Legal

Privacy Policy

This policy sets out how LayerClock (the "Service") handles personal information.

This English version is a reference translation. The Japanese version prevails in case of any discrepancy. Please have it reviewed by your legal counsel before relying on it.

1. Information we collect

The Service collects the following information.

(1) Information you enter

Email address (used for account registration and login)
Display name (optional; set from your profile)
Time zone setting
WBS data (projects, phases, deliverables, tasks)
Work logs (start/end times and duration per task)
Tag information

(2) Information collected automatically

Authentication tokens (stored in HttpOnly cookies; not accessible via JavaScript)
API access logs (retained for a period to detect misuse and respond to incidents)

(3) Payment information

Credit card information is never stored on the Service's servers. Payment processing is handled through the payment system provided by Stripe, Inc., and card information is managed by Stripe. The Service retains only the Stripe customer ID and subscription ID.

2. Purpose of use

Collected information is used only for the following purposes.

Account authentication and management
Storing and providing WBS data and work logs
Managing subscription plans and processing billing
Improving the service and responding to incidents
Sending important notices (such as service changes or termination)

We do not use information for advertising or marketing purposes.

3. Provision to third parties

Except in the following cases, the Service does not provide your information to third parties.

When you have given your consent
When disclosure is required by law

Subcontractors (to the extent necessary to provide the service)

The Service uses the following external services.

Service	Purpose	Information provided
AWS Cognito	Authentication	Email address, password (hashed)
Stripe, Inc.	Payment processing	Email address, subscription information
Neon (database hosting)	Data storage	All data listed under "Information we collect" above

4. Data retention period

The retention period for work logs and WBS data depends on your plan.

Free plan: 6 months from the last update
Business plan: 36 months from the last update

If you delete your account, all personal information and data are promptly deleted. This does not apply to information we are legally required to retain (such as payment records).

5. Use of cookies

The Service uses cookies to manage authentication tokens. All cookies used have the HttpOnly attribute set, a security measure that prevents access from JavaScript.

We do not use advertising or tracking cookies.

6. API keys (personal access tokens)

Business plan users can issue API keys (PATs). An API key is shown only once at issuance. If lost, it must be reissued. All access using an API key is recorded in logs.

7. Security

To protect collected information from unauthorized access, loss, destruction, and tampering, the Service takes the following measures.

HTTPS encryption of communications
Management of authentication tokens in HttpOnly cookies
Secure password management via AWS Cognito (no plaintext storage)
CSRF protection for API requests

8. Your rights

You have the following rights.

Request disclosure of the personal information we hold
Request correction or deletion of personal information
Delete your account (available from the settings screen)

For inquiries regarding the above, please contact us using the contact below.

9. Changes to this Privacy Policy

This policy may be changed without notice in line with legal revisions or service changes. If there are significant changes, we will notify you within the service or by email. The revised policy takes effect upon posting on this page.

10. Contact

For inquiries regarding the handling of personal information, please contact the email address below.

support@layerclock.com

Established: March 31, 2026