Skip to content
Shikilux
Switch language JP EN

Privacy Policy

Last updated: 2026-05-12

The collective persona "Shikilux Editorial" ("we") respects your privacy and handles personal information in accordance with applicable laws (GDPR, CCPA, Japanese Personal Information Protection Act, etc.).

§1 Information We Collect

We collect the following information.

  • Essence calculation: date of birth, time of birth, place of birth
  • Profile: cultural_context, locale_id, display_name
  • Authentication: email address, encrypted password
  • Responses to chat questions (context_questions)
  • Usage logs: access timestamps, page views, interaction history

§2 Purpose of Use

  • Generating reports via four-axis calculation (essence, cycle, relation, guidance)
  • Delivering daily digest
  • Generating personal reports (one-time purchase PDF)
  • Customer support
  • Statistical analysis for service improvement (anonymized)

§3 Legal Basis (GDPR Article 6)

  • Consent: marketing email delivery
  • Contract performance: subscription and personal report provision
  • Legitimate Interest: security, fraud prevention, service improvement

§4 Third-Party Sharing

We share minimal necessary information with the following third-party services.

  • Stripe — payment processing
  • Cloudflare — CDN / DDoS protection
  • Vercel — web hosting
  • Supabase — database
  • Gemini API (Google) — AI generation (anonymized inputs only)
  • Customer.io — email delivery
  • Sentry — error monitoring
  • PostHog — product analytics (consent-based)

GDPR DPAs (Data Processing Agreements) are in place with each provider.

§5 Retention Period

  • Authentication (Auth): 18 months from last login
  • Billing: 7 years (legal requirement)
  • AI Generation outputs: auto-deleted after 90 days
  • Chat question responses (context_questions): anonymized via hashing after 30 days
  • Customer Support: 18 months

§6 User Rights

You have the following rights.

  • Right of Access: disclosure of personal data held
  • Right to Rectification: correction of inaccurate information
  • Right to Erasure (Right to be Forgotten): data deletion request
  • Right to Data Portability: data export in JSON format
  • Right to Withdraw Consent (with future effect)

§7 Deletion Requests

Send deletion requests to [email protected].

We respond within 30 days in principle.

Information legally required to be retained (e.g., billing) will be deleted after the retention period.

§8 Protection of Minors

The Service is not available to users under 14.

Users between 15 and 17 require parental consent.

If we discover that a user is under 14, their data will be promptly deleted.

§9 Cookie Policy

Only essential cookies are enabled by default (session, security).

Analytics cookies (PostHog, etc.) are used only with user consent.

You can change cookie settings anytime via "Cookie Settings" at the bottom of the site.

§10 International Transfers

Shikilux is provided in Tier 1 six countries (Japan, US, UK, Mexico, Indonesia, Turkey).

Data is processed in compliance with GDPR / CCPA / Japanese privacy law.

Transfers from EU/EEA use Standard Contractual Clauses (SCC) or adequacy decisions.

§11 Security

  • Transport encryption: TLS 1.3
  • At-rest encryption: AES-256
  • GDPR DPAs signed with third-party providers
  • Regular security audits

§12 Notice of Policy Changes

This Policy may be revised as needed.

For material changes, notice will be provided 30 days in advance via registered email and on the site.

Privacy inquiries: [email protected] / DPO: [email protected]