Privacy Policy
This English translation is provided for reference only. In case of any discrepancy, the Japanese version shall prevail.
Sola K.K. (the "Company") recognizes the importance of protecting personal information in connection with "Blue," the web application deployment and publishing platform (the "Service"). We have established the following privacy policy to ensure proper handling and protection of your personal information.
1. Information We Collect
We collect the following information in connection with the Service:
| Type of Information | When Collected |
|---|---|
| Email address | Account registration |
| Password (stored as a hash) | Account registration |
| Username | Account settings |
| IP address | Service usage (access logs) |
| Uploaded files | App deployment |
| Inquiry details (including company name, name, phone number) | Contact form submission |
| Feedback content | Feedback submission |
| AI Build conversation content / prompts | When using AI Build |
| Email address for the waitlist | Waitlist registration when at capacity |
2. Purpose of Use
We use collected personal information for the following purposes:
- Providing, maintaining, and improving the Service
- Account authentication and management
- Responding to inquiries
- Analyzing usage and improving service quality
- Referring to AI Build conversation content / prompts internally for quality improvement and issue diagnosis (we do not provide them to third parties as training data for AI models)
- Detecting and preventing unauthorized use
- Compliance with applicable laws
3. Disclosure to Third Parties
We do not disclose your personal information to third parties except in the following cases:
- With your consent
- As required by law (court orders, law enforcement requests, etc.)
- When necessary to protect the life, body, or property of an individual
We do not sell or share personal information for advertising purposes.
Use of External Services (Processing on Our Behalf)
To provide the Service, we use the following external services. Each is a delegation of processing on our behalf; none is used for advertising or sold.
- AI providers (Anthropic / OpenAI, etc.): To generate output in AI Build, the content you enter is sent to AI providers. This is processing performed on our behalf and is often routed through providers located overseas. Content sent through their APIs is not used to train AI models by default. However, under the providers' standard API terms, inputs and outputs may ordinarily be retained for up to 30 days for abuse prevention and similar purposes.
- Google Analytics 4 (GA4) / Google Search Console: Used on public marketing pages (landing, pricing, support, and other surfaces accessible without sign-in) to understand site usage. GA4 does not run on signed-in surfaces (Console / AI Build / Settings / System Admin / Dashboard). In the future we plan to migrate to a self-hosted analytics platform (such as Matomo); this policy will be updated at that time.
- OpenAI Ads Measurement Pixel: We may use this on public pages and the signup completion page to measure completed registrations from ChatGPT ads. When registration completes, we may send hashed values derived from your email address and our internal analysis ID, attribution parameters, referrer, and the current URL. We do not send raw email addresses or raw analysis IDs. The pixel does not run on normal signed-in product surfaces (Console / AI Build / Settings / System Admin / Dashboard).
- Sign-in with an external account (Google / Microsoft): If you choose "Continue with Google" or "Continue with Microsoft," we use the respective provider's OAuth to verify your identity. We receive only an account identifier and your email address (including its verification status where provided). We do not access your password, contacts, calendar, or similar data, and we do not store access tokens. After sign-in, authentication is handled by a session we issue. Microsoft supports both work/school and personal accounts.
When we engage an external provider to process personal information, we confirm the necessary contractual and other conditions and appropriately manage and supervise the provider.
4. Use of Cookies
The Service uses cookies for session management and maintaining user experience.
- Session cookies: Used to maintain login state. Deleted when the browser is closed.
- App authentication cookies: Used for access authentication to password-protected apps.
- Analytics cookies (public pages only): The Google Analytics 4 integration described above may set cookies such as `_ga`. These cookies are governed by Google's terms and are not set on signed-in surfaces.
- Ad measurement cookies (public pages and signup completion only): The OpenAI Ads Measurement Pixel may set cookies such as `__oppref` to identify ad referrals.
- First-touch cookie: Blue uses a temporary HttpOnly cookie (`blue_first_touch`, up to 30 days) to carry ad, UTM, and initial-referrer context through OAuth or email verification. Click IDs are converted to presence flags and hashes on the first request; raw values are stored in neither this cookie nor the user ledger. This cookie is deleted when signup completes.
We do not use our own cookies for cross-site behavioral tracking. The first-touch cookie is used only for Blue's internal acquisition classification, and we do not directly share its contents with third parties.
5. Data Security
We implement the following measures to prevent leakage, loss, or damage of personal information:
- Designating persons responsible for personal data and defining authorized personnel and scope
- Personnel training, confidentiality obligations, and access restrictions
- Measures to prevent theft, loss, and unauthorized use of devices and media handling personal data
- Password hashing
- HTTPS encryption for all communications
- Container network isolation per app
- Proper access log management and rotation
- Security scanning
- Reviewing applicable foreign legal environments and provider safeguards when personal data is processed abroad
6. Data Retention and Deletion
- After account withdrawal, your data will be deleted within a certain period. Restoration after withdrawal is not available to you as a user (we may retain data internally for a limited period for fraud prevention, recovery, and legal compliance).
- Access logs are retained for a specified period for safe operation and fraud prevention, then deleted.
- Information required to be retained by law will be kept for the prescribed period before deletion.
Notwithstanding the above, we will respond to a formal request to suspend use or erase your personal information (Section 7) after verifying your identity.
7. Your Rights
You may request the following from the Company:
- Notification of the purpose of use of your personal information
- Disclosure of your personal information
- Correction, addition, or deletion of your personal information
- Suspension of use or erasure of your personal information
- Stopping disclosure of your personal information to third parties
- Disclosure of records concerning provision of your personal information to third parties
Please contact us at the address below. After verifying your identity, we will respond in accordance with applicable law and by the method you request, unless that method is difficult to provide, in which case we will use an appropriate alternative.
8. Apps Deployed by Users
External services (such as Google Analytics or other tracking tools) used within Apps deployed on the Service are implemented at the discretion of the App's User. The Company is not involved in and assumes no responsibility for such services.
9. Amendments
The Company may amend this Policy as necessary. Any amendments will be promptly announced on the Service.
10. Contact
For inquiries regarding the handling of personal information, please contact:
Sola K.K.
9F, VORT Suehirocho II, 6-14-3 Sotokanda, Chiyoda-ku, Tokyo, Japan
Representative: Keisuke Yoshimura
Personal Information Protection Manager: General Affairs Department Manager
Email: privacy@sola-air.com
Effective: March 25, 2026 — Sola K.K.