Privacy policy
Last Updated: April 30, 2026
Article 1 (Personal Information We Collect)
Aotomori. (“the Company”) collects the following personal information from customers when providing this service: (1) Information necessary for orders and delivery, such as name, address, phone number, and email address; (2) Payment information such as credit card details (collected and stored through payment processing companies); (3) Order history, wishlist information, and inquiry details; (4) Automatically collected information such as cookies, IP addresses, browser information, device information, and browsing history. The Company does not collect personal information beyond the minimum scope necessary.
Article 2 (Purpose of Use)
The collected personal information is used for the following purposes: (1) Product shipping, payment processing, and responding to inquiries; (2) Account management, storage of order history, and provision of wishlist functions; (3) Sending emails regarding order confirmations, delivery status, product information, and campaign information (marketing emails are only sent with prior customer consent); (4) Creating statistical data and improving services in a form that does not identify individuals; (5) Preventing unauthorized use and complying with laws and regulations. If the purpose of use changes, customers will be notified in advance and consent will be obtained where necessary.
Article 3 (Provision to Third Parties and Outsourcing)
The Company will not provide personal information to third parties without customer consent, except in the following cases: (a) When required by law; (b) When necessary to protect human life, body, or property; (c) When outsourcing operations to delivery companies (such as Yamato Transport and Sagawa Express), payment processors (such as Shopify Payments and Stripe), email distribution services (such as Klaviyo), customer support tools, or analytics tools (such as Google Analytics). In such cases, information will only be provided within the necessary scope. The Company enters into agreements with contractors requiring security management standards equivalent to those of the Company.
Article 4 (Cookies, Access Analysis, and Advertising Distribution)
This service uses cookies, local storage, pixel tags, and similar technologies to improve user experience, analyze usage conditions, and optimize advertising delivery. Examples of tools used include Google Analytics 4, Meta Pixel, Klaviyo, Judge.me, and ShopApp. These tools may collect IP addresses and browsing history, but they are not linked to personally identifiable information. Cookies can be disabled through browser settings; however, some functions of the service may become unavailable. Detailed settings can be selected through the Cookie Settings section at the bottom of the website.
Article 5 (International Transfer of Personal Data)
Some cloud services used by the Company, including Shopify Inc. (Canada/United States), Google LLC (United States), and Meta Platforms (United States), may store and process personal data outside Japan. These countries either meet the personal information protection standards recognized by Japan’s Personal Information Protection Commission or implement appropriate safeguards such as Standard Contractual Clauses (SCCs). The Company operates in compliance with cross-border transfer regulations under the amended Act on the Protection of Personal Information (APPI) effective from 2022.
Article 6 (Customer Rights Regarding Retained Personal Data)
Customers have the right to request: (1) Notification of the purpose of use; (2) Disclosure of retained personal data (including electronic disclosure); (3) Correction, addition, or deletion; (4) Suspension of use or suspension of third-party provision; and (5) Disclosure of records regarding provision to third parties. Requests should be made through the inquiry contact listed at the end of this policy. The Company will respond in accordance with applicable laws after verifying the identity of the requester. In principle, no fees will be charged; however, actual costs may be charged for repeated disclosure requests.
Article 7 (Security Control Measures)
The Company implements organizational, human, physical, and technical security measures to prevent leakage, loss, or damage of personal information. Examples include: (a) Minimization and periodic review of access privileges; (b) Encryption during communication and storage (TLS/SSL); (c) Regular employee training; (d) Standards and supervision for selecting subcontractors; and (e) Prompt reporting to the Personal Information Protection Commission and notification to affected individuals in the event of incidents. In the event of information leakage or related incidents, the Company will respond appropriately in accordance with Article 26 of the Act on the Protection of Personal Information.
Article 8 (Revisions and Contact Information)
This policy may be revised in response to changes in laws, regulations, or service contents. If significant changes are made, notifications will be provided through this service. Please refer to the “Last Updated” date on this page for the latest version. For inquiries regarding the handling of personal information, please contact: Aotomori. Personal Information Protection Manager / Email: privacy@aotomori.jp Address: 2-12-8-606 Ropponmatsu, Chuo-ku, Fukuoka-shi, Fukuoka 810-0044, Japan Business Hours: Weekdays 10:00–18:00 (excluding weekends, public holidays, and New Year holidays)
