Skip to content

Medusa Japan

Datenschutzerklärung

Welche personenbezogenen Daten wir erheben, warum, wie wir sie schützen und welche Rechte Ihnen zustehen — über die Agentur, die In-house-Produkte und die Apps/Plugins, die wir über Shopify und Freemius vertreiben.

Zuletzt aktualisiertMaßgeblich ist die englische Fassung. Übersetzungen dieses Dokuments, sofern veröffentlicht, dienen lediglich der Information.

This document is provided for general information and does not constitute legal advice. Medusa Japan GK will have it reviewed by counsel before relying on it; the version below is a working draft.

This Privacy Policy describes how Medusa Japan GK (合同会社 Medusa Japan), a Japanese Godo Kaisha based in Osaka, collects, uses, shares, and protects personal data — across our agency engagements, in-house products, Shopify apps, and Freemius- distributed WooCommerce plugins.

We aim to comply with the EU General Data Protection Regulation (GDPR) and the Japan Act on the Protection of Personal Information (APPI / 個人情報保護法). For users in other jurisdictions we apply the equivalent standards in good faith.

1. Data controller

Medusa Japan GK (合同会社 Medusa Japan), Osaka, Japan, is the data controller for personal data collected through medusajapan.net and processed in the course of our services. Contact: apps@medusajapan.net

2. What personal data we collect

We only collect what we need to do the job you contacted us for, or what is required to operate the product you installed.

  • Contact form & scorecard. Name, email, company (scorecard only), and the message or answers you submit. Delivered as email to our inbox; no separate database.
  • Server logs. IP address, user agent, requested URL, timestamp — standard web-server logs retained for up to 90 days for security and debugging.
  • Shopify app installs. When a merchant installs one of our apps, Shopify shares the data the app's listed scopes require (e.g. store domain, owner email, product/order data per scope). We use this only to operate the app you authorized.
  • Freemius plugin licenses. Freemius shares with us the license email, store URL, plugin version, and optional anonymous usage stats per the plugin's opt-in configuration.
  • Agency engagements. Whatever you provide under the relevant Statement of Work (business contacts, brand assets, campaign data). Handled per that SoW and only retained as long as the engagement needs.
  • Analytics (self-hosted). medusajapan.net runs a first-party pageview counter at /api/track.php on this same domain. No third-party SaaS is involved. For each navigation we store: timestamp, the path (no query string), the referring host (no full URL), the active language code, and a daily-rotating hash of your IP+User-Agent (truncated to 8 hex chars, reset every UTC midnight, not reversible to an IP). We do not store raw IPs, User-Agent strings, cookies, or any fingerprint. Logs live outside the public web directory and are kept for up to 90 days.

3. Why we collect it (legal bases)

Under GDPR, our processing is based on one of the following, depending on the activity:

  • Contract (Art. 6(1)(b)). Operating the app or plugin you purchased, or delivering the agency engagement under your SoW.
  • Consent (Art. 6(1)(a)). Submitting our contact form or scorecard implies consent to be contacted at the email you provided.
  • Legitimate interest (Art. 6(1)(f)). Server logs for security and debugging; aggregated, non-identifying analytics where applicable.
  • Legal obligation (Art. 6(1)(c)). Tax / accounting record-keeping in Japan and connected jurisdictions.

Under Japan's APPI, our purposes of use are: providing the requested service, responding to inquiries, fulfilling contractual obligations, and complying with statutory duties. We do not use personal data for unrelated purposes without separate consent.

4. How we share data (sub-processors)

We share personal data only with carefully chosen sub-processors that help us run the service. Each operates under their own data-protection terms; links below.

  • Hostinger (EU, Lithuania) — website hosting and email forwarding.
  • Shopify (Canada / global) — payment and subscription processing for our Shopify apps; also the source of the data we receive about each install.
  • Freemius (US / Israel) — payment, licensing, and customer support for our WooCommerce plugins.

We do not sell personal data, do not share it with advertising networks, and do not use it to train public AI models.

5. International transfers

Because our sub-processors operate in the EU, US, Canada, and elsewhere, your personal data may be transferred outside your country. Each transfer is covered by either an adequacy decision, Standard Contractual Clauses, the provider's APPI consent process, or your explicit consent — whichever applies in your jurisdiction.

6. Data retention

  • Contact form / scorecard emails: retained in the inbox for up to 24 months, then archived or deleted.
  • Server logs: 90 days.
  • App / plugin operational data: only as long as the subscription or license is active, plus statutory record-keeping periods (typically 7 years for invoicing data in Japan).
  • Agency engagement data: per the relevant SoW, plus 7 years for invoicing and tax records.

7. Your rights

Under GDPR, APPI, and most comparable laws you can:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have data deleted ("right to erasure"), subject to legal-retention exceptions.
  • Receive your data in a portable, machine-readable format.
  • Restrict or object to specific processing.
  • Withdraw consent at any time (without affecting the lawfulness of past processing).
  • Lodge a complaint with your local supervisory authority — in Japan, the Personal Information Protection Commission (PPC); in the EU, your national DPA.

Send requests to apps@medusajapan.net. We will respond within 30 days, and may need to verify your identity to protect you against impersonation.

8. Cookies

medusajapan.net itself sets only strictly-necessary preference cookies (theme and language choice, stored locally in your browser). We do not set tracking, advertising, or analytics cookies from this domain.

Pages or admin surfaces hosted by Shopify or Freemius use their own cookies per their respective privacy and cookie policies — those apply when you interact with their checkout or merchant tools.

9. Children

Our services are aimed at businesses and adult creators. We do not knowingly collect data from children under 16. If you believe a child has provided us personal data, please contact us and we will delete it.

10. Security

Personal data is transmitted over TLS and stored on hardened, access-controlled infrastructure with our sub-processors. We follow least-privilege access for our own team and audit access regularly. No system is 100% secure — but we treat every breach seriously, and will notify affected users and the relevant authorities within statutory deadlines (72 hours under GDPR) if one occurs.

11. Updates to this policy

We may update this policy as our services evolve or law changes. Material updates will be announced on medusajapan.net at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent change.

12. Contact

Privacy questions, data-subject requests, or formal notices: apps@medusajapan.net

See also our Terms & Conditions for the broader rules governing use of our services.

Datenanfragen oder Fragen?

Auskunft, Berichtigung, Löschung, Übertragbarkeit oder andere Datenschutzanliegen — schreiben Sie uns direkt. Wir antworten innerhalb von 30 Tagen.

Kontaktseite →