Security & Data Handling
Last updated: 2026-06-30
The facts your IT/security review needs, on one page. The actual reports are stored in your own Google Drive, and our servers retain the source data for at most 24 hours (erased on approval). Subprocessors, data locations and safeguards are below.
Four design principles
You own the data
The actual reports are stored in a spreadsheet in your own Google Drive (Google LLC). You own the data and can view or delete it yourself at any time.
At most 24-hour retention
Source data held on our servers (KV) lasts at most 24 hours and is erased immediately on approval. We do not store reports permanently (zero-retention design).
Processed in the Tokyo region
Hosting and delivery (Vercel Functions) and temporary retention (Upstash KV) run in the Tokyo region (within Japan).
SSO and least privilege
We authenticate with Google sign-in (OAuth) and separate permissions by department and role. Spreadsheet access uses a service account with least privilege.
Data flow
How a report flows from creation to storage.
1. Entry
The user enters a report in the browser (traffic is encrypted).
2. Temporary hold (≤24h)
The draft sits in our temporary store (Upstash KV, Tokyo region) for at most 24 hours.
3. Approval
When the manager approves, the source data on our servers is erased immediately.
4. Storage (customer side)
Approved content is appended to a spreadsheet in your Google Drive. From then on it is under your control.
Only when you use AI assist, weekly review or the alignment report is the entered report text sent to the generative-AI provider (Anthropic) for processing. If you prefer not to send it, you can enter text manually without AI. AI output is a draft; the final decision is the user's.
Subprocessors
This Service uses the following subprocessors. The governing law is Japanese law.
| Subprocessor | Purpose | Location / region | Data handled |
|---|---|---|---|
| Google LLC | Report storage (Sheets) and Google sign-in (OAuth) | United States and others (stored in your Google Drive) | Report text; sign-in email address |
| Anthropic, PBC | Generative-AI processing (AI assist, weekly review, alignment report) | United States | Report text sent when AI features are used (optional) |
| Vercel Inc. | Hosting and delivery (Functions); analytics | Tokyo region (Japan) | Transient processing data; aggregate, non-identifying analytics |
| Upstash, Inc. | Temporary retention of source data via KV (≤24h) | Tokyo region (Japan) | Transient draft data |
| Polar Software Inc. | Sales and payment (Merchant of Record) | Outside Japan (payment provider) | Payment data (processed by Polar; not retained by us) |
Security measures
- Encryption in transit (HTTPS / TLS).
- Permission separation via a service account, granted with least privilege.
- Automatic erasure of source data on our servers within 24 hours (immediately on approval).
- Tamper detection via signed sessions, and access control by department and role.
- Payment data is not retained on our servers (processed by Polar).
Transfer to third parties outside Japan
For AI processing we send report text to Anthropic, PBC (United States); for storage we send it to Google LLC (United States and others). Vercel Inc. and Upstash, Inc. (US entities), used for temporary retention, hold the data in the Tokyo region (within Japan). Please use the Service with your consent to these transfers to third parties outside Japan.
Sales and payment
Sales of this Service use Polar (Merchant of Record). Payment data is processed by Polar and not retained by us. Please also see our Commercial Transactions disclosure.
Your rights and data deletion
The actual reports live in your Google Drive, where you can view or delete them yourself. For requests to disclose, correct, suspend use of, or delete the personal data we hold (such as sign-in email addresses), please use the contact below.
Personal-data contact:株式会社狼煙 (Norolu)(kakehashi@norolu.jp)
Related pages
The Japanese version of this page prevails; in case of any discrepancy with a translation, the Japanese version governs. The descriptions are kept consistent with the consent terms and the implementation.