日本語 Start for free

Privacy Policy

Enacted
January 1, 2025
Last updated
May 30, 2026

日本語版

Monepla, Inc. (株式会社マネプラ; hereinafter "we," "us," or "our") establishes this Privacy Policy (hereinafter this "Policy") regarding the handling of user information, including personal information, in "Re:port Flow," the cloud-based document (business form) generation service we provide (hereinafter the "Service"). Please review this Policy before using the Service. This English text is provided for convenience; in the event of any discrepancy with the Japanese version, the Japanese version shall prevail.

Article 1 User Information We Collect

In providing the Service, we may collect the following information (hereinafter "User Information").

  • Information you enter when making inquiries, registering an account, or applying for a paid plan, such as your name, company name, department, email address, telephone number, and billing address
  • Payment-related information processed via our payment service provider as necessary to use the Service (we do not ourselves retain credit card numbers)
  • Document templates, output data, files, and other information that users upload or enter through the Service
  • Information collected automatically, such as IP address, browser type, referrer, access date and time, operation logs, and cookies
  • Information we come to know in the course of handling inquiries and support

Article 2 Purposes of Use

We use the User Information we collect for the following purposes.

  • To provide, maintain, and improve the Service, and to develop new features
  • To register accounts and verify the identity of users
  • To bill and collect usage fees, handle non-payment, and issue qualified invoices
  • To respond to inquiries and provide support, and to address defects and incidents
  • To investigate violations of our terms or misuse, and to take measures such as suspension of use
  • To provide important notices regarding the Service, maintenance, feature updates, and similar information
  • To analyze usage, improve service quality and UI/UX, and plan new features
  • For marketing and to provide information about our services or those of our partners (you may opt out of such communications at any time)
  • To respond as required by laws, regulations, and guidelines

Article 3 Provision to Third Parties

We will not provide User Information to third parties without the prior consent of the user, except in any of the following cases.

  • When required by laws or regulations
  • When necessary to protect the life, body, or property of an individual and it is difficult to obtain the person's consent
  • When particularly necessary to improve public health or promote the sound development of children and it is difficult to obtain the person's consent
  • When it is necessary to cooperate with a national agency, a local government, or a party entrusted by them in performing duties prescribed by laws or regulations, and obtaining the person's consent is likely to impede the performance of such duties
  • When User Information is provided in connection with the succession of business due to a merger, company split, transfer of business, or other reason

Article 4 Outsourcing

To the extent necessary to achieve the purposes of use, we may outsource all or part of the handling of User Information to contractors we select. Such contractors include entities located in foreign countries. When outsourcing, we conclude an agreement on the protection of personal information with the contractor and supervise the contractor appropriately. For details of overseas contractors, please refer to Article 5.

Article 5 Provision to Third Parties Located in Foreign Countries

In providing the Service, we entrust the handling of personal information to the following entities located in foreign countries.

ContractorCountryOutsourced operations
Cloudflare, Inc.United StatesCDN, edge delivery, and web hosting
Amazon Web Services, Inc.United StatesCloud infrastructure (database, storage, computing)
Stripe, Inc.United StatesPayment processing
Twilio Inc. (SendGrid)United StatesEmail delivery
Google LLCUnited StatesAccess analytics (Google Analytics); business email (Google Workspace)
Functional Software, Inc. (Sentry)United StatesError monitoring and incident analysis
Notion Labs, Inc.United StatesCustomer support and internal knowledge management
Slack Technologies, LLCUnited StatesCustomer support and internal communication

For an overview of the personal information protection systems of each country, please refer to the website of the Personal Information Protection Commission of Japan, "Survey on Systems Concerning the Protection of Personal Information in Foreign Countries" (https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku). Each contractor complies with the laws of its location and handles personal information appropriately based on the agreement on the protection of personal information concluded with us and on technical and organizational security control measures.

Article 6 Joint Use

At present, we do not jointly use User Information with third parties. If we conduct joint use in the future, we will clearly state and notify in this Policy the items to be jointly used, the scope, the purposes of use, and the party responsible for management.

Article 7 Security Control Measures

To prevent leakage, loss, or damage of User Information and otherwise manage it safely, we take the following security control measures.

  • Organizational security control measures: We designate a personal information protection manager, establish rules concerning the handling of User Information, and continuously confirm compliance with them.
  • Personnel security control measures: We regularly provide education and training to employees on the importance and handling of personal information protection, and conclude employment and outsourcing agreements that include confidentiality obligations.
  • Physical security control measures: We control entry to and exit from work areas and managed areas such as servers, and take measures to prevent theft or loss of equipment and media.
  • Technical security control measures: We implement access control, authentication, encryption of data in transit and at rest, prevention of unauthorized access, log collection and monitoring, vulnerability response, and similar measures.
  • Understanding of the external environment: When we have personal information handled by overseas contractors as set out in Article 5, we take necessary and appropriate security control measures after understanding the personal information protection systems of the relevant foreign country.

Article 8 Retention Period

We retain User Information only for the period necessary to achieve the purposes of use. When a usage agreement ends, or when a user requests deletion, we will erase or anonymize the information within a reasonable period, except for information whose retention is required by laws or regulations (such as invoices and accounting books).

Article 9 Requests for Disclosure, Correction, Deletion, etc.

  1. In accordance with the Act on the Protection of Personal Information and other laws and regulations, users may request that we notify the purpose of use of their retained personal data, disclose it (including disclosure by electromagnetic record), disclose records of provision to third parties, correct, add to, delete, suspend the use of, erase, or suspend the provision to third parties of such data.
  2. To make a request, please contact the inquiry desk in Article 13. After confirming that the requester is the person or a duly authorized representative, we will respond within a reasonable scope and period.
  3. We do not charge a fee for requests to notify the purpose of use or for requests for disclosure.

Article 10 Use of Cookies, etc.

On the Service and our landing pages, we use cookies and similar technologies for the purposes of improving user convenience, analyzing usage, and improving the Service. Users may refuse to send and receive cookies through their browser settings, but in that case some features of the Service may become unavailable.

For details on the items of information sent from a user's device to external telecommunications equipment via cookies and other technologies, the recipients, and the purposes of use, please refer to our separately established Disclosure Regarding External Transmission.

Article 11 Access via the MCP Server and AI Clients

We may provide the features of the Service through our server that supports the Model Context Protocol (hereinafter "MCP"; such server, the "MCP Server"). Users may connect to the MCP Server from MCP-compatible clients such as Claude, other AI assistants, and editors (hereinafter "AI Clients") and generate documents and PDFs through natural-language instructions. This Article governs the handling of User Information accessed via the MCP Server and AI Clients and takes precedence over the other provisions of this Policy with respect to such handling.

1. Scope of data accessed via the MCP Server

The MCP Server handles only data within the following scope that the user explicitly provides or requests through an AI Client. We do not access conversation history or other data on the user's AI Client beyond what is necessary to process the relevant request.

  • Account information used to identify the authenticated user (such as the user identifier and email address granted through OAuth authorization)
  • Document templates and design parameters selected by the user
  • Content that the user enters or specifies through an AI Client in order to generate documents and PDFs (such as merge data, text, and numeric values)
  • Generated documents, PDFs, and other output files, and their download links
  • Connection logs, operation logs, error information, and similar data automatically recorded in connection with providing the MCP Server

2. Data flow with AI Clients

The flow of data on the MCP Server is as follows.

  • The user's AI Client connects to the MCP Server after authorization via OAuth 2.0 (Authorization Code with PKCE and dynamic client registration). We never ask the user's AI Client for the password or API key of the user's account.
  • Based on the user's instructions, the AI Client calls the tools of the MCP Server and sends the data necessary for document generation to our infrastructure.
  • We process the received data on our infrastructure and return the result (the document or PDF, or its download link) to the AI Client as the response to the relevant request.
  • We do not transmit user content received via the MCP Server to any third party for any purpose other than returning the response to the relevant request.

3. Storage of OAuth tokens

The OAuth access tokens and refresh tokens used to connect an AI Client to the MCP Server are stored in encrypted form on our infrastructure (in the data storage location set out in Section 5 of this Article) and are used solely for the purpose of providing the MCP Server and maintaining authorization. Users may disconnect the connector and revoke the tokens at any time from their AI Client settings or the Service's management console. If a token is revoked, access to the MCP Server from that AI Client immediately becomes invalid.

4. No provision to third parties

We handle the user data processed via the MCP Server and AI Clients (including document data and generated output) as follows.

  • We do not provide, sell, or disclose it to third parties beyond the scope necessary to provide the Service.
  • We do not use it to train or fine-tune any AI or machine learning model. Nor do we permit AI providers (including Anthropic) or any other third party to use such data for their own purposes.
  • The component that performs document generation runs in an environment isolated from external networks, and user content is not transmitted externally during that processing.

The handling by contractors such as the cloud infrastructure that is indispensable to providing the Service is as set out in Articles 4 and 5. Those contractors handle User Information only within the scope necessary to provide the Service and in accordance with our instructions.

5. Data storage location (data residency)

User data processed via the MCP Server (including document data, generated output, and the tokens described in Section 3 of this Article) is stored and processed within the Tokyo region of Amazon Web Services (Asia Pacific (Tokyo), ap-northeast-1). While the contractor Amazon Web Services, Inc. is an entity located in the United States and the matters concerning provision to third parties located in foreign countries are as set out in Article 5, the physical storage location of user data is within Japan (the Tokyo region).

6. User rights

With respect to User Information processed via the MCP Server and AI Clients, users may also make the requests for disclosure, correction, deletion, suspension of use, and the like set out in Article 9. In addition, users may take the following actions.

  • Disconnect the connector between an AI Client and the MCP Server at any time and withdraw the authorization already granted.
  • Request that we delete data generated or stored via the MCP Server. For how to make such a request, please refer to the inquiry desk in Article 13.

Article 12 Amendments to this Policy

We may amend this Policy due to amendments to laws or regulations, changes to the content of the Service, or other reasons. The amended Policy takes effect from the time it is posted on this page. If there are material changes, we will notify users on the Service or by a method we designate.

Article 13 Contact

For inquiries regarding this Policy or the handling of User Information, please contact the desk below.

Business operatorMonepla, Inc. (株式会社マネプラ)
RepresentativeMasamichi Kobori, Representative Director
AddressShibuya Dogenzaka Tokyu Building 2F-C, 1-10-8 Dogenzaka, Shibuya-ku, Tokyo 150-0043, Japan
Personal information protection managerRepresentative Director
InquiriesPlease contact us via the inquiry form at https://mone-pla.co.jp.

Enacted: January 1, 2025
Last updated: May 30, 2026