1. Introduction
TERRASIGNAL K.K. (hereinafter "the Company") establishes the following privacy policy ("this Policy") regarding the handling of personal information and operational data of users in the mobile applications and web services provided by the Company (collectively, "the Service"). The Service consists of TerraSignal Run, for battery energy management and electricity market operation optimization, and TerraSignal Plan, for site sourcing, development, and project management, and is available only to corporations and sole proprietors who have entered into a tenant-level usage agreement.
2. Information Collected
The Service collects the following information:
- Email address (for login, authentication, and identity verification)
- User ID (auto-generated; for account management)
- Role and permission information (system-assigned; for access control)
- Account creation timestamp (auto-recorded; for audit logging)
- Team member information (set by tenant admins; for in-organization access management)
- Device trust tokens (for MFA device trust management; generated at device authentication)
- Operational data (battery telemetry such as SoC and output, optimization results, market participation logs, bid/award/imbalance records; TerraSignal Run)
- IP address and user agent (recorded when a material consent or acknowledgment, such as acceptance of the Terms of Service, is given)
- Project and site data (project name, location, latitude/longitude, site-boundary and development-plan geospatial/drawing data, layout design information, etc.; for site evaluation and development planning in TerraSignal Plan)
3. Device Features and Permissions
The Service (mobile app) uses email/password login and two-factor authentication (TOTP) via an authenticator app. With your permission, we send push notifications for incidents, alerts, and other important updates, and collect a push notification token to identify the delivery destination (delivery is provided via the push notification service of Expo, a U.S. company). We do not request permissions for camera, location (GPS), biometric authentication, contacts, microphone, or similar.
4. Storage of Information
Information collected is stored with appropriate access controls and encryption. Data stored in the cloud is hosted in data centers located within Japan.
- On device (OS-standard encrypted storage): device trust tokens
- On device (encrypted application-private storage): authentication session information (JWT)
- Cloud (located within Japan; data and transport encrypted): account information, operational data, optimization results, market participation logs
5. Purpose of Use
Information collected is used solely for the following purposes:
- Login and authentication for the Service
- Tenant-level access control
- Multi-factor authentication (MFA)
- Display, management, optimization, and bid plan generation for operational data
- Security auditing, and recording of material consents and acknowledgments
6. Provision to Third Parties
The Company does not provide collected personal information or operational data to third parties except: (i) with the user's consent, (ii) where required by law (court or administrative orders, etc.), or (iii) where necessary to protect life, body, or property. The Service's public web pages (marketing site, etc.) use Google Analytics 4 to analyze usage, and to that extent collected information is provided to Google. See the next article for details. The Service does not use any crash report services or ad SDKs.
7. External Services
The Service uses the following external services:
- Supabase (Supabase, Inc., U.S.): authentication and database. The Company has a Data Processing Agreement (DPA) with Supabase and has implemented appropriate protective measures. Privacy Policy: https://supabase.com/privacy
- Amazon Web Services, Inc. (AWS): application servers (ECS/Fargate), machine learning infrastructure (SageMaker, Lambda), and data storage (S3). Data is stored within Japan (Tokyo region). Privacy Policy: https://aws.amazon.com/privacy/
- Google Analytics 4 (Google LLC, U.S.): usage analytics for the Service's public web pages (marketing site, etc.). Information collected includes behavioral data such as pageviews and clicks, region inferred from IP address, and browser/device information; it does not include personally identifying information such as name or email address. Collected information is sent to Google's servers (including in the U.S.) and used solely to understand and improve usage of the Service. Measurement can be disabled via your browser's cookie settings or Google's opt-out tools. Privacy Policy: https://policies.google.com/privacy
8. Retention Periods
Retention periods for each category of data are as follows:
- Account information: 1 year after contract termination
- Authentication session information (JWT): until session expiry or manual logout
- Device trust tokens: 30 days from registration or until removed from device
- Operational data (telemetry, optimization results, market participation logs): as set forth in the agreement (typically 7 years, in consideration of retention requirements under electricity-business-related laws)
9. Disclosure, Correction, and Deletion
Users may request disclosure, correction, deletion, or cessation of use of their retained personal data held by the Company. Requests should be sent by email to the contact below. We will respond in accordance with applicable law after verifying identity.
10. Security
The Company implements the following safeguards to prevent leakage, loss, or damage of collected personal information and operational data:
- TLS/HTTPS encryption for communications
- Database-level access control (row-level security)
- Multi-factor authentication (MFA / TOTP)
- Device management via device trust tokens
- Access log recording and monitoring
11. Changes to this Policy
The Company may amend this Policy due to legal changes or other circumstances. For material changes, we will notify users within the Service or notify the contracting corporation directly.
12. Contact
For inquiries regarding this Policy, please contact:
TERRASIGNAL K.K. Personal Information Protection Desk
2F-C Shibuya Dogenzaka Tokyu Bldg, 1-10-8 Dogenzaka, Shibuya-ku, Tokyo 150-0043, Japan
Email: privacy@terrasignal.co