nemi日本語

Privacy Policy

Effective: May 9, 2026

nemi takes your privacy seriously. This policy explains, in plain language, what we collect, why, and how to get rid of it. If anything is unclear, email support@nemi.beauty and we'll help.

1. What we collect

We try to collect as little as possible.

Account data

  • Email address (used for account identification and login authentication)
  • If you sign in with Apple, Google, or LINE: your email address, a unique user ID, and any profile fields (name, avatar) you authorize the provider to share. For LINE Login specifically, we receive email, LINE user ID, and profile information for account creation and identity verification only.

Service usage

  • Your scan history and saved products (collections)
  • Photo submissions for products not yet in our database (optional)
  • Issue reports and contact messages

Automatic data

  • Anonymous barcode scan logs (timestamp + result type only — not linked to a user account)
  • App version, OS version
  • For crash investigation, we collect crash data, device model, OS version, and stack traces via Sentry (US). Automatic PII collection is disabled, but Sentry's network layer may briefly capture an IP address.

2. How we use it

  • To provide the service (product search, ingredient evaluation, etc.)
  • To debug and improve the service
  • To grow and refine the database (adding missing products)
  • To send important notices (e.g., privacy policy changes)

We do not use your data for ad targeting or for sale to third parties.

3. Third-party services

We use the following services to deliver the app. These third parties are contractually required to provide the same or equivalent protection of user data as this policy. Each provider's own privacy policy also applies.

  • Supabase (US, Tokyo region): stores account, collection, and scan history data. Data is held in the Tokyo region. Supabase staff access to user data is contractually limited.
  • Apple / Google / LINE: external sign-in (OAuth/OIDC) providers. Data received via federated identity (email, user ID, profile) is handled as described above.
  • Anthropic (US): generates ingredient explanations. We send only public ingredient names — never user-identifying data (no email, user ID, or IP address). Because no personal data is sent, this is not a third-party transfer under APPI Article 28.
  • Resend (US): delivers OTP emails. Your email address is sent to Resend (as a service provider).
  • Apple In-App Purchase / Google Play Billing: subscription billing. Name, address, and payment information are managed by Apple/Google and are not shared with us.
  • RevenueCat (US): subscription entitlement validation. We send the Apple/Google receipt and a user UUID to RevenueCat (as a service provider).
  • Sentry (US): crash reporting and analysis. Automatic PII collection is disabled; the network layer may briefly capture an IP address (as a service provider).

Cross-border transfer (APPI Article 28)

We outsource processing of your personal data to providers located in the United States (Anthropic, Resend, RevenueCat, Sentry). The United States is not designated by Japan's Personal Information Protection Commission as a country with a personal data protection regime equivalent to Japan's. Each provider handles personal data under its own published privacy and security policies.

4. Retention

  • While your account is active, we retain data to operate the service.
  • If you delete your account, related data is removed from our servers.
  • Anonymous barcode scan logs may be retained for up to 24 months for service improvement.

5. Data deletion

Use Settings > Delete my data in the app to remove your account and all related data at any time. Guest data is cleared locally. Signed-in users have their account, collections, and history removed from the server as well. If you signed in with Apple, we also call Sign in with Apple's REST API to revoke your access tokens.

Pro subscribers: deleting your account does NOT cancel your Apple or Google subscription. To stop billing, please cancel via your OS Settings > Subscriptions screen first.

6. Children

nemi is intended for users 13 and older. If you are under 13, please use the service with parental consent.

7. Contact and disclosure requests

For data access, correction, or deletion requests, email support@nemi.beauty. We aim to respond within 2 weeks. Per APPI, we will provide responses in electronic or written form, whichever you prefer.

8. Policy updates

We'll notify users in-app and on this page in advance of any meaningful change. Continued use after a change constitutes acceptance of the updated policy.

9. Operator

For full operator information, see our Legal Notice.
Contact: support@nemi.beauty

10. Security measures (summary)

To protect your personal data, we maintain the following measures:

  • Organizational: designated data-handling responsibility, regular reviews, principle of least privilege
  • Technical: HTTPS encryption in transit, Row-Level Security for database access, encryption at rest, secure credential storage
  • Physical: cloud-hosted (Supabase Tokyo region); we manage no physical media
  • External-environment awareness: some service providers are located in the US. The US is not designated as having an equivalent personal data protection regime to Japan's. We confirm appropriate safeguards via contracts with each provider.

11. Affiliate links

Product detail pages in the app contain affiliate links to partner retailers (Amazon JP, Rakuten, Qoo10, @cosme). When you tap one, you transition to the partner's site, and the partner may set affiliate-tracking cookies under its own privacy policy. See affiliate disclosure for details.

The affiliate relationship has no influence on our product scores, ingredient ratings, or similar-products selection.

12. International users

nemi is operated under Japanese law (APPI). Users outside Japan, including in the EU and UK, may submit data subject requests via APPI's framework by emailing support@nemi.beauty.