Legal
Privacy Policy
Effective: April 1, 2026
Last updated: April 1, 2026
This Privacy Policy describes how 1carat International Co., Ltd. ("we," "us," or "our") handles personal information in the cloud file management service "Stackey" (stackey.me).
The Stackey service is operated by:
| Company | 1carat International Co., Ltd. |
| Representative | Michirori Mochizuki |
| Headquarters | 4F Kabutocho Dai-6 Hayama Building, 17-2 Kabutocho, Chuo-ku, Tokyo 103-0026, Japan |
| Phone | +81-3-6555-5088 |
| Corporate Number | 7011101054068 |
| Privacy Officer | Michirori Mochizuki |
| Contact | Contact form or hello@stackey.me |
We collect the following types of information when you use Stackey:
- Account information: email address, hashed password, and name provided at sign-up.
- Billing information: payment card details processed and stored by Stripe — we never store full card numbers on our servers.
- Uploaded files and metadata: files you upload and the auto-generated metadata associated with them (file name, document type, date, amount, summary, etc.).
- Access logs: IP address, browser type, referring URL, and timestamps for security and reliability purposes.
- Support communications: the content of messages you send us via email or contact form.
If you connect third-party services (external storage services), we store authentication tokens on your behalf. We only access the files you explicitly import into Stackey.
We use the information we collect only for the following purposes:
- Providing and improving the Stackey service
- Creating and managing your account
- Automatically naming, categorizing, and thumbnailing your files
- Processing subscription payments and managing billing
- Sending essential service communications (downtime notices, Terms updates, etc.)
- Responding to support requests
- Detecting and preventing fraud, abuse, and security threats
- Complying with legal obligations
We do not use the contents of your files for marketing or model training, and we never sell your data to third parties.
We do not share your personal information with third parties except in the following circumstances:
- With your consent — when you explicitly authorize a data sharing action.
- Sub-processors — vendors who help us operate the service (see Section 05).
- Legal requirements — when required by law, court order, or government authority.
- Protection of rights — when necessary to protect the safety of persons or property.
We have never sold user data and have no intention of doing so.
To deliver our service, we rely on trusted third-party service providers for file analysis, payment processing, storage, and CDN. Each provider is bound by appropriate data processing agreements and may only use data for the purpose of providing their services to us.
We do not permit sub-processors to use your data for their own purposes, including marketing or model training.
We may use cookies and similar technologies for the following purposes:
- Maintaining your login session
- Improving service usability
- Anonymous usage analytics
You can disable cookies in your browser settings, but some features may not function properly.
We do not use cookies that track user behavior for targeted advertising.
We retain your information only as long as necessary for the purposes described in this Policy.
- Account & file data: retained while your account is active; permanently deleted within 30 days of account closure.
- Billing records: retained for 7 years as required by Japanese accounting law.
- Support messages: retained for 1 year after resolution.
We take the security of your data seriously and implement the following measures:
- Passwords are hashed using industry-standard algorithms — we never store plaintext passwords
- Files are stored encrypted at rest
- Credentials are managed server-side and never exposed to clients
- Regular security reviews are conducted
Depending on your location, you may have the following rights regarding your personal data:
- Access: the right to know what personal data we hold about you
- Correction: the right to request correction of inaccurate data
- Deletion: the right to request deletion of your personal data (including account deletion)
- Restriction: the right to request restriction of processing in case of misuse or unlawful processing
To exercise any of these rights, please use the in-app settings (account deletion feature) or our contact form. We will respond within a reasonable timeframe and may ask you to verify your identity before processing your request.
Disclosure requests may incur a processing fee (JPY 1,000 per request). Please contact us for details.
We may update this Privacy Policy from time to time. When we do:
- For material changes, we will notify you via in-app notification or email
- For minor changes, we will update this page
- Continued use of the service after changes constitutes acceptance of the updated Policy
If you have any questions about this Privacy Policy or wish to exercise your rights, please reach out:
Analytics & Tracking Tools
Stackey uses the following tools to improve our service:
- Google Analytics 4: Access analytics (IP anonymization, Google Signals disabled, ad personalization disabled)
- Microsoft Clarity: User behavior analytics (session recording, heatmaps)
These tools use cookies and similar technologies, but do not collect personally identifiable information.
Opt-out:
We do not sell users' personal information to third parties.
This policy is published in Japanese as the authoritative version.
© 2026 1carat International Co., Ltd. All rights reserved.