Privacy Policy

The Company may ask for the following information when users register:

• Name
• Company name and department
• Email address
• Phone number
• Address
• Credit card information

Additionally, the Company may collect transaction records and payment information including personal information between users and partners from our partners (including information providers, advertisers, and ad distributors, hereinafter referred to as "Partners").

The purposes for which the Company collects and uses personal information are as follows:

1. To provide and operate the Company's services
2. To respond to user inquiries (including identity verification)
3. To send emails about new features, updates, campaigns, and other services provided by the Company
4. For necessary communications such as maintenance and important notices
5. To identify users who violate the terms of service or attempt to use the service for fraudulent or improper purposes, and to refuse their use
6. To allow users to view, change, delete their registration information, and view their usage status
7. To bill users for paid services
8. For purposes incidental to the above purposes

1. The Company may change the purpose of use of personal information only when it is reasonably recognized that the purpose of use is related to the purpose before the change.

2. When the purpose of use is changed, the changed purpose shall be notified to users or announced on this website by the method prescribed by the Company.

1. The Company will not provide personal information to third parties without obtaining prior consent from users, except in the following cases and when permitted by the Personal Information Protection Act and other laws:

1. When required by law
2. When necessary to protect human life, body, or property and it is difficult to obtain user consent
3. When particularly necessary for improving public health or promoting healthy child development and it is difficult to obtain user consent
4. When necessary to cooperate with national or local government agencies in executing legally prescribed duties, and obtaining user consent may hinder the execution of such duties
5. When the following matters have been notified or announced in advance and the Company has notified the Personal Information Protection Commission:
   • Including provision to third parties in the purpose of use
   • Items of data provided to third parties
   • Means or methods of provision to third parties
   • Stopping provision of personal information to third parties at user request
   • Method of accepting user requests

2. Notwithstanding the preceding paragraph, the following cases shall not be considered third parties:

1. When the Company entrusts all or part of the handling of personal information within the scope necessary to achieve the purpose of use
2. When personal information is provided due to business succession through merger or other reasons
3. When personal information is used jointly with specific parties, and users are notified in advance or made easily accessible regarding joint use, items of personal information jointly used, scope of joint users, purpose of use, and name of the person responsible for managing the information

1. When requested by an individual to disclose personal information, the Company will disclose it to the individual without delay. However, disclosure may be withheld in whole or in part if:

1. There is a risk of harming the life, body, property, or other rights and interests of the individual or a third party
2. There is a risk of significant hindrance to the proper conduct of the Company's business
3. It would violate other laws

2. Notwithstanding the preceding paragraph, information other than personal information, such as history and characteristic information, will not be disclosed in principle.

1. If a user's personal information held by the Company is incorrect, the user may request correction, addition, or deletion (hereinafter referred to as "Correction") of personal information according to procedures established by the Company.

2. If the Company receives a request from a user as described in the preceding paragraph and determines it necessary to respond to the request, the Company shall make the Correction without delay.

3. The Company shall notify the user without delay when making Corrections based on the preceding paragraph or when deciding not to make Corrections.

1. If requested by an individual to stop using or delete (hereinafter referred to as "Suspension of Use") personal information on grounds that it is being handled beyond the scope of the purpose of use or was obtained through improper means, the Company will conduct necessary investigations without delay.

2. If, based on the investigation results in the preceding paragraph, it is determined necessary to respond to the request, the Company will suspend use of the personal information without delay.

3. The Company shall notify the user without delay when suspending use based on the preceding paragraph or when deciding not to suspend use.

4. Notwithstanding the preceding two paragraphs, if suspension of use would incur significant costs or is otherwise difficult, and alternative measures can be taken to protect user rights and interests, such alternative measures shall be taken.

1. The contents of this Policy may be changed without notice to users, except for matters otherwise stipulated in laws and regulations and in this Policy.

2. Unless otherwise specified by the Company, the revised privacy policy shall take effect from the time it is posted on this website.

The Company uses analytics tools to understand how the service is used and to improve the user experience. These tools collect information such as pages visited, time spent, and interactions through cookies and similar technologies. No personally identifiable information is collected by these tools.

The analytics tools currently in use include:

• Google Analytics (provided by Google LLC) — for understanding site usage patterns and improving the service
• Microsoft Clarity (provided by Microsoft Corporation) — for understanding user interaction patterns through session recordings and heatmaps

Information collected by these tools is managed in accordance with each provider's privacy policy. Users can opt out of tracking by adjusting their browser settings or using browser extensions provided by the respective tool providers.

The Company takes necessary and appropriate security measures to prevent unauthorized access, loss, destruction, falsification, and leakage of personal information. Specific measures include:

• SSL/TLS encrypted communication
• Database encryption
• Strict access control
• Regular security audits
• Regular employee training on personal information protection

Optifai integrates with Google APIs to enable users to send emails from their connected Gmail account.

Scopes Used

• gmail.send — Send email only
• userinfo.email — Retrieve email address
• userinfo.profile — Retrieve display name

What Optifai Does NOT Do

• Optifai does NOT read, monitor, modify, or delete any messages in your Gmail mailbox
• Optifai only sends email messages that you create, review, or explicitly approve within the Optifai application

Token Storage and Security

• OAuth access tokens and refresh tokens are encrypted at rest using AES-256 encryption before storage
• Tokens are stored only while your Gmail account is connected
• You can disconnect your Gmail account at any time from Settings > Integrations, which immediately deletes all stored tokens

Data Sharing

• Optifai does not share Google user data with third parties
• Optifai does not use Google user data for advertising
• Optifai does not use Google user data to train AI or machine learning models

Optifai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Our service may use cookies and similar technologies. These technologies help us understand how the service is used and enable us to provide better service. Users can refuse cookies through browser settings, but this may prevent use of some features of the service.

For inquiries regarding this Policy, please contact:

SCENTBOX Inc.

Address: 20-23 Daikanyama-cho, Shibuya-ku, Tokyo

Email: info@optif.ai