QUTRIT Privacy Policy

Last Updated: March 13, 2026

We (hereinafter referred to as "the Provider") hereby establish this Privacy Policy (hereinafter referred to as "this Policy") regarding the handling of user information in QUTRIT (hereinafter referred to as "the App").

1. Information Collected

The App may collect the following information depending on the functions provided:

1. Account Information
   • Email address, user ID, authentication tokens, etc., required for authentication (via Firebase Authentication, etc.).
2. Contract and Payment Information
   • Plan type, expiration date, billing status, etc. (Payment processing is conducted by Stripe, etc.; the Provider does not retain credit card numbers).
3. Usage Logs (Primarily for Managed Mode)
   • Metadata such as access information to our infrastructure, error information, and token usage may be recorded for fraud prevention, cost management, and failure analysis. However, chat History such as chat content, attachments, files in knowledge base and generated results are, in principle, saved within the user's device. We do not collect such data on our servers.
4. Inquiry Information
   • Contact information and inquiry content provided by the user when contacting support.
5. Referral information
   • Affiliate ID and timestamps when subscribing using a referral code.

2. Local-First Design (Chat Data & API Keys)

1. Chat History
   • Chat content, attachments, and generated results are, in principle, saved within the user's device. We do not save such data on our servers. QUTRIT is designed in a way that it is not technically possible for us to retrieve such data at anytime.
2. API Keys (Self-Serve Mode)
   • API keys entered by the user are encrypted and saved in the OS-standard credential store (Windows Credential Manager / macOS Keychain, etc.) and are not sent to our servers.
3. API Keys (Managed Mode)
   • The Provider's API keys used in Managed Mode are managed via secure mechanisms such as Google Cloud Secret Manager and are not directly disclosed to the user's device or frontend screen.

3. Purpose of Use

The Provider uses the collected information for the following purposes:

1. To provide the App, authentication, plan management, and functionality.
2. To manage billing, payment confirmation, and subscriptions.
3. To detect fraud and maintain security.
4. To respond to failures, improve quality, and develop new features.
5. To verify referral success and calculate commission payments for the affiliate program.

4. Data Transmission to External AI Services and Communication Paths

The App transmits user input data to External AI Services (Google Gemini API / OpenAI API) for response generation. The communication path differs depending on the mode.

1. Self-Serve Mode (Direct Connect)
   • Communication is made directly from the user's device to the External AI Services. Since the data does not pass through the Provider's servers, it is technically impossible for the Provider to view or store the chat content.
2. Managed Mode (Via Proxy)
   • The connection to External AI Services is made via a relay server managed by the Provider (Google Cloud Run, etc.) for the purpose of authentication and API key embedding.
   • The relay server transfers data to the External AI Services immediately and does not persistently store the chat content (input nor output).

5. Policy on Data Usage for Machine Learning (Improvement)

Whether transmitted data is used for the training or improvement of external AI services depends on the usage mode, contract, and settings.

1. Managed Mode (Provider's API Key)
   • The Provider operates under conditions and settings that, to the extent possible, do not allow the use of data for training or improvement.
   • However, the external AI service providers may retain logs for a certain period for purposes such as fraud detection and detecting terms of service violations.
2. Self-Serve Mode (User's API Key)
   • Data handling depends on the conditions of the external AI service contracted by the user.
   • Note: Specifically with Gemini's Free Tier (Unpaid Services), there are differences in conditions, such as the possibility that input may be used for improvement purposes. Please do not transmit confidential information when using these services.
   • If you wish to ensure that data is not used for training, please check the paid conditions (Paid Services) or settings of each AI provider yourself.
3. The Provider cannot guarantee the Paid/Unpaid classification or opt-out status of the API keys used by the user.

6. Third-Party Provision and Entrustment

The Provider will not provide personal information to third parties without the user's consent, except as required by law.
However, the following service providers are used (for business entrustment and function provision):

• Payment: Stripe, etc.
• Authentication/Infrastructure: Google Firebase / Google Cloud, etc.
• AI Processing: Google Gemini / OpenAI.
• Affiliate Partners: If you sign up via a referral code, certain transaction details (e.g., date of purchase, plan type, and commissionable amount) may be shared with the referring partner for performance tracking purposes. Personal identifiers such as your name or email address are not shared with partners.

7. Security Measures

The Provider takes reasonable security measures (access control, key management, confidential management of API keys, etc.) to prevent leakage, falsification, and unauthorized access.

8. Retention Period

1. Chat history within the user's device is retained until deleted by the user.
2. Contract information for paid plans is retained for the period necessary for billing management, fraud prevention, and failure analysis, and is subsequently deleted or anonymized.
3. The retention period on the external AI service side is subject to the terms of each company (the Provider cannot control this).

9. User Rights

Users may request disclosure, correction, deletion, etc., of information held by the Provider in accordance with laws and regulations. Data within the device can be deleted by the user within the App.

10. Revision

The Provider may revise this Policy as necessary. Revisions will take effect from the time they are posted.

11. Inquiries

For inquiries regarding this Policy, please contact us via the inquiry window on the QUTRIT official website.

12. Language

In the event of any discrepancy between the Japanese version and the English version of this Policy, the Japanese version shall prevail.