Privacy Policy
Last Updated: May 24, 2026
The GoSul Operations Secretariat (hereinafter referred to as the "Company") establishes this Privacy Policy (hereinafter referred to as the "Policy") regarding the collection, processing, and management of user information on the service "GoSul" (hereinafter referred to as the "Service").
Article 0 (Service Operator Information)
- Operator Name: GoSul Operations Secretariat
- Address: Provided promptly upon request (please contact via the inquiry form).
- Representative: Provided promptly upon request (please contact via the inquiry form).
- Contact Email: info@sulsul.jp
Article 1 (Purpose of the Service & Position)
The Service is designed and provided for managing business customer addresses and field sales operations. The Service does not actively target or gather personal data from individuals residing in the European Union (EU) or the United Kingdom (UK) under the GDPR scope.
Article 2 (Data Responsibility Split)
- User's Responsibility: The corporate client/employer using the Service (the "User") acts as the Data Controller for the customer lists, contact logs, and geolocation information they upload, enter, or sync. The User is responsible for ensuring that all uploaded customer personal data has been obtained lawfully.
- Company's Responsibility: The Company acts as a Data Processor. We process customer details solely on the instructions of the User to provide, maintain, secure, and improve the Service. We do not use the customer data uploaded by the User for our own marketing, profiling, or other independent business purposes.
Article 3 (Information We Collect)
The Company collects the following types of information when providing the Service:
- User Account Information: Name, company name, department, business phone number, business email address, and other info entered during registration.
- Geolocation Information: Real-time GPS location coordinates of the User (with the User's explicit browser permission) to calculate nearby customer locations and visit routes. We do not track location in the background when the app is closed.
- Usage and Log Data: IP address, device specs, browser agent details, access times, click activities, and cookies for authentication and performance.
- Billing Information: Billed transaction history. Credit card details are sent directly to and stored by Stripe (our payment gateway) and are never stored or processed directly on Company servers.
Article 4 (Purpose of Use)
The Company uses the collected data for the following purposes:
- To operate, authenticate, and provide the Service to the User.
- To calculate routes and map customer locations.
- To handle customer support, troubleshoot bugs, and respond to user requests.
- To send billing invoices, payment updates, and manage subscriptions via Stripe.
- To detect, prevent, and investigate security breaches, spam, or terms of service violations.
- To analyze anonymous usage aggregates to optimize map speeds and server performance.
Article 5 (Data Subprocessors & External Transfers)
To provide high-quality services, we utilize subprocessing services. Some user data may be transferred to or stored on servers located outside of Japan, under rigorous encryption and security standards. Below is our Subprocessor List:
| Subprocessor Name | Purpose of Processing | Location of Servers |
|---|---|---|
| Supabase | Database Hosting, User Authentication, and Session Storage | Japan / USA |
| Mapbox | Map Rendering, Geocoding Addresses, and Route Planning | USA / Global |
| Stripe | Payment Processing, Billing History, and Credit Card Validation | USA / Japan |
Article 6 (Security Measures)
We implement appropriate technical, administrative, and organizational security measures to prevent unauthorized access, leakage, loss, or alteration of personal data. This includes SSL/TLS communication encryption, restricted administrative access, firewalls, server activity logs, and secure database configurations.
Article 7 (Data Retention & Deletion Requests)
Users may update their account details, request data exports, or delete their account directly through the settings panel in the Service. Upon account deletion, the uploaded customer lists and activity logs associated with the account will be permanently deleted from active production servers, except where retention is required by Japanese commercial laws or tax regulations.
Article 8 (Cookies & Analytics)
We use Cookies for session management and traffic analysis (Google Analytics). Users can decline cookies through browser settings, though some features of the Service may become unavailable. Google Analytics collects logs anonymously. You can opt out via Google's official opt-out extension.
Article 9 (Governing Law and Governing Language)
This Policy is governed by the laws of Japan. In the event of any discrepancy between the Japanese version of the Privacy Policy and this English version, the Japanese version shall prevail.