Last Updated: March 28, 2026
About Us #
| Item | Details |
|---|---|
| Business Name | ottava |
| Operator | Hiroya Onoe |
| Address | (Available upon request) |
| Contact | contact@ottava.dev |
Introduction #
ottava (“we”, “us”, or “our”) operates mobile applications and related services (collectively, the “Service”). This Privacy Policy describes how we collect, use, and share your personal information when you use our Service.
1. Information We Collect #
1.1 Information You Provide #
- Account Information: Name and email address (obtained through Apple Sign In)
- Profile Information: Classroom name, student names, and other information you enter in the App
- Chat Content: Messages sent through the in-app chat feature
1.2 Information Collected Automatically #
- Device Information: Device tokens (used for push notifications)
- Usage Data: Anonymized statistics about App usage
We currently do not use cookies or tracking technologies for advertising purposes. If we introduce tracking in the future, such as for advertising measurement, we will request your permission in advance in accordance with Apple’s App Tracking Transparency framework.
1.3 Information from Third-Party Services #
- Apple Sign In: Authentication information associated with your Apple ID
2. How We Use Your Information #
We use the collected information for the following purposes:
- Creating and authenticating your account and managing login sessions
- Displaying lesson schedules, processing absence notifications, and automatically matching and confirming rescheduled lessons
- Sending push notifications such as lesson reminders and rescheduling results
- Sending chat messages to Anthropic, PBC’s AI service for schedule adjustments and response generation
- Fixing bugs and improving usability of the App
- Responding to inquiries
- Addressing violations of our Terms of Service
3. Sharing of Information #
We do not share your personal information with third parties except in the following cases:
- With your consent
- When required by law
- With service providers necessary for Service operation:
- Supabase, Inc.: Data storage and authentication (United States)
- Anthropic, PBC: AI chat functionality (United States)
- Apple Inc.: Push notifications (Apple Push Notification service)
Each service provider maintains data protection measures at a level equivalent to or higher than this Policy.
4. International Data Transfers #
Through the service providers listed above, your personal information may be stored and processed on servers located in the United States (pursuant to Article 28 of Japan’s Act on the Protection of Personal Information).
4.1 Data Protection in the United States #
The United States does not have a comprehensive federal data protection law comparable to the EU’s GDPR or Japan’s APPI. Protection is provided through sector-specific laws (HIPAA, COPPA, etc.) and state laws such as California’s CCPA/CPRA. U.S. government agencies may access data held by U.S. companies under certain conditions pursuant to FISA Section 702 and the CLOUD Act.
4.2 Protection Measures by Service Providers #
| Provider | Key Measures |
|---|---|
| Supabase, Inc. | SOC 2 Type II certified. Data encryption at rest (AES-256) and in transit (TLS). Logical data isolation via Row-Level Security (RLS) |
| Anthropic, PBC | Data sent via API is not used for model training, as stipulated in the data processing agreement. Encryption in transit (TLS) |
| Apple Inc. | ISO 27001 certified. Push notification payloads are encrypted end-to-end |
5. Data Storage #
- Data is stored on Supabase cloud servers (US region).
- Personal information will be deleted within 30 days after account deletion.
- Backup data is automatically deleted within 90 days.
6. Your Rights #
You have the following rights:
- Right of Access: Request disclosure of your personal information
- Right of Rectification: Request correction, addition, or deletion of inaccurate personal information
- Right to Restrict Processing: Request restriction or erasure of your personal information
- Account Deletion: You can delete your account at any time through the in-app account deletion feature
To exercise these rights, please contact us at contact@ottava.dev. We will respond within a reasonable time after verifying your identity.
7. Children’s Privacy #
The Service handles student information, but students do not create accounts themselves. Student information is managed by teachers or guardians (adult users). Children under 13 cannot create accounts directly.
8. Security #
We implement reasonable security measures to prevent unauthorized access, loss, or alteration of personal information, including:
- Encrypted communications (TLS)
- Row-Level Security (RLS) on database
- Secure management of authentication tokens
9. Changes to This Policy #
We may update this Privacy Policy from time to time. We will notify you of significant changes through in-app notifications or email. The updated policy becomes effective when posted on this page.
10. Contact Us #
If you have questions about this Privacy Policy, please contact us at:
- Email: contact@ottava.dev