Login
Sign up

Privacy Policy

Effective Date: 2025 Nov 20

This Privacy Policy explains how Stayforge (“we,” “our,” or “the Company”) collects, uses, stores, and protects personal information and service-usage data in connection with our software platform, APIs, IoT devices, and related applications (“the Services”). By accessing or using the Services, you agree to the terms described below.

By accessing or using the Services, you agree to the terms of this Policy.

1. Information We Collect

We collect the following categories of information:

1.1 Account and Profile Information

  • Name, email address, organization name, and related identifiers
  • Authentication information such as OAuth profiles and login metadata
  • Organization and tenant association information used within the Stayforge platform

1.2 Google User Data (When Signing in with Google)

If you choose to sign in using Google OAuth, we may obtain:

  • Email address
  • Display name
  • Google account identifier (sub)

We do not access any additional Google user data beyond the scopes required for authentication.

1.3 Service and API Usage Data

  • API requests, request metadata, execution logs
  • IoT device access events and audit logs
  • Device identifiers, firmware information, operational and diagnostic data

1.4 Payment and Billing Information

  • Billing details necessary for processing payments through Stripe (We do not store full credit card numbers.)

1.5 Technical Data

  • IP address, browser type, operating system, and device identifiers
  • Cookies, session metadata, performance and reliability metrics

1.6 Communication and Support Records

  • Emails, support tickets, error reports, diagnostic information

2. How We Use Personal Information

We use collected data only for legitimate operational purposes:

  • Providing, maintaining, and improving the Services
  • Account authentication, including Google OAuth login
  • Access control, device management, and security auditing
  • Usage measurement, subscription management, and billing
  • Fraud prevention and incident investigation
  • Customer support and system maintenance
  • Compliance with legal and regulatory obligations

We do not sell personal information or use it for targeted advertising.

3. Use of Google User Data

We access Google user data only for the purpose of authentication and user identification. Specifically:

  • The email address and display name are used to create or identify your Stayforge account
  • The Google account identifier (“sub”) is used to uniquely associate your login
  • Google data is not used for any unrelated purpose

We do not:

  • use Google user data for advertising or marketing
  • transfer Google data to third parties except as required to provide our Services
  • combine Google user data with unrelated datasets
  • store or request additional Google information beyond the granted scopes

This use complies with the Google API Services User Data Policy, including all Limited Use requirements.

4. Sharing of Information

We only share personal information with third parties under the conditions described below.

4.1 Cloud Infrastructure Providers

We rely on reputable cloud service providers—such as Google Cloud, Cloudflare, DigitalOcean, and equivalent providers—to host, secure, and deliver the Services.

These providers process data exclusively on our behalf under strict contractual and security obligations.

4.2 Authorized Subcontractors and Service Providers

We may engage subcontractors or technical partners for:

  • system maintenance and monitoring
  • hardware logistics and device provisioning
  • customer support assistance
  • security auditing or software development
  • data processing tasks required for service operation

All subcontractors are required to maintain confidentiality and use the information only for the tasks assigned.

4.3 Payment Processors

Stripe receives only the information required to securely process payments.

4.4 Legal Compliance and Protection

We may share information when required by law, regulation, or valid governmental request, or to protect the rights, property, or safety of our users or the Company.

4.5 Consent-Based Sharing

We will not share personal information with third parties for any unrelated purpose without your explicit consent.

5. International Data Transfers

Your data may be processed in regions where we or our service providers operate.

All providers adhere to recognized international security and privacy standards.

6. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy, or as required by law.

Access logs, device logs, and API usage records may be retained for security and audit requirements.

7. Security Measures

We implement commercially appropriate security measures, including:

  • TLS encryption for all data in transit
  • Encrypted storage for sensitive data
  • Role-based access control and API key rotation
  • Network-level protection through Cloudflare and GCP
  • Continuous monitoring and anomaly detection

No method of transmission or storage is completely secure, but we take reasonable steps to safeguard information.

8. Cookies and Tracking Technologies

We use cookies and session identifiers for authentication, reliability, and performance measurement.

You may disable cookies in your browser, but some features may not function properly.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal information
  • Request corrections or updates
  • Request deletion of personal information
  • Restrict or object to certain forms of processing
  • Request portability of your data

You may exercise these rights by contacting: [email protected]

Rights Related to Google User Data

Users may specifically request deletion of Google-linked account data at any time.

Upon verification, we will delete all Google user data stored in our systems unless retention is required for legal or security purposes.

10. Deletion of Google User Data

You may request deletion of Google OAuth login information by contacting [email protected].

We will remove associated Google user data from our systems within a reasonable timeframe, except where retention is legally required.

11. Children’s Privacy

The Services are not intended for individuals under the age of 16.

We do not knowingly collect personal information from children.

12. Changes to This Privacy Policy

We may update this Policy from time to time.

Revisions will be posted on this page with an updated effective date.

Your continued use of the Services constitutes acceptance of the changes.

13. Contact Information

For questions or requests related to privacy, you may contact:

Stayforge – Privacy Office

Email:

[email protected]

Address:

2F-C, Shibuya Dogenzaka Tokyu Building,
1-10-8 Dogenzaka, Shibuya-ku, Tokyo 150-0043, Japan