HAREZEN Privacy Policy
Last updated: March 31, 2026
> Note: This English translation is provided for reference purposes only. In the event of any discrepancy between the Japanese and English versions, the Japanese version shall prevail.
1. Introduction
The HAREZEN operating entity (hereinafter "the Company") is committed to protecting the personal information of customers (hereinafter "Users") who use the food order and delivery service "HAREZEN" (hereinafter "the Service").
This Privacy Policy (hereinafter "this Policy") sets forth the types of personal information we collect, the purposes of use, third-party sharing, and User rights.
2. Types of Personal Information Collected
2-1. Information Provided Directly by Users
| Type | Details | Timing |
| Name | Full name (Japanese/English) | At order placement |
| Email address | Contact email | At order placement / Coming Soon registration |
| Phone number | Contact phone number | At order placement |
| Delivery address | Accommodation name, address, room number, etc. | At order placement |
| Payment information | Credit card number, etc. | At payment (not stored by the Company; see below) |
| Equipment information | Accommodation equipment (microwave, stove, refrigerator, BBQ grill) | At order placement |
| Allergy information | Voluntarily provided allergy information | At order placement |
| Inquiry content | Customer support inquiries | At inquiry |
2-2. Automatically Collected Information
| Type | Details | Purpose |
| Access logs | IP address, browser type, access date/time | Service operation, security |
| Device information | OS, screen size, language settings | Service improvement |
| Cookie data | Session management and analytics cookies | Session management, service improvement |
| Usage history | Order history, browsing history | Service improvement, recommendations |
2-3. Payment Information
Credit card numbers and other payment information are collected and processed directly by the external payment service Stripe, Inc. Credit card information is never stored on the Company's servers. For Stripe's handling of payment information, please refer to Stripe's Privacy Policy.
3. Purposes of Use
The Company uses collected personal information for the following purposes:
- 1. Order processing and delivery: Accepting orders, transmitting order information to Partner Restaurants, arranging and executing delivery
- 2. Payment processing: Processing food and delivery fee payments, processing refunds
- 3. Service communications: Order status notifications, delivery-related communications, important service announcements
- 4. Customer support: Responding to inquiries, resolving issues
- 5. Service improvement: Analyzing usage patterns, improving service quality, developing new features
- 6. Marketing: Distributing campaign information (only with User consent)
- 7. Security: Detecting and preventing unauthorized use, ensuring security
- 8. Legal compliance: Legal obligations (tax reporting, etc.)
4. Third-Party Sharing
The Company will not provide Users' personal information to third parties except in the following cases:
4-1. Sharing Necessary for Service Provision
| Recipient | Information Shared | Purpose |
| Partner Restaurants | Order details, delivery area (not detailed address), allergy information, pickup method | Order preparation |
| Delivery staff | Delivery address, User name, phone number, pickup method | Delivery execution |
| Stripe, Inc. | Information necessary for payment | Payment processing |
| Supabase (database) | Information necessary for service operation | Database hosting |
| Vercel (hosting) | Access logs | Website hosting |
4-2. Legally Required Disclosure
- When disclosure is required by law (court orders, law enforcement requests, etc.)
- When necessary for the protection of life, body, or property and obtaining consent is difficult
4-3. Statistical Data
Anonymized and aggregated order data (in a format that does not identify individuals) may be used for service improvement and reporting to Partner Restaurants and accommodation facilities.
5. Cookies and Analytics
5-1. Use of Cookies
The Company uses cookies for the following purposes:
| Type | Purpose | Required/Optional |
| Session cookies | Maintaining login state, preserving cart contents | Required |
| Functional cookies | Remembering language preferences | Required |
| Analytics cookies | Access analysis (Google Analytics, etc.) | Optional |
5-2. Managing Cookies
Users may refuse cookies through their browser settings. However, refusing required cookies may prevent some features of the Service from functioning properly.
5-3. Google Analytics
The Company may use Google Analytics to understand website usage. Google Analytics uses cookies to collect User information but does not collect personally identifiable information. For Google's handling of data, please refer to Google's Privacy Policy.
6. Data Retention
6-1. Retention Periods
| Information Type | Retention Period | Basis |
| Order and transaction records | 7 years after transaction completion | Bookkeeping obligations under the Corporation Tax Act |
| Account information | 6 months after account deletion | Fraud prevention, customer support |
| Coming Soon registration emails | 1 year after official service launch | Marketing purposes (consent-based) |
| Access logs | 1 year after collection | Security, service improvement |
| Inquiry content | 3 years after resolution | Customer support quality management |
6-2. Storage Location
Personal information is stored on Supabase (server location: Japan or Asia-Pacific region). Data is stored and transmitted in encrypted form.
6-3. Security Measures
The Company implements the following security measures to prevent leakage, loss, or damage of personal information:
- Database access control (Row Level Security)
- Communication encryption (TLS/SSL)
- Restricted administrator access and log management
- Regular security reviews
7. User Rights
Users have the following rights regarding their personal information held by the Company:
7-1. Right to Access
Users may request disclosure of personal information held by the Company.
7-2. Right to Correction, Addition, or Deletion
Users may request correction, addition, or deletion of personal information when the content is inaccurate.
7-3. Right to Suspension or Erasure
Users may request suspension or erasure of personal information when it is being used beyond the scope of the stated purposes or was obtained unlawfully.
7-4. Request Procedure
Please submit the above requests by email to the contact below. Identification documents may be required for identity verification. Requests will be addressed within 30 days of receipt.
Contact: privacy@harezen.com
8. Cross-Border Data Transfers
The following services operated by foreign entities are used in operating the Service:
| Service | Operator | Country | Purpose |
| Stripe | Stripe, Inc. | United States | Payment processing |
| Supabase | Supabase, Inc. | United States (servers in Asia-Pacific region) | Database |
| Vercel | Vercel, Inc. | United States | Web hosting |
Each service implements appropriate security measures in accordance with applicable data protection laws.
9. Changes to This Policy
The Company may update this Policy in response to changes in laws, service content, or other circumstances. Users will be notified of material changes through the Service or by email prior to implementation.
10. Contact
For inquiries regarding the handling of personal information, please contact:
- Email: privacy@harezen.com
- Operator: HAREZEN Operating Entity (to be updated upon corporate registration)
- Address: (to be updated upon corporate registration)
- Personal Information Protection Manager: (to be updated upon appointment)