Privacy Policy
Last updated: 2026-04-10
Manako (hereinafter “the Service”) respects your privacy and is committed to protecting your personal information. This policy explains how personal information is handled by the Service.
1. Information We Collect
Section titled “1. Information We Collect”Account Information
Section titled “Account Information”- Email address
- Password (stored hashed with PBKDF2-SHA-256; never stored in plain text)
- Team name / organization name
Service Usage Information
Section titled “Service Usage Information”- URLs and hostnames registered as monitoring targets
- Monitoring settings (check intervals, notification destinations, etc.)
- Monitoring results (response times, status codes, error information)
- Notification settings (Slack Webhook URLs, email addresses, Webhook URLs)
- Incident history
- Status page settings and published information
Technical Information
Section titled “Technical Information”- IP address (access logs)
- Browser information (User-Agent)
- API usage logs (timestamps, request paths)
Payment Information
Section titled “Payment Information”Credit card information is processed directly by Stripe, Inc. and is not stored on the Service’s servers.
2. Purpose of Use
Section titled “2. Purpose of Use”We use the collected information for the following purposes:
- Providing, operating, and improving the Service
- Recording monitoring results and sending notifications (Email, Slack, Webhook)
- Account authentication and security assurance
- Responding to inquiries
- Sending important notices about the Service
- Billing and payment processing
- Usage analysis and statistics (in a non-personally identifiable manner)
- Detection and prevention of fraudulent use
3. Third-Party Disclosure
Section titled “3. Third-Party Disclosure”We share information with the following services to the extent necessary for service provision. Information will not be disclosed to other third parties except with your consent or as required by law.
| Service | Purpose | Information Shared |
|---|---|---|
| Cloudflare, Inc. | Infrastructure / CDN | All service data |
| Resend, Inc. | Email delivery | Recipient email addresses |
| Stripe, Inc. | Payment processing | Email addresses, payment information |
4. Data Storage
Section titled “4. Data Storage”Storage Location
Section titled “Storage Location”Your data is stored and processed on Cloudflare, Inc.’s global infrastructure. Cloudflare is SOC 2 Type II / ISO 27001 certified.
Encryption
Section titled “Encryption”- At Rest: AES-256-GCM encryption (all D1, R2, and KV data automatically encrypted)
- In Transit: TLS 1.3
- Passwords: PBKDF2-SHA-256 + random salt (100,000 iterations)
5. Data Retention Period
Section titled “5. Data Retention Period”| Data | Retention Period |
|---|---|
| Account information | Until account deletion |
| Monitoring result data (Free plan) | 7 days |
| Monitoring result data (paid plan) | 90 days |
| Audit logs | 90 days |
| Access logs | Up to 90 days |
After account deletion, personal information is completely deleted within 30 days. Data required to be retained by law is exempt from this.
6. Cookies and Similar Technologies
Section titled “6. Cookies and Similar Technologies”The Service uses the following technologies:
- Session management: JWT (access tokens) and KV (refresh tokens)
- localStorage: Browser-side token storage (dashboard SPA), theme settings
We use Google Analytics 4 (GA4) via Google Tag Manager for usage analytics. Analytics cookies are only enabled after explicit user consent (GTM Consent Mode v2). See our Cookie Policy for details.
7. Your Rights
Section titled “7. Your Rights”You have the following rights:
- Right of access: Access to your personal information
- Right of rectification: Correction of inaccurate information
- Right of erasure: Deletion of your account and related data
- Data portability: Data export (via API)
- Marketing opt-out: Right to refuse use of data for marketing purposes
To exercise your rights, please use the account settings page or contact [email protected].
8. Children’s Privacy
Section titled “8. Children’s Privacy”The Service is not intended for individuals under the age of 16. We do not intentionally collect personal information from individuals under 16.
9. Compliance with Personal Information Protection Laws
Section titled “9. Compliance with Personal Information Protection Laws”The Service is operated in compliance with Japan’s Act on the Protection of Personal Information (2022 amendment).
10. Policy Changes
Section titled “10. Policy Changes”This policy may be updated due to changes in laws or the Service. You will be notified via your registered email address of any significant changes.
11. Contact
Section titled “11. Contact”For privacy-related inquiries, please contact us at:
- Email: [email protected]