Privacy Policy
Minamoto, Inc. (a Japanese kabushiki kaisha, "Minamoto", "we", "our", or "us") operates a marketplace through which residents of Japan ("Contributors") provide multimodal data (audio, images, video, text, and similar content) to Minamoto, and Minamoto then licenses or otherwise provides that data to AI developers, research institutions, and other organizations engaged in AI research and development ("Buyers") for the purpose of training and improving AI models (the "Service").
This Privacy Policy describes how we collect, use, disclose, retain, and otherwise process personal information in connection with the Service. We comply with Japan's Act on the Protection of Personal Information (Act No. 57 of 2003, as amended) ("APPI") and related regulations of the Personal Information Protection Commission ("PPC"). The Japanese-language version of this Privacy Policy is the controlling version in case of conflict between languages.
1. Business Operator
| Item | Details |
|---|---|
| Operator | Minamoto, Inc. (株式会社Minamoto) |
| Representative | (Representative Director's name) |
| Registered Address | (Registered office address) |
| Personal Information Protection Manager | (Officer's name and title) |
| Contact for Privacy Inquiries | privacy@minamoto.ai |
2. Information We Collect
In connection with the Service, we collect the following categories of information.
(a) Account Information. Email address, display name, self-declared residence in Japan, self-declared age (18 years or older), and other information the Contributor voluntarily registers.
(b) Contributed Data. Audio, image, video, text, and other data that Contributors upload to the Service ("Contributed Data"), together with associated metadata (capture date, file format, file size, device information, etc.). Contributed Data may include the Contributor's appearance, voice, and other biometric attributes that constitute "personal identifier codes" under Article 2(2) of APPI.
(c) Payment Information. Bank account information, electronic wallet identifiers (such as PayPay), and identity verification documents (collected at the time of payout) required to pay compensation to Contributors.
(d) Service Usage Information. Service access logs, task initiation and completion history, quality review results, configuration settings, and device information (operating system, device model, IP address, advertising identifier, and similar information).
3. Purposes of Use
We use the information we collect for the following purposes.
(a) Development, training, evaluation, and improvement of AI models. This includes, but is not limited to, large language models, image recognition models, voice and speech recognition models, voice synthesis models, image generation models, video generation models, recommendation models, and robotics control models.
(b) Generation, evaluation, and improvement of outputs of AI models. This includes outputs (text, image, audio, video, action commands, and similar outputs) generated by AI models trained on Contributed Data, evaluation of the quality of such outputs, and improvement of the underlying models based on such evaluation.
(c) Analysis, benchmarking, and dataset quality evaluation incidental to AI research and development.
(d) Provision of Contributed Data to AI developers (including AI companies, research institutions, universities, and other organizations engaged in AI research and development) located inside and outside Japan, for the purposes set forth in (a) through (c).
(e) Operation of the Service, payment of compensation to Contributors, identity verification, and prevention of fraud.
(f) Responding to inquiries, providing notices regarding the Service, and conducting surveys of Contributors.
(g) Statistical analysis for the safe operation and quality improvement of the Service.
4. Provision to Third Parties
We provide Contributed Data to the following categories of third parties for the purposes set forth in Section 3(d). Before such provision, we obtain Contributor consent through this Privacy Policy and the in-app consent flow.
- AI companies engaged in AI research and development
- Universities, research institutions, and other public research organizations engaged in AI research and development
- Other organizations engaged in AI research and development
We maintain records of each third-party provision in accordance with Articles 29 and 30 of APPI.
5. Provision to Third Parties Located Outside Japan
We may provide Contributed Data to Buyers located outside Japan for the purposes set forth in Section 3. Such cross-border provision will be conducted under one of the following routes.
(a) Provision to Buyers that have implemented systems meeting PPC standards (the "Equivalent Protection Route"). We require the Buyer, by contract, to implement protection measures equivalent to APPI. We periodically verify (at least once per year) the Buyer's continued compliance with such protection measures. Contributors may request from us information regarding the Buyer and the Buyer's protection measures.
(b) Provision based on the Contributor's separate consent (the "Consent Route"). Where provision under route (a) is not feasible, we will inform the Contributor of the name of the destination country, information on the personal information protection system of that country, and the protection measures implemented by the recipient, and obtain the Contributor's consent before provision.
Provision to the United Kingdom, member states of the European Economic Area (EEA), and any other country or region recognized by the PPC as having a personal information protection system equivalent to that of Japan (collectively, "Recognized Jurisdictions") is governed by Section 4 and is not subject to this Section 5.
6. Outsourced Processors
We outsource certain processing of personal information to the following service providers, under written data-processing agreements that require protection measures equivalent to those we apply ourselves.
| Outsourced Processor | Scope of Outsourced Processing | Location |
|---|---|---|
| Supabase, Inc. | Database and file storage | US corporation. Physical storage is in the Tokyo region (ap-northeast-1). |
| Resend, Inc. | Identity verification and transactional email delivery | US corporation. |
Addition or change of outsourced processors will be communicated through an amendment to this Privacy Policy (see Section 14) or through a separate notice on the Service.
7. Foreign Personal Information Protection Regimes (External Environment Disclosure)
Among the outsourced processors listed in Section 6, both Supabase, Inc. and Resend, Inc. are corporations organized under the laws of the United States. While physical storage of data occurs in the regions specified, personnel of these processors located in the United States may access such data for system administration purposes. For the Contributor's reference, information about the United States personal information protection regime is as follows.
The United States is not currently designated by the Personal Information Protection Commission of Japan as a country with a personal information protection system equivalent to APPI. The United States does not have a comprehensive federal personal information protection statute equivalent to APPI; instead, sector-specific federal laws (such as HIPAA for health information, GLBA for financial information, and COPPA for children's online information), state consumer privacy laws (such as the California Consumer Privacy Act and California Privacy Rights Act, "CCPA/CPRA"), and enforcement by the Federal Trade Commission combine to form the United States regime. The United States also maintains regimes for government access to data for national security purposes, including under the Foreign Intelligence Surveillance Act, Section 702.
We require US-based outsourced processors to implement protection measures equivalent to APPI by contract, and verify their compliance at least once per year.
When we provide Contributed Data to other Buyers located in other foreign countries under the Consent Route (Section 5(b)), we will provide the relevant country's regime information to the Contributor at the time of consent.
8. Retention Periods
We retain information for the following periods.
| Category | Retention Period |
|---|---|
| Account Information | 30 days after account closure |
| Contributed Data (not yet provided to any Buyer) | 90 days after completion of quality review |
| Contributed Data (provided to one or more Buyers) | Until receipt of a deletion request from the Contributor (potentially indefinite) |
| Consent Records | 5 years from collection |
| Payment Records | Period required by applicable law (typically 7 years) |
| Service usage logs | 2 years from collection |
We may retain information beyond these periods to the extent required by law or to defend against actual or threatened legal claims.
9. Security Measures
We implement the following measures to prevent unauthorized access to, loss of, alteration of, and leakage of personal information.
- Designation of a Personal Information Protection Manager and adoption of internal regulations
- Training and supervision of employees and outsourced processors
- Access controls, authentication management, and the principle of least privilege
- Encryption in transit and at rest
- Audit logging and periodic log review
- Incident response procedures and drills
- Third-party certifications (Privacy Mark, ISO/IEC 27001, SOC 2, and similar)
10. Contributor Rights
Contributors may request the following with respect to their own personal information held by us.
- Notice of purposes of use
- Disclosure
- Correction, addition, or deletion
- Cessation of use or erasure
- Cessation of provision to third parties
- Disclosure of third-party provision records
- Information regarding Buyers and their protection measures pursuant to Section 5
To make any of these requests, please contact us using the information in Section 15. We will respond within 30 days, subject to applicable identity verification procedures.
11. Cessation of Use and Erasure Requests
When we receive a request for cessation of use or erasure under Section 10, we will respond as follows.
-
We will delete the Contributed Data that we currently hold within 30 days of receipt of the request.
-
With respect to Contributed Data that we have already provided to one or more Buyers, each such Buyer becomes an independent personal information handler (data controller) under APPI for the data in its possession. We are unable to retrieve Contributed Data already provided to Buyers. Upon request, we will provide the Contributor with a list of Buyers to whom the Contributor's data was provided, so that the Contributor may directly exercise their rights against those Buyers. We will also, separately, notify the relevant Buyers of the Contributor's request.
-
With respect to Contributed Data that has already been used to train an AI model, removal of the influence of specific Contributed Data from a trained model (i.e., from the model weights) is not generally feasible with current technology. Contributors acknowledge that, even when a cessation-of-use or erasure request is received, removal from existing trained models may not occur.
-
The purchase of Contributed Data by us under the Contributor Agreement is final. We will not refund the compensation already paid to the Contributor, and we will not seek to recover such compensation from the Contributor in connection with a cessation-of-use or erasure request.
12. Sensitive Personal Information
We do not, as a rule, collect sensitive personal information ("special care-required personal information" under Article 2(3) of APPI). Contributors must not intentionally include sensitive personal information in Contributed Data.
Due to the nature of audio, image, and video content, sensitive personal information of the Contributor or of others may be incidentally captured (for example, the appearance of a hospital or religious facility, or content indicating health status). Contributors consent in advance to the incidental capture and processing of such information for the purposes set forth in this Privacy Policy. When we identify sensitive personal information in Contributed Data, we will generally isolate or delete the affected data.
13. Incident Reporting
If a leak, loss, alteration, or other security incident affecting personal information occurs, we will report to the PPC and notify affected Contributors as required by Article 26 of APPI and related regulations.
14. Amendments to This Privacy Policy
We may amend this Privacy Policy as necessary in response to changes in applicable law, changes in the Service, or other appropriate reasons. Amendments take effect at the time we post the updated Privacy Policy on the Service. For amendments that have a material impact on Contributor rights, we will provide a reasonable advance notice period and, where required, seek renewed consent.
15. Contact
For questions or requests regarding this Privacy Policy and our handling of personal information, please contact us as follows.
| Item | Details |
|---|---|
| Operator | Minamoto, Inc. |
| Personal Information Protection Manager | (Officer's name and title) |
| privacy@minamoto.ai | |
| Inquiry Hours | Weekdays 10:00–17:00 Japan Standard Time |
Effective Date This Privacy Policy is effective as of (Month) (Day), 2026.
Language This Privacy Policy is provided in Japanese and English. The Japanese version is the controlling version, and the English version is provided for reference only. In case of conflict between the two, the Japanese version prevails.