SailLab Privacy Policy

Effective Date: January 1, 2026

This Privacy Policy ("Policy") describes how SailLab, Inc. ("SailLab," "Company," "we," "us," or "our") collects, uses, and discloses your personal information when you use our scheduling service "SailLab" (the "Service"). This Policy applies to our website, applications, and all related services.

By using our Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree with this Policy, please do not use our Service.

This Policy is prepared in both Japanese and English. In the event of any conflict or discrepancy between the Japanese version and the English version, the English version shall prevail.

1. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to name, email address, and other identifiers.

• "Customer" means any individual or entity that creates an account and uses our Service.

• "Authorized User" means employees, contractors, or agents of a Customer who are authorized to use the Service under the Customer's account.

• "Invitee" means any third party who receives a booking link from a Customer or Authorized User and submits information through that link to schedule a meeting.

• "Customer Data" means all data submitted to or collected through the Service by Customers, Authorized Users, or Invitees.

2. Information We Collect

2.1 Information You Provide Directly

Account Information (Customers):

When you create an account, we collect:

• Name

• Email address

• Password (encrypted)

• Company name (if applicable)

Invitee Information:

When Invitees book meetings through our Service, Customers may collect information from Invitees, which may include:

• Name

• Email address

• Phone number (if requested by Customer)

• Any additional information the Customer chooses to collect through custom form fields

Payment Information:

We use Stripe as our third-party payment processor. When you subscribe to a paid plan, Stripe collects and processes your payment information (such as credit card details) directly. We do not store your full credit card number. We only receive limited information from Stripe, such as the last four digits of your card, card type, and expiration date for display purposes.

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

Log and Device Data:

• IP address

• Browser type and version

• Operating system

• Device type and unique device identifiers

• Referring URL

• Date and time of access

• Time zone

Usage Data:

• Features used within the Service

• Number of meetings scheduled

• Interaction patterns with the Service

2.3 Information from Third-Party Integrations

When you connect third-party services to SailLab, we may receive information from those services:

• Google Calendar: Calendar events, availability, and basic profile information

• Microsoft Outlook/Office 365: Calendar events, availability, and basic profile information

• Video Conferencing (Zoom, Google Meet): Meeting links and basic meeting information

We only access the minimum information necessary to provide our scheduling functionality. We do not read the content of your emails or access information beyond what is needed for calendar integration.

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our Service. These technologies help us analyze trends, administer the website, track users' movements, and gather demographic information.

3.1 Types of Cookies We Use

Essential Cookies:

These cookies are necessary for the Service to function properly. They enable core functionality such as authentication, security, and session management. You cannot opt out of these cookies.

Analytics Cookies:

We use Google Analytics to understand how visitors interact with our Service. Google Analytics collects information such as how often users visit the Service, what pages they visit, and what other sites they used prior to coming to our Service. We use this information to improve our Service. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Marketing Cookies:

We use Facebook Pixel to measure the effectiveness of our advertising and to deliver targeted advertisements. These cookies track your browsing activity across websites. You can opt out of interest-based advertising through your browser settings or through Facebook's ad preferences.

Session Recording:

We may use session recording tools to understand how users interact with our Service. These tools record your mouse movements, clicks, and scrolling behavior to help us improve user experience. Session recordings do not capture sensitive information such as passwords or payment details.

3.2 Your Cookie Choices

When you first visit our website, you will be presented with a cookie consent banner (where required by law) that allows you to accept or reject non-essential cookies. You can also manage your cookie preferences at any time through your browser settings or through the cookie settings link in the footer of our website.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain the Service: To operate our scheduling service, process bookings, send notifications, and provide customer support.

• Improve and Develop the Service: To understand how users interact with our Service, identify trends, and develop new features.

• Communicate with You: To send service-related communications (such as booking confirmations and reminders), respond to inquiries, and provide customer support.

• Marketing (with consent): To send promotional communications about new features, updates, or offers. You can opt out of marketing communications at any time.

• Security and Fraud Prevention: To detect, prevent, and address fraud, unauthorized access, and other illegal activities.

• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

5. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom (UK), we process your Personal Data based on the following legal grounds:

• Contract: Processing is necessary to perform our contract with you (providing the Service).

• Consent: You have given consent for processing for specific purposes (such as marketing communications and non-essential cookies).

• Legitimate Interests: Processing is necessary for our legitimate interests (such as improving our Service, fraud prevention, and security), provided these interests do not override your rights.

• Legal Obligation: Processing is necessary to comply with legal requirements.

6. How We Share Your Information

We do not sell your Personal Data. We may share your information in the following circumstances:

6.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Render (Hosting): Cloud infrastructure and data storage (Singapore region)

• Stripe (Payments): Payment processing

• SendGrid (Email): Transactional email delivery

• Google Analytics: Website analytics

• Facebook (Meta): Advertising and analytics

These service providers are contractually obligated to use your information only for the purposes of providing services to us and in accordance with this Policy.

6.2 Third-Party Integrations

When you connect third-party services (such as Google Calendar, Microsoft Outlook, Zoom, or Google Meet), we share necessary information with those services to enable the integration. Your use of these third-party services is governed by their respective privacy policies.

6.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

7. International Data Transfers

SailLab is operated by a company based in Japan. Your Personal Data may be transferred to, stored, and processed in countries outside of your country of residence, including:

• Singapore (primary data storage via Render)

• United States (certain service providers such as Stripe, SendGrid, and Google)

• Japan (Company operations)

These countries may have data protection laws that are different from the laws of your country. When we transfer Personal Data internationally, we implement appropriate safeguards to protect your information, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA

• UK International Data Transfer Agreement for transfers from the UK

• Selecting service providers that participate in recognized data transfer frameworks

8. Data Retention

We retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected, including:

• Account Data: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes.

• Booking Data: Retained for the duration necessary to provide the Service and as required for legal and business purposes.

• Log Data: Generally retained for up to 12 months for security and analytics purposes.

When you delete your account, we will delete or anonymize your Personal Data within a reasonable period, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

9. Data Security

We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest

• Secure password hashing

• Regular security assessments

• Access controls limiting employee access to Personal Data

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your Personal Data, we cannot guarantee its absolute security.

10. Your Rights and Choices

Depending on your location, you may have certain rights regarding your Personal Data:

10.1 Rights for All Users

• Access and Update: You can access and update your account information through your account settings.

• Delete Account: You can delete your account at any time through your account settings or by contacting us.

• Marketing Opt-Out: You can opt out of marketing communications by clicking the "unsubscribe" link in any marketing email or by contacting us.

• Cookie Preferences: You can manage your cookie preferences through our cookie settings or your browser settings.

10.2 Additional Rights for EEA/UK Residents (GDPR)

If you are located in the EEA or UK, you have the following additional rights under GDPR:

• Right of Access: Request a copy of your Personal Data.

• Right to Rectification: Request correction of inaccurate Personal Data.

• Right to Erasure: Request deletion of your Personal Data ("right to be forgotten").

• Right to Restrict Processing: Request limitation of processing of your Personal Data.

• Right to Data Portability: Request transfer of your Personal Data to another service.

• Right to Object: Object to processing based on legitimate interests.

• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

• Right to Lodge a Complaint: File a complaint with a supervisory authority.

10.3 Additional Rights for California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the categories and specific pieces of Personal Data we have collected about you.

• Right to Delete: Request deletion of your Personal Data.

• Right to Opt-Out of Sale/Sharing: We do not sell your Personal Data. However, certain uses of cookies for targeted advertising may be considered "sharing" under CCPA. You can opt out through our cookie settings.

• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information Collected (CCPA Disclosure):

In the preceding 12 months, we have collected the following categories of Personal Information: Identifiers (name, email, IP address); Commercial information (subscription history); Internet activity (usage data, cookies); and Geolocation data (approximate location from IP address).

10.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@saillab.co.jp. We will respond to your request within the timeframe required by applicable law (generally 30 days for GDPR, 45 days for CCPA). We may need to verify your identity before processing your request.

11. Customer's Responsibility for Invitee Data

When Customers use our Service to collect information from Invitees, SailLab acts as a "data processor" (under GDPR) or "service provider" (under CCPA) on behalf of the Customer, who is the "data controller" or "business."

Customers are responsible for:

• Providing appropriate privacy notices to Invitees

• Obtaining any necessary consents from Invitees

• Responding to data subject requests from Invitees

• Ensuring lawful collection and use of Invitee data

If you are an Invitee and have questions about how your data is being used, please contact the Customer who sent you the booking link.

12. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect Personal Data from children under 16. If you are a parent or guardian and believe that your child has provided us with Personal Data, please contact us at privacy@saillab.co.jp. If we become aware that we have collected Personal Data from a child under 16 without verification of parental consent, we will take steps to delete that information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will:

• Post the updated Policy on our website with a new "Effective Date"

• Notify you by email (for registered users) or through a prominent notice on our Service

We encourage you to review this Policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SailLab, Inc.

General Support: support@saillab.co.jp

For data protection inquiries from EEA/UK residents, you may also contact your local data protection authority.

© 2026 SailLab, Inc. All rights reserved.