Privacy Policy

Last Updated: December 25, 2025

Jidotachi ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our rhythm game score synchronization service.

1. Information We Collect

We collect the following types of information:

• Account Information: Email address and encrypted password when you create an account
• API Keys: Third-party service API keys (Kamaitachi, CHUNITHM-NET, maimai DX NET) that you provide for score synchronization
• Game Scores: Rhythm game scores and play data retrieved from connected services
• Usage Data: Sync schedules, import history, and service preferences
• Cookies: Session cookies for authentication and maintaining your logged-in state

2. How We Use Your Information

We use your information for the following purposes:

• To provide and maintain our score synchronization service
• To authenticate your identity and maintain your session
• To connect to third-party rhythm game services on your behalf
• To automatically sync your game scores according to your preferences
• To display your sync status and history
• To improve and optimize our service

3. Data Storage and Security

We take data security seriously:

• Passwords are hashed using bcrypt before storage
• API keys are encrypted using AES-256-GCM encryption
• Data is stored securely in a SQLite database
• Session cookies are httpOnly and secure (when using HTTPS)
• We do not share your personal information with third parties except as necessary to provide the service (e.g., connecting to game APIs)

4. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to Access: You can view your account information and data at any time
• Right to Erasure: You can delete your account and all associated data using the "Delete Account" feature
• Right to Object: You can stop automatic syncing at any time by disabling it in your settings
• Right to Rectification: You can update your account information and API keys at any time

Note: Data export/portability is not currently available. If you require a copy of your data, please contact support.

5. Data Retention

We retain your data for as long as your account is active. When you delete your account:

• All personal information is permanently deleted from our database
• API keys are securely destroyed
• Sync history and game scores are removed
• This action is irreversible

6. Cookies

We use essential cookies for:

• Authentication: Session cookies to keep you logged in
• Cookie Consent: A cookie to remember your consent preferences

We do not use tracking, analytics, or advertising cookies.

7. Third-Party Services

Our service connects to the following third-party APIs:

• Kamaitachi API (for score uploading)
• CHUNITHM-NET (SEGA)
• maimai DX NET (SEGA)

Your data shared with these services is subject to their respective privacy policies. We only send the minimum necessary data to perform score synchronization.

We use infrastructure providers (such as Google Cloud) for hosting and storage. These providers act as data processors under GDPR.

8. International Data Transfers

Your data is processed and stored on servers that may be located outside your country of residence. Where data is transferred outside the EU/EEA, such transfers are made on the basis of Standard Contractual Clauses (SCCs) or the Google Cloud EU Data Processing Addendum (DPA), as applicable. We do not rely on user consent for international transfers.

9. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 16, we will promptly delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this page.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us through your account settings or by visiting our homepage.

12. Legal Basis for Processing (GDPR)

Our legal basis for processing your personal data is:

• Contract: Processing is necessary to provide the service you requested (e.g., account, email, password, API keys, scores)
• Legitimate Interests: To improve and secure our service, prevent fraud, and ensure security
• Consent: Only for optional features such as cookies or optional sync settings. Consent is not the basis for core account data.