Privacy Policy

VoicePing Corporation (hereinafter referred to as “we”, “us”, or “the Company”) takes utmost care in operating “VoicePing” and protecting your privacy. The privacy policy for the use of this service is as follows.

​

Article 1: Scope of Application

This policy applies when users utilize VoicePing services. Personal information and other data obtained from users will be handled in accordance with this policy.

​

Article 2: Definitions

In this policy, the following terms shall have the meanings set forth below. (1) “Service” means all services related to VoicePing provided by the Company. (2) “User” means an individual, corporation, or other organization that agrees to the Terms of Service and uses the Service, including both contracting entities and individuals who actually use the Service. (3) “Workspace” means the digital space for accessing the Service. (4) “Administrator” means a User who manages a Workspace, with authority to invite, register, and remove Guests. (5) “Guest” means a User who uses the Workspace. (6) “Operator” means any User who actually uses the Service, including both Administrators and Guests. (7) “This Policy” means this privacy policy for the Service. (8) “Terms of Service” means the terms of service for the Service. (9) “Personal Information Protection Act” means the Act on the Protection of Personal Information (Act No. 57 of 2003), including any subsequent amendments. (10) “Personal Information” means information about a living individual that can identify a specific individual by name, date of birth, or other description contained in the information (including information that can be easily cross-referenced with other information to identify a specific individual). This includes personal identification codes. (11) “Retained Personal Data” means retained personal data as defined in Article 2, Paragraph 7 of the Personal Information Protection Act. (12) “Voice Data” means audio recorded when Users use the Service. (13) “Voice Text Data” means text data generated by processing Voice Data. (14) “Voice-Related Data” means Voice Data and Voice Text Data collectively. (15) “Third-Party Services” means products and services of other companies that are linked to or integrated with the Service.

​

Article 3: Collection of User Information

1. The Company collects the following information, including personal information, from Users when they use the Service, as well as any other information the Company deems necessary for providing the Service.

(1) Administrator:

• Name
• Email address
• Phone number
• Company name
• Number of employees
• Position/Title

(2) Guest:

• Name
• Email address

2. The Service may request personal information when Users use the Service or make inquiries.
3. In addition to Paragraph 1, the Service may collect Voice Data and Voice Text Data.
4. The Service may automatically collect the following information when Users use the Service or view pages:

(1) Service usage information:

• Operation settings
• Login status

(2) Log data: When Users access the Service, the Company may automatically collect information called log data sent by the browser. Log data may include:

• Internet Protocol (IP) address of the computer
• Browser version
• Pages of the Service accessed, dates and times of access, and duration of viewing
• Other statistical information

(3) Mobile device data: When Users use the Service from mobile devices, the Company may automatically collect:

• Device type and model
• Operating system
• Mobile network information

(4) Desktop application data: When Users use the Service via desktop applications (Mac, Windows, and Linux), the Company may automatically collect:

• Active applications
• URLs of Service-related websites accessed
• Computer active time
• Project or task names and actual working hours
• Browser type and version

​

Article 4: Purposes of Use of User Information

1. GDPR role clarification

For Customer Content (including meeting audio, transcriptions, summaries, and related metadata) processed on behalf of Customer organizations, the Company acts as a Data Processor and processes such data only on documented instructions from the Customer under the applicable Data Processing Agreement (DPA). For account administration, billing, direct support, security operations, and legal compliance activities, the Company acts as an independent Data Controller.

2. When acting as a Data Controller, the Company uses information obtained through the Service, including personal information, for the following purposes:

(1) To provide and operate the Service (2) To bill for the use of the Service (3) To administer accounts and provide user-requested service customization (4) To modify and improve the Service and to develop new features using aggregated or anonymized data that cannot identify individuals (5) To prevent unauthorized use and use that violates the Terms of Service (6) To create and analyze anonymized statistical data that cannot identify individuals (7) To deliver emails related to Service updates, campaign information, and other Service-related content (8) To respond to inquiries (9) To comply with legal obligations and enforce applicable agreements

3. The Company uses Voice-Related Data for controller-side purposes only where necessary for direct support and service maintenance. In such controller-side cases, Voice-Related Data is used for the following purposes. However, for the use described in item (2), the Company will cease such use if the User applies for opt-out through the Company’s prescribed method.

(1) To repair system failures of the Service (2) To update the Service

​

Article 5: Disclosure of User Information

1. The Company does not sell or rent personal information.
2. The Company may disclose personal information to third parties in the following cases:

(1) When disclosing information obtained from Users to contractual partners to the extent necessary to provide the Service (2) When the User has given consent to the disclosure (3) When ordered by a court to disclose information under the Act on the Limitation of Liability for Damages of Specified Telecommunications Service Providers and the Disclosure of Identification Information of the Sender, or when receiving an official inquiry from a public authority such as police based on laws establishing investigative authority (4) When deemed necessary to protect the rights, property, or services of a third party or the Company due to violations of laws, terms of service, or guidelines in connection with the use of the Service (5) When personal information is transferred as part of a business succession due to merger, corporate split, business transfer, or other reasons (6) When there is imminent danger to life, body, or property and urgent necessity, and it is difficult to obtain the consent of the individual (7) When otherwise permitted by law

3. In addition to the preceding paragraph, the Company may disclose Voice Text Data to third parties to whom the Company entrusts Service repairs, solely for the purpose of repairing and updating the Service. In such cases, the Company shall impose the same obligations as those under this policy on the receiving third party.

​

Article 6: Integration with Third-Party Services

1. To enable certain features of the Service, the Company may, with User consent, link to or integrate with third-party products and services. For example, Users can integrate Google Calendar with VoicePing. Users may be required to create an account with or link their account to the third-party service.
2. In the case of Paragraph 1, Users shall agree to the privacy policy and terms of use of the relevant third-party service.
3. In the case of Paragraph 1, the Company may request the User’s permission to obtain information from third-party services. When the User grants permission, the Company may obtain information from both the User and the third-party service necessary for the integration, and access the User’s information stored in the third-party service.
4. The Company may associate data collected under the preceding paragraphs with the User’s account and store it.
5. The Company uses data collected and stored under the preceding paragraphs only to the extent necessary to provide the Service in conjunction or integration with third-party services.
6. We do not use any user data obtained through Google Workspace APIs to develop, improve, or train any general-purpose AI or machine learning models.

​

Article 7: Cookies

1. The Company may store and reference cookies on the User’s computer. Cookies are sent from the website to the User’s browser and stored on the computer’s hard drive.
2. The Service may use cookies to maintain Users’ login status. Users can accept or reject cookies through browser settings. If cookies are rejected, Users will be logged out when closing the browser tab or window.

​

Article 8: Data Storage and International Transfers

1. The Company transfers, processes, and stores information obtained from Users on cloud infrastructure in Japan (Tokyo regions), including AWS (ap-northeast-1) and GCP (asia-northeast1). Depending on enabled integrations and sub-processors, limited data may be transferred to or processed in countries other than the User’s country of residence. Privacy practices and government access rights in those countries may differ from those in the User’s country. For example, information collected in the European Economic Area (“EEA”) and Switzerland may be transferred to and processed by third parties located outside the EEA and Switzerland.
2. For transfers of personal data from the EEA or Switzerland, the Company relies on the following legal mechanisms:

• EU adequacy decision for Japan (adopted January 2019, renewed April 2023)
• EU-US Data Privacy Framework for transfers to US-based sub-processors
• Standard Contractual Clauses (SCCs) as approved by the European Commission
• Swiss-US Data Privacy Framework and Swiss Federal Council’s adequacy recognition of Japan for Swiss data

3. By using the Service and providing information, including personal information, to the Company, the User acknowledges the transfer, processing, and storage of such information as described above.

​

Article 9: Sub-processors

The Company engages the following categories of third-party service providers (sub-processors) that may process User data in connection with the Service: The Company imposes contractual obligations on all sub-processors to ensure appropriate handling of personal information in accordance with this policy. An up-to-date list of sub-processors is maintained in the Company’s Data Processing Agreement, available upon request.

​

Article 10: Links to Other Websites

This policy does not apply to websites provided by entities other than the Company that are linked from the Service. The Company assumes no obligation or responsibility for the information collection practices of such entities.

​

Article 11: Disclosure, Correction, and Deletion of Personal Information

1. In accordance with the Personal Information Protection Act, when a User requests the disclosure, correction, suspension of use, or deletion of their personal information, the Company will verify the User’s identity and process the request. Requests should be directed to the contact person described in Article 15. The following information and documents will be required:

(1) Name (2) Address (3) Phone number (4) Email address (5) Identity verification documents

2. For disclosure requests, the Company will promptly disclose retained personal data in accordance with the Company’s procedures. A handling fee of 1,000 yen (tax included) will be charged per request.
3. For correction and suspension of use, the Company will promptly investigate and take action upon verifying the User’s identity in the following cases, and notify the User of the results:

(1) When a correction is requested on the grounds that personal information is inaccurate, in accordance with the Personal Information Protection Act. (2) When suspension of use is requested on the grounds that information is being used beyond the previously disclosed purposes or was collected by fraudulent means, in accordance with the Personal Information Protection Act.

4. For deletion of personal information, the Company will delete the information without delay upon verifying the identity of the requesting User and will notify the User accordingly. Users may also delete their accounts and associated data directly through the platform’s account management features at any time.
5. The provisions of the preceding paragraphs shall not apply where the Company is not obligated to disclose, correct, suspend use of, or delete personal information under the Personal Information Protection Act.

​

Article 12: Data Retention

1. The Company retains personal data only for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Audio files (conversation history): Encrypted (AES-256) and retained for up to 3 months (maximum), depending on plan and settings. Data exceeding the retention period is deleted.
• Transcription and meeting summary data: Retained for the duration of the service agreement. Users may delete individual items through the platform.
• User account data: Retained for the duration of the service agreement. After service termination, deleted when the User or Customer performs account/data deletion through the platform or submits a deletion request.
• Log data: Server access logs are stored in AWS S3 for security monitoring, incident investigation, and compliance purposes. Application logs are designed not to output direct personal data (such as names, email addresses, or transcription content). If identifiers that may relate to an individual are present in log records (e.g., IP addresses), such identifiers are deleted or irreversibly anonymized within 30 days after a valid User/Customer deletion request (including requests made after service termination). Logs are retained only for the minimum operational/security period and are not retained long-term.

2. Upon termination of the service agreement, the Company retains User personal data until the User or Customer initiates deletion through the platform or submits a deletion request, unless retention is required by applicable law. Following a valid deletion request, the Company will delete User personal data within 30 days. Irreversibly anonymized data that cannot identify an individual is not personal data and may be retained.

​

Article 13: Security

1. The Company handles personal information and information systems securely. The Company maintains ISO/IEC 27001:2022 / JIS Q 27001:2023 certification (Certificate: IS 820960, issued by BSI, valid 2025-04-25 to 2028-04-24).
2. Where the Company outsources operations to third parties for providing the Service, the Company enters into agreements to ensure appropriate management by such third parties.
3. Notwithstanding the foregoing, Users should be aware that no method of Internet transmission or electronic storage is 100% secure. Users are advised to use two-factor authentication and other precautions for accounts storing sensitive information.

​

Article 14: Disclaimer

The Company shall not be liable in the following cases: (1) When a User discloses personal information to a third party using the Service’s features or other means. (2) When a User’s identity can be determined from information the User has disclosed on the Service.

​

Article 15: Revision of the Privacy Policy

The Company may revise all or part of this Privacy Policy. Revisions will be automatically applied to all Users upon posting within the Service.

​

Article 16: Personal Information Handler

Company Name VoicePing Corporation Personal Information Protection Manager Akinori Nakajima (中島明紀) Contact Omodaka Bldg. 4F, 1-9-7 Shibaura, Minato-ku, Tokyo 105-0023, Japan For inquiries, please use the inquiry form.

---

Enacted and enforced: September 23, 2020 Revised: July 9, 2021 Revised: August 21, 2021 Revised: July 4, 2023 Revised: February 20, 2025 Revised: February 26, 2026 ## Official Links