Effective and last updated: July 13, 2026
1. Controller and scope
Goshi Kaisha Takkyun (“we”) operates the Koremite app, its sharing Hub, and this website. This Policy applies to all three.
For contact, privacy rights, and safety reports, use the support form.
Controller/Operator: Goshi Kaisha Takkyun, 4-2-3 Akasaka, Minato-ku, Tokyo 107-0052, Japan
2. Data kept only on the device
Draft notebooks, original photos, arrows, numbers, PDFs, and transfer files remain on the iPhone or iPad unless the user deliberately shares or exports them. We do not continuously sync or view drafts.
3. Hub data
- A family-facing nickname, random device ID, authentication token, push token
- Spaces, anonymous member IDs, roles, invitations, and blocks
- The selected notebook snapshot, text, name/grade fields, annotations, and compressed photos
- Comments, read/reply state, and safety reports
- A short-lived irreversible IP hash for abuse limits, plus operational and security logs
Shared images are reduced to 2,048 pixels on the long edge and 5 MB or less. Location, capture time, camera, and device metadata are removed.
4. Purposes and legal bases
- Delivering a Mite and comments to a chosen family or organization (contract and consent)
- Notifications, support, and deletion requests (contract and legal obligations)
- Reporting, blocking, abuse prevention, security, and reliability (legitimate interests and child safety)
- Recording parental authorization where local law requires it (consent and legal obligations)
We do not sell data, serve behavioural ads, track users across third-party services, profile children, or make solely automated decisions with legal or similarly significant effects.
5. Children and guardians
Koremite is designed for school-age children with adult support. A parent, guardian, or authorized school representative must review Hub sharing and purchases. Where law requires parental authorization below a local age, we make reasonable efforts to verify it. Consent may be withdrawn at any time.
6. Recipients and processors
Content is visible only to people or organizations selected through a short-lived invitation code. We use Amazon Web Services (Tokyo region storage, API, and notification integration), Apple (App Store, StoreKit, and APNs), and OpenAI Sites (website delivery). Where processing involves an international transfer, we use applicable contracts, standard contractual clauses, or other lawful safeguards.
7. Retention
- Mite content, photos, comments, and inbox notices: up to 30 days
- Unused invitation codes: 15 minutes
- Safety reports: up to 180 days
- Short-term abuse-limit records: approximately 48 hours
- Records legally required for disputes or compliance: only as long as necessary
8. Deletion and your rights
Deleting a Hub registration removes shared content, comments, connections, and push registration; on-device notebooks remain. Depending on your location, you may have rights of access, correction, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority. We may safely verify the requester or guardian.
See Data Deletion.
9. Security
We use TLS, Keychain credential storage, encryption at rest, time-limited signed uploads, size/type/SHA-256 checks, least-privilege access, automatic expiry, monitoring, and reporting tools. No online service is completely secure; please avoid unnecessary names, addresses, school details, contact information, and identifiable photos.
10. Cookies
We do not use advertising or third-party analytics cookies. See our Cookie Policy.
11. Changes
We may update this Policy for product or legal changes. We will provide clear advance notice of material changes and request renewed consent where required.