Privacy Policy
Last updated: February 20, 2026
1. Introduction
Nue Inc. ("we," "us," or "the Company") establishes this Privacy Policy regarding the handling of users' personal information in connection with the mobile application "TabiReco" ("the App") provided by the Company.
We comply with the Act on the Protection of Personal Information ("APPI") and other applicable laws, and handle users' personal information appropriately.
2. Definition of Personal Information
In this Privacy Policy, "personal information" refers to personal information as defined in Article 2 of the APPI — information relating to a living individual that can identify a specific individual by name, email address, or other descriptions, or that contains an individual identification code.
3. Information We Collect
3.1 Information Provided Directly by Users
| Type of Information | Details | When Collected |
|---|---|---|
| Account Information | User ID, email address, and name associated with a Google Account or Apple Account | At account registration |
| Receipt Images | Image data of receipts captured with the camera | When capturing receipts |
| User Input Data | Manual edits to receipt data (item names, amounts, etc.) and project (trip) names | During app usage |
3.2 Information Automatically Generated or Collected
| Type of Information | Details | Purpose |
|---|---|---|
| Analysis Results | Store name, items, amounts, dates, and estimated location extracted from receipt images | Core service functionality |
| Wrap-up Text | AI-generated travel summary text based on receipt data | Core service functionality |
| Exchange Rate Information | Applied exchange rate, rate timestamp, original currency amount, and JPY-converted amount | Currency conversion feature |
| Change History | Date/time and before/after content of receipt data corrections and deletions | Ensuring data integrity |
| App Usage Logs | Event data such as screen transitions, scan counts, and feature usage (collected in association with user ID) | Service improvement and quality enhancement |
| Device Information | OS type/version, device model, app version, device identifier (instance ID) generated by Firebase SDK | Technical support, compatibility, and push notification delivery |
| Crash Logs | Stack traces and device state information at the time of app crashes | App stability improvement and bug fixes |
3.3 Information We Do Not Collect
We do not collect the following information:
- Device GPS location data (receipt location is estimated from store names and addresses printed on receipts — we do not use device location)
- Contacts (address book)
- Call history
- Health data
- Financial account or credit card information
4. Purpose of Use
We use the collected personal information for the following purposes:
| # | Purpose | Applicable Data |
|---|---|---|
| 1 | Account management and authentication | Account information |
| 2 | OCR analysis, translation, structuring, and JPY conversion of receipts | Receipt images, analysis results |
| 3 | Generation of travel wrap-up summaries | Analysis results |
| 4 | Push notifications (analysis completion, travel reminders, etc.) | Account information, device information |
| 5 | Estimating store locations from receipt data | Analysis results (store name/address) |
| 6 | Service improvement, new feature development, and quality analysis | App usage logs, device information |
| 7 | Prevention of unauthorized use and security | Account information, app usage logs |
| 8 | Responding to user inquiries | Account information |
| 6a | App stability monitoring, crash analysis, and bug fixes | Crash logs, device information |
| 9 | Compliance with laws (including data retention related to the Electronic Books Preservation Act) | Change history, analysis results |
5. Provision to Third Parties
We do not provide users' personal information to third parties except in the following cases:
5.1 External Services Required for Service Delivery
We transmit data to the following external services for the purpose of providing our service:
| External Service | Data Transmitted | Purpose |
|---|---|---|
| Google Cloud (Vision API / Translation API / Vertex AI) | Receipt images, analyzed text | OCR analysis, translation, AI processing |
| Supabase | Account information, receipt images, analysis results | Cloud data storage and authentication |
| OneSignal | Device token, user ID | Push notification delivery |
| Firebase Analytics | User ID, device identifier, app usage logs | App usage analysis |
| Firebase Crashlytics | Crash logs, device information | App stability monitoring and bug fixes |
| Google Maps Platform | Store name/address text, map display requests | Store location estimation, map display |
| Frankfurter API (ECB data) | None (data retrieval only) | Exchange rate retrieval |
Important: Receipt images and analyzed text are transmitted to external services solely for OCR analysis, translation, and AI processing. We do not use user receipt data for training AI models. We have also confirmed in our current contracts with these external services that user data will not be used for AI model training.
5.2 Provision Based on Law
We may provide personal information to third parties in the following cases:
- When required by law (court orders, inquiries from investigative authorities, etc.)
- When necessary to protect the life, body, or property of a person and it is difficult to obtain the consent of the individual
- When particularly necessary for improving public health or promoting the sound development of children and it is difficult to obtain the consent of the individual
- When cooperating with a national or local government entity or a person entrusted thereby in executing affairs prescribed by law, and obtaining consent may impede such execution
5.3 Business Succession
In the event of a merger, company split, business transfer, or other succession involving the business that includes users' personal information, we may provide personal information to the successor. In such cases, we will require the successor to comply with this Policy.
6. Data Storage and Management
6.1 Storage Location
- User data is stored in databases and storage on the cloud service (Supabase) used by us
- Server region: AWS Tokyo Region (ap-northeast-1)
- All communications are encrypted via TLS (HTTPS)
- Stored data is encrypted at rest on the server side
6.2 Local Storage When Offline
- When there is no internet connection, receipt images are temporarily stored on the device
- Upon connectivity restoration, data is automatically uploaded to the cloud and local data is deleted
6.3 Retention Period
- Data is retained as long as the user maintains their account
- After account deletion, all data is completely deleted within 30 days (including deletion from backups)
- If any data is required to be retained by law, it will be deleted after the legally prescribed retention period
6.4 Data Security Measures
We implement the following measures to prevent leakage, loss, and damage of personal information:
| Type of Measure | Details |
|---|---|
| Organizational Measures | Appointment of a person responsible for personal information handling; establishment of handling regulations |
| Technical Measures | Communication encryption (TLS), data-at-rest encryption, secure storage of authentication tokens, API rate limiting |
| Physical Measures | Reliance on the physical security of data centers managed by our cloud service provider |
7. User Rights
Users may exercise the following rights under the APPI:
7.1 Account Deletion (Data Erasure)
- You can delete your account at any time from the Settings screen in the App
- Account deletion permanently removes all cloud data (receipt images, analysis results, wrap-up texts, change history)
- This action cannot be undone
7.2 Requests for Disclosure, Correction, or Suspension
Under the APPI, you may make the following requests:
- Request notification of the purpose of use
- Request disclosure of personal information
- Request correction, addition, or deletion of personal information
- Request suspension or erasure of personal information
- Request cessation of provision of personal information to third parties
Please contact us at the inquiry desk listed at the end of this Policy. We will respond within the period prescribed by law after verifying your identity.
8. Cookies and Tracking Technologies
The App is not a web application and does not use cookies.
However, we incorporate the following SDKs for service improvement:
| SDK | Purpose | Opt-out |
|---|---|---|
| Firebase Analytics | App usage analysis (collects usage logs associated with user ID) | Controllable via the device's ad tracking settings |
| Firebase Crashlytics | App stability monitoring and crash analysis | Controllable via in-app settings or device settings |
We do not perform tracking for the purpose of advertising targeting.
9. Children's Personal Information
The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information, we will promptly delete such information.
10. International Data Transfers
Data collected through the App may be stored and processed on servers outside Japan (data centers of cloud service providers) to the extent necessary for service delivery.
In accordance with Article 28 of the APPI, we take appropriate measures when providing personal information to third parties in foreign countries, specifically by confirming that adequate systems for the protection of personal information are in place at the data transfer destination.
11. Changes to This Policy
We may revise this Privacy Policy due to changes in laws, service modifications, or other reasons. Users will be notified of changes through:
- In-app notifications
- Posting on our website
For significant changes, we will notify users at least 14 days before the effective date. Continued use of the App after a change takes effect constitutes acceptance of the revised Privacy Policy.
12. Governing Law and Jurisdiction
This Policy is governed by and interpreted in accordance with the laws of Japan. Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of the Tokyo District Court as the court of first instance.
13. Contact Us
For inquiries regarding the handling of personal information or requests for disclosure, please contact us at:
- Company: Nue Inc.
- Privacy Officer: Ryunosuke Watanabe
- Email: tabireco@nue-tech.jp
You can also reach us via the Contact Form.