Privacy Policy

Operator: Lazuli Japan Inc. (株式会社ラズリジャパン) | Contact: support@tsumugu.tech | Last updated: May 21, 2026

1. Information We Collect

(a) Information you provide

Google account information (email, display name, profile photo URL)
Profile information (company, title, phone number, LINE ID, etc.)
Business card images and extracted contact data
Meeting booking information, email content

(b) Automatically collected information

App usage logs, device tokens (for push notifications)

(c) Information from external services

Google Calendar: calendar event data (when connected)
Zoom: OAuth tokens, meeting ID and join URL (when connected)

2. Purpose of Use

Business card OCR processing (via AI)
Contact management, search, and grouping
Meeting scheduling
AI follow-up email generation
Service improvement and fraud prevention

3. Business Card Information (Third-Party Personal Data)

Legal basis: Business custom of exchanging cards
Purpose: Contact management, meeting scheduling, follow-up emails
Third-party transfer: Card images sent to AI (US servers) for OCR processing
Retention: Until deleted by the user
Rights: Card owners may request disclosure, correction, or deletion at support@tsumugu.tech

4. International Data Transfer

Card images may be transmitted to US servers (OpenAI) for AI processing.

5. Data Storage and Security

Servers: Japan (GMO Pepabo LOLIPOP)
OAuth tokens: AES-256-CBC encrypted
Communications: HTTPS/TLS encrypted
Authentication: JWT (HMAC-SHA256)

6. Your Rights

Under Japan's Act on the Protection of Personal Information (APPI), you may request disclosure, correction, deletion, or cessation of use.

Contact: support@tsumugu.tech

7. Changes to This Policy

Changes will be communicated via in-app notification or email at least 14 days before taking effect.

8. Zoom Integration Zoom

When you connect your Zoom account to this App, we collect and use the following information.

Information collected

Zoom OAuth access token and refresh token
Meeting ID, join URL, and host URL (start_url)

Purpose of use

Creating Zoom meetings when booking appointments
Updating Zoom meetings when appointment details (time, title) are modified
Deleting Zoom meetings when appointments are cancelled

Data storage

Zoom tokens are stored on servers in Japan, encrypted with AES-256-CBC
Meeting IDs and URLs are stored only in our database
We do not access meeting content (conversations, recordings, etc.)

Revoking access

You can disconnect your Zoom account at any time from the App settings screen
Upon disconnection, Zoom tokens are immediately deleted from our database and the authorization is revoked on the Zoom side (via zoom.us/oauth/revoke)
You can also revoke access from Zoom at zoom.us/profile/connected_apps

Zoom Privacy Policy: https://explore.zoom.us/en/privacy/

9. Google API Integration Google Calendar

When a user connects their Google account to the App, we obtain and use the following information through the Google Calendar API.

Information We Obtain

Google account email and OAuth access / refresh tokens
Google Calendar event data (start / end time, title, presence of attendees)
Free/Busy information (used to determine the host's availability)

Purpose of Use

Display the host's real-time availability on the guest's booking screen
Automatically create a booking event on the host's Google Calendar upon booking confirmation
Update the Google Calendar event when a booking is rescheduled (time / title)
Delete the Google Calendar event when a booking is cancelled
Detect conflicts with the host's existing events

Data Storage

OAuth access and refresh tokens are stored AES-256-CBC encrypted on servers located in Japan
Calendar event contents are not persisted on our servers (fetched from the Google API on demand)
Only the Google Calendar event IDs corresponding to bookings we created are stored alongside the booking record, for the purpose of later update or deletion

Limited Use Compliance (Google API Services User Data Policy)

tsumugu's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We do not use Google user data for advertising purposes
We do not use Google user data to train AI or machine-learning models
We do not sell or transfer Google user data to third parties
Humans do not read Google user data (except with the user's explicit consent, for security purposes, to comply with applicable law, or to investigate abuse)

Disconnecting the Integration

You can disconnect Google integration at any time from the App settings screen
Upon disconnection, OAuth tokens are immediately deleted from our database
You can also revoke access from Google at myaccount.google.com/permissions

Google Privacy Policy: https://policies.google.com/privacy