PRIVACY POLICY

Privacy Policy

Last updated: June 17, 2026

Article 1 — Operator Information & Scope

TOKU, LLC. (hereinafter “we,” “our,” or “the Company”) establishes this Privacy Policy regarding the handling of personal information across all services we operate (hereinafter “the Services”).

OperatorTOKU, LLC. (合同会社德)
RepresentativeTomoka Tokutake
AddressWizard Building 402, 1-4-3 Asama-cho, Nishi-ku, Yokohama, Kanagawa 220-0072, Japan
Contactinfo@toku.llc

Services covered by this Policy

  • tabiin (iOS app)
  • Tabiato (iOS app)
  • Tabippi (iOS app)
  • Tabiniwa (iOS app)
  • Tabigo (iOS app)
  • Tabibako (iOS app)
  • FanPath Japan (fanpath.travel)
  • Anime Spots (animespots.travel)
  • TOKU, LLC. Corporate Website (toku.llc)

Note: The iOS apps tabiin, Tabiato, Tabippi, Tabiniwa, Tabigo, and Tabibako share a unified cloud backend (Firebase project “toku-shared”). When users sign in with the same Apple ID or Google account, the same profile and friend information becomes available across these apps.

Article 2 — Information We Collect

(1) All Services

  • Access logs (IP address, browser information, referring URL, access date/time)
  • Data collected via cookies and similar technologies
  • Information submitted through contact forms (name, email address, message)

(2) tabiin App (Specific)

  • Account information: Email address and user identifier (UID) obtained via Sign in with Apple or Google authentication. Used solely for account management and friend features.
  • Visit records: Shrine/temple name, visit date, and notes entered by the user, stored on Cloud Firestore.
  • Friend information: User ID and display name of friend-registered users.
  • Sharing impressions with friends (“Everyone's impressions” feature, v2.7.0): For friends (accepted) you record as having visited together, a shared record is stored on Cloud Firestore so that participants can view each other's impressions and display names for that visit. Sharing is limited to the participants of that visit and is never made public beyond them.
  • Visit photos (optional): Photos attached during a visit (up to 5) are stored on Firebase Storage (Google LLC / USA). Photo library access occurs only when attaching photos; attachment is optional.
  • tabiin does not access location, camera, or microphone.
  • Advertising identifier (IDFA): Google AdMob banner and interstitial ads are displayed. The advertising identifier is used only when the user selects “Allow” in the App Tracking Transparency (ATT) dialog; otherwise only non-personalized ads are shown.
  • External service integration (Rakuten Travel): Tapping the “Book on Rakuten Travel” button on a facility detail screen opens an external page operated by Rakuten Group, Inc. The link includes our affiliate identifier, but no personal information of the user is transmitted to Rakuten. Booking and browsing history on Rakuten Travel is governed by Rakuten's privacy policy.
  • Account deletion is available via in-app Settings → Delete Account. All user data on Firestore and Firebase Storage is deleted immediately upon account deletion.

(3) Tabiato App (Specific)

  • Location data (GPS): Used only during a check-in action to verify whether the user is within 500m of the pilgrimage spot. Collected only with explicit permission and not stored persistently on our servers.
  • Account information: Email address and user identifier (UID) obtained via Sign in with Apple or Google authentication. Used solely for account management and friend features. Before sign-in, a Firebase anonymous UID is used to associate data with a device.
  • Check-in history (work ID, spot ID, visited date/time): Stored on Cloud Firestore for visit logging and history display.
  • Check-in photos (optional): Photos attached during a check-in (up to 5) are stored on Firebase Storage (Google LLC / USA). Photo library access occurs only when attaching photos; attachment is optional.
  • Friend information: User ID and handle name of friend-registered users.
  • Work requests (optional): Work title, comments, and UID submitted via the request feature are stored on Firestore. Request content is used solely for internal listing review and will not be made public.
  • Advertising identifier (IDFA): From v2.0.0 onwards, Google AdMob banner and interstitial ads are displayed. The advertising identifier (IDFA) is used for ad delivery only when the user selects “Allow” in the App Tracking Transparency (ATT) dialog shown at app launch. If “Ask App Not to Track” is selected, only non-personalized ads are shown.
  • Crash diagnostics (Firebase Crashlytics): From v2.6.0 onwards, when the app crashes or encounters a critical error, diagnostic information (device model, OS version, stack trace, and an anonymous app instance ID) is sent to Firebase Crashlytics (Google LLC / USA) and used solely to identify defects and improve quality. It does not include directly identifying information such as name or contact details.

(4) Tabippi App (Specific)

  • Account information: Email address and user identifier (UID) obtained via Sign in with Apple, Google authentication, or email/password registration. Used solely for account management, friend features, and Trip sharing. Before sign-in, a Firebase anonymous UID is used to associate data with a device.
  • Trip information: Title, destination, dates, party size, budget, cover emoji, and cover photo (optional). Text data is stored on Cloud Firestore; cover photos are stored on Firebase Storage (Google LLC / USA). Photo library access occurs only when setting a cover photo; attachment is optional.
  • Expense information: Item title, amount, category, payment date, and notes. Used solely for personal expense tracking and never shared with third parties.
  • Friend information: User ID and handle name of friend-registered users.
  • Trip-sharing information: When the user optionally shares a trip with a friend, the list of member UIDs (ownerUID / memberUIDs) is stored. The owner and members can each record and view expenses for the shared trip. Members can leave a shared trip at any time using the “Leave shared trip” action.
  • Trip member names (when sharing is not used): Labels entered by the user for personal expense management (e.g., “Alex”, “myself”). We will not provide or disclose information about any third parties named in these labels.
  • Tabippi does not access location, camera, or microphone.
  • Advertising identifier (IDFA): From v2.0.0 onwards, Google AdMob banner and interstitial ads are displayed. The advertising identifier is used only when the user selects “Allow” in the ATT dialog. Otherwise, only non-personalized ads are shown.

(5) Tabiniwa App (Specific)

  • Account information: Email address and user identifier (UID) obtained via Sign in with Apple or Google authentication. Used solely for diary storage, garden growth tracking, and friend features. In guest mode, only a Firebase anonymous UID is obtained.
  • Diary information: Text, mood (5 levels), tags, date, and attached photos (up to 5, optional) entered by the user are stored on Cloud Firestore and Firebase Storage (Google LLC / USA).
  • Sharing diaries with friends (Timeline feature, v1.3.0): Depending on the visibility you set for each diary entry, your accepted friends can view that entry's content and your display name. Visibility (“share with friends” on/off) is chosen per entry; by default, entries created before this feature (v1.3.0) are private. Entries are never made public beyond your friends, and you can change visibility at any time to stop friends from viewing an entry.
  • Garden information: Garden name, emoji, cover color, scope (trip / visited place / freeform), and 5-stage growth (seed / sprout / cotyledon / bud / bloom) are stored on Cloud Firestore. In v1.0.0, only the user can view it. A future update may add an option to share the garden with friends if the user explicitly opts in (we will update this Policy at that time).
  • Visited place name (optional): If a photo attached to a diary entry contains location data in its EXIF metadata, we read those coordinates via ImageIO and transmit them to Apple Inc.'s geocoding service (CLGeocoder, USA) to convert them into a place name string (e.g., prefecture, municipality, country). Raw latitude and longitude are never stored on our servers; only the converted place name string is saved as the visit location. We do not request GPS device access permission (NSLocationWhenInUseUsageDescription). For photos without EXIF location data, the visit location is not auto-populated (the user can enter it manually).
  • Friend information: User ID and handle name of friend-registered users. The same friend list is shared with tabiin, Tabippi, and Tabiato.
  • Tabiniwa Premium subscription information: When a user purchases a monthly (¥480/month) or annual (¥4,800/year) subscription, we obtain the purchase receipt, transaction ID, purchase date/time, and renewal date/time from Apple Inc.'s App Store servers (USA). This information is used solely for subscription state verification via StoreKit 2. We have no involvement in payment processing itself (card numbers, billing amounts, etc., are managed solely by Apple Inc.).
  • Tabiniwa does not request GPS device access permission or access the microphone. Camera and photo library access occurs only when attaching photos to a diary; attachment is optional.
  • Advertising identifier (IDFA): From v1.0.0 onwards, Google AdMob banner and interstitial ads are displayed. The advertising identifier is used only when the user selects “Allow” in the ATT dialog.

(6) Tabigo App (Specific)

  • Account information: Email address and user identifier (UID) obtained via Sign in with Apple, Google authentication, or email/password registration. Used solely for account management and friend features. Before sign-in, a Firebase anonymous UID is used to associate data with a device.
  • Phrase information: Japanese phrases entered by the user, generated English sentences, and extracted English words with their meanings are stored on Cloud Firestore (Google LLC / USA). Only the user can view them; we never disclose them to third parties.
  • About translation: Japanese→English and word translation is performed entirely on the user's device via Apple's Translation framework, and the text to be translated is not transmitted to external servers (language data is downloaded from Apple only on first use). Key-word extraction is also performed on-device (NaturalLanguage).
  • Friend information: User ID and handle name of friend-registered users. The same friend list is shared with tabiin, Tabippi, Tabiato, and Tabiniwa.
  • Tabigo does not access location, camera, microphone, or photo library.
  • Advertising identifier (IDFA): Google AdMob banner and interstitial ads are displayed. The advertising identifier is used only when the user selects “Allow” in the ATT dialog; otherwise only non-personalized ads are shown.

(7) Tabibako App (Specific)

  • Account information: Email address and user identifier (UID) obtained via Sign in with Apple or Google authentication. Used solely for account management, friend features, and packing-list sharing. Before sign-in, a Firebase anonymous UID is used to associate data with a device.
  • Packing data: Packing lists, items (name, category, quantity, assignee, notes, carry type), bags, and templates are stored on Cloud Firestore (Google LLC / USA).
  • Trip import from Tabippi: When the user imports a trip they created in Tabippi (title, destination, dates, itinerary), it is displayed for reference on the same toku-shared backend. Only the user's own data is referenced and never provided to third parties.
  • Friend information: User ID and handle name of friend-registered users. The same friend list is shared with tabiin, Tabippi, Tabiato, Tabiniwa, and Tabigo.
  • Tabibako does not access location, camera, microphone, or photo library.
  • Advertising identifier (IDFA): Google AdMob banner and interstitial ads are displayed. The advertising identifier is used only when the user selects “Allow” in the ATT dialog; otherwise only non-personalized ads are shown.
  • Account deletion is available via in-app Settings → Delete Account.

Article 3 — Purpose of Use

  • Providing, operating, and improving our Services
  • Providing friend features and user-to-user content sharing (limited to the scope each user selects and approves)
  • Responding to inquiries and related communications
  • Analyzing usage (Google Analytics)
  • Delivering and optimizing advertisements (Google AdMob)
  • Preventing unauthorized use and ensuring security
  • Responding to Terms of Use violations and legal proceedings

Article 4 — Third-Party Disclosure

We will not provide collected personal information to third parties except in the following cases.

  • With the prior consent of the individual
  • When required by law
  • When necessary to protect the life, body, or property of a person

We may share information with the following service providers for operational purposes:

ProviderPurpose
Google LLCAnalytics (GA4) & Ad delivery (AdMob)
Google LLC (Firebase)Authentication, Cloud Firestore storage, and Firebase Storage (photos) for tabiin, Tabiato, Tabippi, and Tabiniwa apps. Operated on the unified project “toku-shared”.
Google LLC (AdMob)Banner and interstitial ad delivery for the tabiin, Tabippi, Tabiato, Tabiniwa, Tabigo, and Tabibako iOS apps
Google LLC (Crashlytics)Crash diagnostics and quality improvement for Tabiato (Firebase Crashlytics)
Apple Inc.Place name conversion from photo EXIF location (CLGeocoder) and Tabiniwa Premium subscription processing (App Store / StoreKit 2) for Tabiniwa
microCMS Inc.Content management (FanPath Japan)
Vercel Inc.Web service hosting
Cloudflare, Inc.Spam prevention (Turnstile)

Transfer of Personal Data to Third Parties Outside Japan (Article 28)

Among the service providers listed above, Google LLC (Firebase, GA4, AdSense, AdMob), Apple Inc., and Vercel Inc. are located in the United States. The United States is not designated as a country with an equivalent level of personal data protection under Article 28 of Japan's Act on the Protection of Personal Information (APPI). However, we have entered into the Google Cloud Data Processing Addendum (Google Cloud DPA), the Apple Developer Program License Agreement, and the Vercel DPA, establishing a system that meets the standards for appropriate and reasonable data handling under Article 28, Paragraph 3 and Article 16 of the Enforcement Rules.

RecipientCountryData TransferredLegal Basis
Google LLC (Firebase)USAAuth data, Firestore data, Storage photos (4-app unified project toku-shared)Google Cloud DPA (standard-compliant system)
Google LLC (GA4, AdSense)USAAccess logs, cookie dataGoogle Cloud DPA (standard-compliant system)
Google LLC (AdMob)USAAdvertising identifier (IDFA, only when ATT-allowed), device informationGoogle Cloud DPA (standard-compliant system)
Google LLC (Crashlytics)USACrash diagnostics (device model, OS, stack trace, anonymous instance ID)Google Cloud DPA (standard-compliant system)
Apple Inc. (CLGeocoder)USAEXIF location data of photos attached in Tabiniwa (transmitted only for place name conversion; only the converted place name string is stored on our servers)Apple Developer Program License Agreement (standard-compliant system)
Apple Inc. (App Store / StoreKit)USATabiniwa Premium subscription purchase receipt and transaction ID (payment information is managed solely by Apple Inc.)Apple Developer Program License Agreement (standard-compliant system)
Vercel Inc.USAAccess logsVercel DPA (standard-compliant system)

Article 5 — Cookies, Analytics & Advertising

Our web services use cookies. You may disable cookies through your browser settings, though some features may not function properly as a result. Our iOS apps (tabiin, Tabippi, Tabiato, Tabiniwa, Tabigo, Tabibako) display Google AdMob banner and interstitial ads, and use the advertising identifier (IDFA) only when the user selects “Allow” in the ATT dialog (otherwise only non-personalized ads are shown).

Access Analytics (Google Analytics 4)

Our web services (FanPath Japan, Anime Spots, toku.llc, etc.) use Google Analytics 4 (provided by Google LLC, USA) to analyze traffic. GA4 collects behavioral data via cookies and transmits it to Google's servers in the United States. This information is used solely for improving our services. To opt out of GA4 data collection, please use the Google Analytics Opt-out Browser Add-on.

Advertising (Google AdSense)

Our web services use Google AdSense (provided by Google LLC, USA) to serve advertisements based on user interests via cookies. For Google's privacy policy, see Google Privacy Policy. You can manage ad preferences at Google Ad Settings.

For the transfer of GA4 and AdSense data to the United States, please refer to Article 4 “Transfer of Personal Data to Third Parties Outside Japan.”

Article 6 — Location Data

Tabiato

The Tabiato app uses your device's GPS location only during a check-in action to verify whether you are within 500m of the pilgrimage spot. Location data is collected only with your explicit permission and is not stored persistently on our servers. Only the work ID, spot ID, and visited date/time are saved as check-in history — raw latitude/longitude is not retained. You may stop location access at any time by uninstalling the app or revoking location permissions in your device's OS settings.

Tabiniwa

The Tabiniwa app does not request GPS device access permission (NSLocationWhenInUseUsageDescription) at all. Only when a photo attached to a diary entry contains location data in its EXIF metadata, we read those coordinates via ImageIO and transmit them to Apple Inc.'s geocoding service (CLGeocoder, USA) to convert them into a place name string (e.g., prefecture, municipality, country). Only the converted place name string is stored as the diary's “visit location” on Cloud Firestore; raw latitude/longitude is never stored on our servers. For photos without EXIF location data, the visit location is not auto-populated, and the user can enter it manually instead.

Article 7 — Storage and Management

We manage collected personal information appropriately and take measures to prevent unauthorized access, loss, and leakage. Personal information that is no longer needed after an inquiry is resolved will be promptly deleted, except where retention is required for Terms of Use violations or legal proceedings.

Article 8 — Your Rights

You may request access to, correction of, or deletion of your personal information held by us. Please contact us at the address below to submit such requests.

Article 9 — Children's Privacy

Our Services are not directed to children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will promptly delete it.

Article 10 — Changes to This Policy

We may update this Policy as necessary. Changes take effect when posted on this page. When significant changes are made, we will update the “Last updated” date at the top of this page.

Article 11 — Contact

For inquiries regarding this Policy, please contact us through the following.

OperatorTOKU, LLC. (合同会社德)
Emailinfo@toku.llc
Formhttps://toku.llc/#contact