Privacy Policy

Company Name: Storyteller AI Inc.
Address: 7F N&E BLD., 1-12-4 Ginza, Chuo-ku, Tokyo 104-0061, Japan
Representative: CEO Hidetsugu Yui
Contact: contact@storytlr.ai
Website: https://www.storytlr.ai

We may collect the following personal data:

2.1 Information Directly Provided

• Name, email address
• Phone number (optional, form submissions only)
• Company name, department, job title
• Inquiry details, requests
• Service usage information

2.2 Information Automatically Collected

• IP address, browser type, language settings
• Access date/time, referral URL
• Device information (OS, screen size, etc.)
• Cookie ID, advertising identifiers
• Page views, click behavior, time spent on site

We process data based on the following legal grounds:

• Consent (Article 6(1)(a)): When you have given explicit consent (e.g., marketing email subscriptions)
• Performance of a Contract (Article 6(1)(b)): When necessary for the provision of services
• Legitimate Interests (Article 6(1)(f)): Service improvement, security maintenance, fraud prevention
• Compliance with Legal Obligations (Article 6(1)(c)): When fulfilling obligations required by law

• Provision, operation, and improvement of services
• Responding to inquiries
• Providing service-related information (newsletters, seminar announcements, etc.)
• Usage analysis and statistical processing
• Fraud prevention and security maintenance
• Legal compliance and dispute resolution
• Customer support and troubleshooting

We retain data for the following periods:

• Inquiry Data: 3 years after resolution
• Contract/Transaction Data: 7 years after contract termination (legal obligation)
• Access Logs: Up to 2 years
• Cookies: Up to 2 years (varies by type)
• Marketing Consent: Until consent is withdrawn, or 3 years from last interaction

After the retention period, data is securely deleted or anonymized.

We share data with third parties only in the following cases:

6.1 Service Providers

• Google Analytics: Web analytics (anonymized)
• Cloud Hosting: AWS, Google Cloud Platform
• Email Delivery Services: SendGrid, Mailchimp, etc.
• Customer Support: Zendesk, Intercom, etc.

6.2 Legal Requests

When required by law, court orders, or requests from supervisory authorities

6.3 Business Transfers

In the event of a merger, acquisition, or business transfer, data may be transferred to the successor entity with prior notice.

Our company is based in Japan, and some of our service providers are located outside the EU (e.g., United States, Japan). For data transfers outside the EU, we implement the following appropriate safeguards:

• Standard Contractual Clauses (SCCs): Execution of contractual clauses approved by the European Commission
• Adequacy Decisions: Transfer to countries recognized by the European Commission as providing an adequate level of protection
• Explicit Consent: Your explicit consent

For details about data transfers, please contact us.

If you reside in the European Economic Area (EEA), you have the following rights:

To exercise these rights, please contact us via our Contact Page or contact@storytlr.ai. We will respond within one month.

For inquiries regarding data protection, please contact our Data Protection Officer:

Name: [Data Protection Officer Name]
Email: dpo@storytlr.ai

Inquiries are accepted via email.

If you have concerns about our data processing, please contact us first. You also have the right to lodge a complaint with the supervisory authority in your country of residence.

Japan: Personal Information Protection Commission (PPC)
https://www.ppc.go.jp/

EU: National Data Protection Authorities (DPAs)
List of EDPB Members

We do not currently engage in fully automated decision-making or profiling that produces legal or similarly significant effects on our customers. Should we implement such processing in the future, we will, in accordance with GDPR Article 22 and EU AI Act Article 86, provide clear advance notice, obtain explicit consent, maintain Human-in-the-Loop review, and guarantee the right to explanation.

For details on the AI systems we provide and use, transparency principles, prohibited practices, high-risk restrictions, and hallucination disclosures, see ourAI Usage Policy.

Our website uses cookies. For details, please see our Cookie Settings Page.

You can change your cookie settings at any time through your browser settings or our Cookie Settings Page.

We implement the following technical and organizational measures to protect personal data:

• Communication protection through SSL/TLS encryption
• Access control and permission management
• Regular security audits
• Regular security training for employees
• Data breach notification processes
• AI governance framework compliant with ISO/IEC 42001:2023

In the event of a data breach, we will notify the supervisory authority within 72 hours and promptly inform affected customers.

We may update this policy in response to changes in laws or improvements to our services. For significant changes, we will notify you via our website or email.

We recommend reviewing this page periodically.