Keelson

Privacy Policy

Last updated: March 1, 2026

Provider: Strictus GK (hereinafter referred to as the “Company”, “we”, “us”, or “our”).

This Privacy Policy (this “Policy”) explains how we collect, use, disclose, and safeguard your information when you use our service “Keelson” (the “Service”). Please read this Policy carefully. If you do not agree with the terms of this Policy, please do not access the Service.

1. Scope and Definitions

This Policy applies to information we collect from:

  • “Users”: Individuals acting on behalf of business entities (corporations, organizations, etc.) that register for and use the Service.
  • “Visitors”: Individuals who visit our website.
  • “Personal Information” (or “Personal Data”) means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) to an identified or identifiable individual.

Note on “User Data” (Customer Data):

As a cloud infrastructure provider, we host data uploaded, stored, or processed by Users using the Service (“User Data”). With respect to User Data, the User (Business Entity) acts as the “Data Controller” and we act as the “Data Processor” (or Service Provider). We process User Data solely in accordance with the User’s instructions and our Terms of Service. For details on User Data, please refer to Section 5.

2. Information We Collect

We collect information in the following ways:

A. Information You Provide to Us Directly

We collect information that you voluntarily provide to us when you register for the Service or communicate with us.

  • Account and Contact Information: Corporate name, contact person’s name, department, job title, email address, phone number, and physical address.
  • Authentication Information: We use third-party authentication services (e.g., Clerk) to manage user logins. We generally do not store your password directly on our servers.
  • Payment Information: We use third-party payment processors (e.g., Stripe) to process payments. We do not store your full credit card information.
  • Communications: Content of your inquiries, feedback, survey responses, and support tickets.

B. Information Collected Automatically

When you access or use the Service, we may automatically collect certain information about your device and usage.

  • Device Information: Hardware model, operating system, browser type, and unique device identifiers.
  • Log Data: IP address, access dates and times, pages viewed, and operation history.
  • Usage Data: Resource usage metrics (CPU, memory), error logs, and other operational data related to your use of the Service.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to maintain your session and analyze usage.

3. How We Use Your Information

We use the collected information for the following business purposes:

  • To Provide the Service: To create and manage your account, authenticate users, provide infrastructure resources, and process payments.
  • To Improve the Service: To analyze usage trends, monitor system health, and develop new features.
  • To Communicate with You: To send administrative information (such as invoices, technical notices, and security alerts) and respond to your inquiries.
  • Security and Compliance: To detect and prevent fraud, abuse, and security incidents, and to comply with legal obligations.
  • Marketing: To send you information about our services that may be of interest to you. We do not use “User Data” (data you host on the Service) for our own marketing purposes. You may opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us using the details in Section 12.

4. Disclosure of Your Information

We do not sell your Personal Information. We disclose your information only in the following circumstances:

  • Service Providers (Subprocessors): We may share Personal Information with third-party vendors and service providers that help us operate, provide, maintain, and secure the Service (e.g., cloud hosting, authentication, payment processing, analytics, customer support). Where appropriate, we require such parties to process Personal Information only on our instructions and to protect it. We may maintain a list of key service providers (subprocessors) and update it from time to time.
  • Legal Requirements: We may disclose your information as required by law, regulation, legal process, or governmental request, or where we believe in good faith that disclosure is necessary to investigate, prevent, or take action regarding potential violations of our policies, fraud, or security issues, or to protect the rights, property, and safety of the Company, our users, or others.
  • Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • With Your Consent: We may disclose your personal information for any other purpose with your consent.

5. Handling of User Data (Our Role as Processor)

  • Processor Role: When you use the Service to host applications or data (“User Data”), we process such data solely on your behalf and in accordance with your instructions as necessary to provide the Service (e.g., hosting, backup, troubleshooting).
  • No Independent Use: We do not access, use, or disclose User Data for our own independent marketing or advertising purposes.
  • Data Subject Requests: If we receive a request from an individual (Data Subject) exercising their rights (e.g., access, deletion) regarding personal information contained within User Data, we will direct the Data Subject to you (the User/Controller). We will assist you in responding to such requests to the extent required by applicable law and our agreement.
  • Data Processing Addendum: Where required, we may provide or enter into a data processing addendum (DPA) with the User governing our processing of User Data.

6. International Data Transfers

The Service is operated primarily from Japan, and we may use service providers located in Japan, the United States, and other jurisdictions. Your Personal Information may be transferred to, stored, and processed in jurisdictions that may not provide the same level of data protection as your home jurisdiction.

Where required by applicable law, we implement appropriate safeguards for international transfers, such as contractual protections (including standard contractual clauses where applicable) and other measures designed to provide an adequate level of protection. You may contact us using the details in Section 12 to request additional information about the safeguards we use.

7. Security and Retention

  • Security Measures: We implement administrative, technical, and physical security measures to help protect your Personal Information. However, please be aware that no electronic transmission or storage is 100% secure.
  • Data Retention: We retain your Personal Information only for as long as is necessary for the purposes set out in this Policy. We will delete or anonymize your information when it is no longer needed, unless a longer retention period is required or permitted by law (e.g., for tax, accounting, or legal dispute purposes).

8. Third-Party Analytics

We may use third-party analytics services, such as Google Analytics and PostHog, to evaluate your use of the Service and improve the product experience. These third parties use cookies and other technologies to help analyze and provide us with the data.

Opt-Out: You can prevent Google Analytics from using your information by installing the Google Analytics Opt-out Browser Add-on. You can also adjust your browser settings to block or delete cookies and similar technologies.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your Personal Information, such as the right to access, correct, delete, or restrict the processing of your data.

To exercise these rights, please contact us at the address below. We will respond to your request in accordance with applicable laws.

10. Children’s Privacy

The Service is a B2B service and is not directed to children. We do not knowingly collect Personal Information from children. If we become aware that we have collected Personal Information from a child, we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Effective Date” and the updated version will be effective as soon as it is accessible. We encourage you to review this Policy frequently to be informed of how we are protecting your information.

12. Contact Us

If you have questions or comments about this Policy, please contact us at:

Strictus GK – Privacy Contact

Email: privacy@keelson.dev