MAKASETE PRIVACY · v 1.0 EFFECTIVE 1 MAY 2026

Privacy policy.

N°01PRIVACY

Introduction

JSED.NET ("Company," "we," "us," or "our"), a business based in Japan with General Manager Hiroki Miyatake (宮武 宏樹), operates the Makasete platform (the "Service") at https://makasete.app and https://app.makasete.app.

This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, how long we retain it, and what rights you have regarding your data. It applies to all users of the Service worldwide.

By creating an Account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with how we handle your data, please do not use the Service.

N°02PRIVACY

Data controller

The data controller responsible for your personal information under this Privacy Policy is:

COMPANY
JSED.NET
GENERAL MANAGER
Hiroki Miyatake (宮武 宏樹)
COUNTRY
Japan
WEBSITE
https://jsed.net
PRIVACY INQUIRIES
privacy@jsed.net

We process personal information in compliance with Japan's Act on the Protection of Personal Information (APPI), and where applicable, the European Union General Data Protection Regulation (GDPR) and other relevant laws.

N°03PRIVACY

Information we collect

We collect the following categories of personal information:

3.1 Account and identity information

  • Email address (provided via Google OAuth sign-in).
  • Display name (optional, set in user profile settings).
  • Google account identifier (used internally as your unique user ID).
  • UI preferences: language locale (English or Japanese), theme, color accent, sidebar mode, and display density.

3.2 Google authentication and Search Console data

  • Google OAuth access token and refresh token (encrypted at rest), obtained when you sign in with Google and authorize Search Console access.
  • Google Search Console data for registered websites: keyword queries, impressions, clicks, average position, and GSC property identifiers.
  • List of Google Search Console properties associated with your Google account (retrieved at site registration to verify ownership).

3.3 WordPress site and content data

  • WordPress site URL, site name, and WordPress username.
  • WordPress Application Password (encrypted at rest using AES-256 encryption; never stored in plaintext).
  • Existing WordPress post titles, URLs, categories, tags, and keyword metadata (synced for deduplication and internal linking purposes).
  • Content generated and published to your WordPress site via the Service (stored in our database for editing, versioning, and audit purposes).

3.4 AI pipeline and operational data

  • Seed keywords, pipeline configurations, and content preferences you provide.
  • AI-generated article content, titles, meta descriptions, images, and editorial chat history associated with your account.
  • Article version history (every version of each AI-generated article, including edits made via the AI chat editor).
  • Pipeline execution logs, step outputs, error messages, and status information.
  • Topic clusters, keyword schedules, and site profile data (business summary, target audience, tone of voice, topical map, and language settings) produced through automated site analysis.

3.5 Website performance data

  • PageSpeed Insights and Core Web Vitals results for your registered websites (fetched via Google PageSpeed API and cached).
  • Site health and ranking reports generated by the Service's analysis agents.

3.6 Payment and billing information

  • Stripe Customer ID (an internal Stripe reference; we do not store full card numbers).
  • Payment method metadata: card brand, last 4 digits, expiry month and year (cached from Stripe for display purposes only).
  • Payment records: amounts, currencies (JPY), transaction types, statuses, refund history, and Stripe Payment Intent IDs (retained for accounting and legal compliance).
  • Subscription plan tier, billing period dates, and cancellation status.

3.7 Technical and usage data

  • Application logs: timestamps, user IDs, request IDs, action types, error messages, and pipeline events (retained for up to 180 days for debugging and abuse prevention).
  • IP addresses and session information as collected by our authentication provider, Supabase.
N°04PRIVACY

How we use your information

We use the personal information we collect for the following purposes:

  • Providing the Service: To operate, maintain, and deliver all features of the Service, including authenticating your account, running AI content pipelines, connecting to your WordPress site and Google Search Console, scheduling and publishing articles, and displaying analytics.
  • Billing and subscription management: To process payments, manage subscription plans via Stripe, issue invoices, handle refunds, and enforce plan-level limits (e.g., article frequency per week).
  • AI content generation: To process your keywords, site profile, and GSC data as inputs to third-party AI models for the purpose of generating researched, planned, and written SEO content on your behalf.
  • Site analysis and SEO strategy: To crawl your website (via our automated scraper), analyze your content, classify pages, and generate site profiles, topic clusters, and keyword schedules.
  • Service improvement: To use aggregated, anonymized operational data to improve pipeline quality, model prompts, and the overall user experience. We do not use your identifiable personal data to train external AI models.
  • Security and abuse prevention: To detect, investigate, and prevent fraud, policy violations, unauthorized access, jailbreaking attempts, spam, and other harmful activity.
  • Legal compliance: To retain financial records, comply with tax regulations, enforce our Terms of Use, and respond to lawful requests from governmental authorities.
  • Communications: To send transactional and service-related communications (e.g., payment receipts, pipeline error notifications, important service updates). We do not send marketing emails or newsletters unless you have separately opted in to receive them.
N°05PRIVACY

Legal basis for processing (GDPR — EU/EEA users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for processing your personal data is:

  • Contract performance (Article 6(1)(b)): Processing necessary to provide the Service you have subscribed to, including account management, AI pipeline execution, WordPress integration, and billing.
  • Legitimate interests (Article 6(1)(f)): Processing for security, fraud prevention, abuse detection, service improvement, and enforcement of our Terms of Use, where these interests are not overridden by your data protection rights.
  • Legal obligation (Article 6(1)(c)): Retaining payment records and other data required by applicable tax and accounting laws.
  • Consent (Article 6(1)(a)): Where you have provided explicit consent, such as for optional communications. You may withdraw consent at any time.
N°06PRIVACY

How we share your information

We do not sell your personal information. We share data only in the following circumstances:

6.1 Third-party service providers

We share personal data with the following third-party services to operate the Service:

SUPABASE (Supabase, Inc.)
Authentication and database hosting. Supabase manages user authentication (including Google OAuth token exchange), stores application data, and provides the underlying database infrastructure. Data is stored in the region configured for our Supabase project. See: https://supabase.com/privacy
AI MODEL PROVIDERS
We share necessary input data (such as keywords, site profile information, and article structure) with third-party AI model providers to generate SEO article content and images on your behalf. These providers process your data solely to fulfil the AI generation request. The identity of specific providers is not disclosed. Please contact us at privacy@jsed.net for further information about our AI sub-processors.
GOOGLE (Google LLC)
Multiple integrations: (a) Google Sign-In / OAuth for authentication; (b) Google Search Console API for keyword and ranking data; (c) Google PageSpeed Insights API for performance data. Data shared with Google is subject to Google's Privacy Policy. See: https://policies.google.com/privacy
STRIPE (Stripe, Inc.)
Payment processing. We share your email address, billing amount, and subscription details with Stripe to process payments. Stripe stores your payment method information under their PCI-DSS-compliant infrastructure. We receive and store only tokenized references and card metadata. See: https://stripe.com/privacy

6.2 Your WordPress website

When you authorize the Service to publish content to your WordPress site, article data (titles, HTML content, categories, tags, images) is transmitted to your WordPress installation via the WordPress REST API. This is a direct transfer from our systems to your server, under your control.

6.3 Legal disclosure

We may disclose your personal information if required to do so by law or in response to a valid legal process (such as a subpoena, court order, or government request), or to protect the rights, property, or safety of JSED.NET, our users, or others.

6.4 Business transfers

In the event of a merger, acquisition, or sale of all or a portion of JSED.NET's assets, personal information may be transferred to the acquiring party. We will notify affected users via email or prominent notice on the Service.

N°07PRIVACY

Data retention

We retain personal information for different periods depending on its type and the reason for collection:

  • Account and profile data: Retained for the duration of your account. Upon account deletion request, personal identifiers (email, display name, Google credentials) are deleted within 30 days, subject to the exceptions below.
  • Subscription and site data: Site registrations are soft-deleted (marked inactive) when you remove a site. Associated pipeline records, article versions, and site reports are retained for 90 days after soft-deletion before permanent deletion, allowing for recovery if needed.
  • Payment records: Payment records, invoices, and refund history are retained for a minimum of 7 years from the transaction date to comply with Japanese accounting and tax laws (regardless of account deletion).
  • Application logs: Backend and operational logs containing user IDs, request metadata, and error information are retained for up to 180 days, after which they are automatically deleted.
  • Google OAuth tokens: Encrypted Google access and refresh tokens are deleted promptly upon account deletion or upon revocation of Google access via your Google account security settings.
  • WordPress credentials: Encrypted WordPress Application Passwords are deleted upon site disconnection or account deletion.
  • Banned accounts: Where an account has been terminated due to a serious violation of our Terms of Use (e.g., illegal activity, repeated abuse, jailbreaking attempts), we may retain the minimum identifying information necessary (e.g., email address, user ID, IP address) for an indefinite period to enforce the ban and prevent re-registration. This retention is based on our legitimate interest in protecting the Service and other users.

To request account deletion, contact us at privacy@jsed.net. We will process your request within 30 days, subject to retention obligations described above.

N°08PRIVACY

Data security

We implement industry-standard security measures to protect your personal information, including:

  • AES-256 (Fernet) encryption for all stored credentials, including WordPress Application Passwords and Google OAuth tokens.
  • HTTPS/TLS encryption for all data in transit between your browser, our servers, and Third-Party Services.
  • Row-level security and access controls enforced at the database layer via Supabase.
  • Backend authentication via JWT tokens issued and verified against our Supabase project.
  • Rate limiting on API endpoints to prevent credential stuffing and abuse.
  • SSRF protection: all user-submitted URLs are validated against a blocklist before being used by backend agents.

Despite these measures, no system can guarantee absolute security. We encourage you to use strong, unique passwords for your Google account and WordPress installation, and to revoke application access if you suspect a breach.

N°09PRIVACY

International data transfers

JSED.NET is operated from Japan. However, due to the global nature of our Third-Party Services (Supabase, third-party AI model providers, Google, Stripe), your personal information may be processed in countries outside Japan, including the United States and European Union member states.

When we transfer personal data of EEA/UK residents to countries outside the EEA/UK that do not benefit from an adequacy decision, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) as implemented by our sub-processors. Please review the privacy policies of each Third-Party Service listed in Section 6 for their specific transfer mechanisms.

By using the Service, you consent to the transfer of your personal information to and processing in countries that may have different data protection laws than your country of residence.

N°10PRIVACY

Cookies and tracking technologies

The Service uses cookies and local storage primarily for authentication and session management. Specifically:

SESSION
Authentication session cookies set by Supabase to maintain your logged-in state.
PREFERENCES
Local storage preferences for UI settings (theme, sidebar mode, locale) stored in your browser for convenience.

We do not use advertising cookies, behavioral tracking cookies, or third-party analytics trackers. We do not participate in cross-site tracking or retargeting.

You may configure your browser to refuse cookies, but this will prevent you from logging in and using the Service.

N°11PRIVACY

Children's privacy

The Service is not directed at individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that a user is under 18, we will terminate their account and delete any associated personal data promptly. If you believe a minor has provided us with personal information, please contact us at privacy@jsed.net.

N°12PRIVACY

Your rights

Depending on your location, you may have the following rights with respect to your personal information:

12.1 Rights under Japanese APPI (all users)

Under Japan's Act on the Protection of Personal Information, you have the right to:

  • Request disclosure of personal information we hold about you.
  • Request correction of inaccurate personal information.
  • Request deletion of your personal information (subject to retention requirements).
  • Request suspension of use or third-party provision of your personal information where we are in breach of APPI.

12.2 Rights under GDPR (EU/EEA/UK users)

If you are located in the EEA, UK, or Switzerland, you additionally have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ('right to be forgotten'), subject to legal retention obligations.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Data portability: Receive your personal data in a structured, machine-readable format.
  • Object: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time.
  • Lodge a complaint: File a complaint with your local data protection supervisory authority.

To exercise any of these rights, please contact us at privacy@jsed.net. We will respond within 30 days. We may need to verify your identity before processing your request.

N°13PRIVACY

Third-party links and services

The Service integrates with and links to third-party services including Google, Stripe, third-party AI model providers, and your WordPress website. This Privacy Policy applies only to information collected by JSED.NET. We are not responsible for the privacy practices of third parties and encourage you to review their respective privacy policies before using their services.

N°14PRIVACY

Changes to this privacy policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" at the top of this page and may notify you by email or in-app notification. Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this page periodically to stay informed about how we protect your information.

N°15PRIVACY

Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

OFFICE
JSED.NET — Privacy Office
GENERAL MANAGER
Hiroki Miyatake (宮武 宏樹)
COUNTRY
Japan
WEBSITE
https://jsed.net
APP
https://makasete.app
PRIVACY EMAIL
privacy@jsed.net
SUPPORT EMAIL
support@jsed.net

We will acknowledge your inquiry within 5 business days and aim to resolve it within 30 days. Last updated: 1 May 2026. This policy supersedes all prior versions.

PRIVACY · v 1.0 · LAST UPDATED 1 MAY 2026 Back to top ↑