continuous vulnerability assessments, and annual penetration testing. No method of transmission or storage is completely secure; however, we continuously work to protect your data.

9. Children’s Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect Personal Data from children. If we become aware that a child has provided us with Personal Data, we will delete such data promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be notified to you via e‑mail and/or an in‑app banner at least 14 days before the changes take effect. The “Last updated” date at the top of this page will be revised accordingly.

11. Contact Us

  • E‑mail: contact@nanohuman.co.jp
  • Postal address: NanoHuman Inc., 5‑3‑2 Harumi, Chuo‑ku, Tokyo 104‑0053, Japan