Privacy Policy

ROBOKEN Inc. ("we," "us," or "our") operates altomea (the "Service"), an AI persona creation and management platform. This Privacy Policy ("Policy") explains how we collect, use, disclose, and safeguard your information when you use our Service.

Our Service handles highly sensitive personal information, including personal memories, conversation data, personality profiles, and AI persona configurations. We recognize the profound responsibility this entails and are committed to complying with all applicable data protection regulations, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Japan's Act on the Protection of Personal Information (APPI).

By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree with the terms of this Policy, please do not access the Service.

We collect the following categories of information to provide and improve the Service:

We use the information we collect for the following purposes:

• To provide, operate, maintain, and improve the Service
• To generate, train, and optimize AI persona response quality
• To monitor persona health and ensure safety compliance
• To manage user accounts and authentication
• To provide customer support and respond to inquiries
• To analyze usage patterns and improve service performance
• To detect, prevent, and address fraud, abuse, and security issues
• To comply with legal obligations
• For other purposes with your explicit consent

We will not use your personal information for purposes other than those described in this Policy. If we need to change the purposes for which we process your data, we will notify you and, where required, obtain your consent.

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: We may share information with third-party vendors who perform services on our behalf (e.g., cloud infrastructure, AI processing, analytics). These providers are contractually bound to protect your data and use it only for the purposes for which it was disclosed.
• Legal Requirements: We may disclose information in response to lawful requests by public authorities, including to meet law enforcement or national security requirements, court orders, or legal process.
• Protection of Rights: When necessary to protect our rights, property, or safety, or the rights, property, or safety of our users or the public.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will provide notice before your information becomes subject to a different privacy policy.
• With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy. Specific retention periods are as follows:

• Account Information: Retained while your account is active and for 30 days after deletion (recovery grace period)
• Persona Data and Conversation Logs: Retained while your account is active; permanently deleted upon account deletion
• Usage Data: Retained for up to 24 months after collection, then anonymized or deleted
• Legally Required Data: Retained for the period required by applicable law

Upon your request for account deletion, we will delete all personal data within 30 days, except where retention is required for compliance with legal obligations.

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, loss, alteration, and disclosure.

• Encryption of data in transit and at rest (TLS 1.3 / AES-256)
• Access controls and role-based permission management
• Regular security audits and vulnerability assessments
• Intrusion detection and prevention systems
• Employee data protection training programs
• Incident response planning and procedures

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

To exercise any of these rights, please contact us using the information provided at the end of this Policy. We will verify your identity and respond within the timeframe required by applicable law.

The Service may use the following types of cookies and tracking technologies:

• Essential Cookies: Required for basic service functionality, including user authentication, session management, and language preference persistence. These are strictly necessary and cannot be disabled.
• Functional Cookies: Used to remember your settings and preferences (theme, layout, etc.) to provide a personalized experience.
• Analytics Cookies: Used to analyze service usage and improve performance. We use only anonymized or aggregated data for this purpose.

We do not use third-party advertising or tracking cookies. You can manage cookie acceptance through your browser settings, though some features may be limited as a result.

The Service uses localStorage to persist client-side data, including persona information, conversation history, and language settings. This data is stored only on your device and is retained until you explicitly clear it.

We are based in Japan, but your personal data may be transferred to and stored on servers located outside Japan in connection with the provision of the Service. In particular, our cloud infrastructure and AI processing providers may be located in the United States or other countries.

When we transfer personal data internationally, we implement appropriate safeguards, including:

• Transfers to countries recognized by the European Commission as providing adequate data protection
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Other appropriate safeguards such as Binding Corporate Rules

For more information about international data transfers, please contact our Data Protection Officer.

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.

We may update this Policy from time to time to reflect changes in law, our Service, or other factors. When we make changes, we will post the revised Policy on this page and update the "Last updated" date.

If we make material changes, we will provide notice through the Service, via email, or other appropriate means. Your continued use of the Service after any changes indicates your acceptance of the revised Policy.

We encourage you to review this Policy periodically to stay informed about how we protect your information.

If you have any questions about this Policy, wish to exercise your data protection rights, or have concerns about our handling of your personal information, please contact us:

If you are a resident of the EEA, you have the right to lodge a complaint with your local data protection supervisory authority. However, we encourage you to contact us first so we can try to resolve your concerns.