Privacy Policy
Version 1.0 · Last updated: 2026-04-21
1. Controller Information
| Controller | Keita Takenouchi |
| Contact | LinkedIn profile |
| Service | SaibaiNote |
2. Information We Collect
2.1 On Registration
- Email address — used as your login identifier.
- Password hash — stored in hashed form; your plain-text password is never saved.
2.2 During Use
- Cultivation records — crop names, varieties, start dates, growing spaces, care logs, harvest amounts.
- Diary text — notes and memos you enter.
- Photos — images you upload (max 20 MB per image).
- Weather records — weather conditions and temperatures you enter manually.
- Language preference — display language setting.
2.3 Collected Automatically
- Session information — anonymous session ID if you use the Service without an account.
- Access logs — IP address, request timestamp, and other standard server logs retained by Cloudflare Workers.
3. How We Use Your Information
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Email, password hash | Authentication, account management | Performance of contract |
| Cultivation records, photos | Core service features, cross-device sync | Performance of contract |
| Language preference | UI personalisation | Performance of contract |
| Access logs | Security monitoring, abuse prevention | Legitimate interests |
We will never sell your personal data to third parties.
4. Data Storage
| Data type | Storage |
|---|---|
| Account info, cultivation records | Cloudflare D1 (SQLite on Cloudflare's infrastructure) |
| Photos and image files | Cloudflare R2 (Cloudflare object storage) |
Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.
5. Data Retention
| Data | Retention period |
|---|---|
| Registered user data | Until account deletion |
| Guest session data | 90 days after last activity |
| Access logs | Subject to Cloudflare's standard retention policy |
6. Third-Party Services
6.1 Cloudflare Turnstile
We use Cloudflare Turnstile to protect the registration form from spam and bots. Turnstile transmits request data to Cloudflare's servers for challenge verification. Please refer to Cloudflare's privacy policy for details.
6.2 Other Services
We do not currently share personal data with any other third parties. If we add additional services (such as an email delivery provider) in the future, this policy will be updated accordingly.
7. Cookies
| Cookie | Purpose | Type |
|---|---|---|
| access_token | JWT authentication (HttpOnly) | Strictly necessary |
| refresh_token | Session renewal (HttpOnly) | Strictly necessary |
| has_account | UI state (guest vs authenticated) | Strictly necessary |
| NEXT_LOCALE | Display language preference | Functional |
All cookies listed above are required for the core functionality of the Service. We do not use advertising cookies.
8. Your Rights
You have the following rights regarding your personal data:
- Access — request disclosure of the personal data we hold about you.
- Rectification — request correction of inaccurate personal data.
- Erasure — delete your account and all associated data at any time via the "Delete Account" feature in the app.
- Restriction — request that we restrict processing of your data in certain circumstances.
- Data portability — request your data in machine-readable form (availability subject to ongoing development).
- Object — object to processing based on legitimate interests.
- Lodge a complaint — if you are located in the EU/EEA, you have the right to lodge a complaint with the data protection authority (supervisory authority) of your country of residence.
To exercise any right other than account deletion, please contact us via LinkedIn.
9. International Data Transfers
The Service runs on Cloudflare's global network, which means your data may be processed and stored on servers outside your country of residence, including outside the EEA. Cloudflare maintains appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs).
10. Children's Privacy
The Service is not directed at children under 13. If we become aware that we have collected personal data from a child under 13, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced within the Service or by other appropriate means before taking effect. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
12. Contact
For questions about this Privacy Policy or how we handle your personal data, please contact us via LinkedIn.