Legal

Privacy Policy

Effective date: March 19, 2026

TravelSafe Japan (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data when you use our website at travelsafejapan.com.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and name via Clerk, our authentication provider. You may optionally sign in with Google or other OAuth providers — in which case we receive only the profile data that provider shares.

1.2 Images You Upload

When you use the photo scanner, you upload images of food labels or dishes. These images are sent to Google AI (Gemini) for analysis and are not stored permanently on our servers. Google AI processes the image in real time to generate an allergen analysis and the image is discarded after processing. Please do not upload images containing personal information.

1.3 Usage Data

We track your daily scan count (photo scans, barcode scans, allergy cards) to enforce free-tier limits. For logged-in users, we use your Clerk user ID. For guests, we use your IP address as a usage key. Usage counts are stored in Upstash Redis and automatically expire after 24 hours.

1.4 Scan History

Scan results (allergen analysis, timestamps) may be saved in your browser’s local storage on your device. This data remains on your device and is not transmitted to our servers unless you use a cloud sync feature.

1.5 Payment Information

Payment processing is handled entirely by Stripe. We never receive, store, or have access to your full credit card number, CVV, or banking details. We store only your Stripe Customer ID and subscription status (Pro / 5-Day Pass expiry) in your Clerk account metadata for access control purposes.

1.6 Cookies and Analytics

We use cookies that are strictly necessary for the Service to function (e.g., session cookies from Clerk). We do not use advertising cookies or sell your data to advertisers. We may use privacy-friendly analytics (without personal identifiers) to understand aggregate usage patterns.

2. How We Use Your Information

  • To provide and improve the Service (allergen analysis, allergy cards, travel tools)
  • To authenticate you and manage your account
  • To enforce free-tier usage limits
  • To process payments and manage subscriptions
  • To send transactional emails (account changes, subscription receipts) — no marketing emails without your consent
  • To comply with legal obligations

3. Third-Party Services

We share data with the following third parties only as necessary to provide the Service:

  • Clerk (clerk.com) — Authentication and user management. Stores your email, name, and subscription metadata. See Clerk’s Privacy Policy.
  • Stripe (stripe.com) — Payment processing. Handles all payment card data under PCI DSS compliance. See Stripe’s Privacy Policy.
  • Google AI / Gemini (cloud.google.com) — Processes uploaded images for allergen analysis. Images are not stored after processing. See Google’s Privacy Policy.
  • Upstash Redis (upstash.com) — Stores temporary rate-limit counters (IP or user ID) that expire every 24 hours. No personal content is stored.
  • Open Food Facts (openfoodfacts.org) — Public barcode database queried by product barcode number only. No personal data is shared.
  • Vercel (vercel.com) — Hosting provider. May log IP addresses for security and performance. See Vercel’s Privacy Policy.

We do not sell your personal data to any third parties.

4. Data Retention

  • Account data: Retained until you delete your account
  • Rate-limit counters: Expire automatically after 24 hours
  • Uploaded images: Not stored — discarded after real-time AI processing
  • Local scan history: Stored in your browser until you clear it
  • Payment records: Retained as required by applicable tax and financial regulations (typically 7 years)

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a portable format
  • Objection: Object to processing of your data in certain circumstances

To exercise any of these rights, contact us at support@travelsafejapan.com.

6. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

7. International Data Transfers

Our service is hosted and operated with infrastructure primarily based in the United States and Japan. If you are located in the EU/EEA, your data may be transferred to countries outside the EEA. We rely on our third-party providers (Clerk, Stripe, Google) to provide appropriate data transfer safeguards.

8. Security

We implement reasonable technical and organizational measures to protect your data, including HTTPS encryption, secure credential management, and reliance on PCI-compliant payment processors. However, no method of transmission over the internet is 100% secure.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on our website. Continued use of the Service after changes constitutes acceptance.

10. Contact Us

For privacy-related requests or questions, contact us at: support@travelsafejapan.com

Or visit our Contact page.