Privacy Policy

Last Updated: September 10, 2025

Akiko Kiguchi (operating as Nihon Nexus, the “Company”) respects your privacy and is fully committed to safeguarding your personal data. This policy explains how we collect, use, share, and protect your Personal Information when you interact with The Permission Path™ (“Service”), and how we comply with California privacy laws, including CCPA, CPRA, CalOPPA, Shine the Light, and the latest CPPA regulatory requirements.

1. Key Definitions

- Personal Information: Any data that identifies or can reasonably identify an individual.

- Sensitive Personal Information: Includes precise geolocation, health info, race, religion, genetics, sexual orientation, neural data, or private communications.

- Service Providers: External entities (e.g., hosting, analytics) bound by confidentiality and data protection agreements.

- Automated Decision-Making Technology (ADMT): Systems using personal information to significantly replicate or replace human decision-making.

2. Information We Collect

- Directly provided: Email, support messages, journal entries (which may include sensitive data if voluntarily provided).

- Automatically collected: IP, device/browser data, usage metrics, cookies.

- We do not intentionally collect other Sensitive Personal Information unless voluntarily provided by you.

3. How We Use Personal Information

We use your data to:

- Deliver, maintain, and improve the Service.

- Manage your account and access.

- Respond to support inquiries.

- Send policy updates, security alerts, and administrative messages.

- Analyze usage patterns to improve functionality.

- Maintain security, detect fraud, and comply with legal obligations.

- Notably, we do not utilize ADMT to make “significant decisions” involving you—as defined under CPRA regulations.

4. Sharing & Disclosure

- We never sell Personal Information.

- We may share data with:

- Service Providers under strict confidentiality.

- Legal authorities if required by law or to assert legal rights.

- Acquirers in merger or sale scenarios, with prior notice and contractual protection.

- We do not use ADMT, but if needed in future, we commit to providing required notices, opt-outs, and human review rights per ADMT regulations. 

5. California Consumer Rights (CCPA/CPRA)

California residents have the right to:

- Learn what categories of their Personal Information are collected, used, shared, or sold.

- Access or request deletion of their Personal Information, subject to permissible exceptions.

- Opt-out of sale or sharing (if it occurs).

- Limit the use of Sensitive Personal Information.

- Correct inaccuracies.

- Receive disclosure of third parties with whom data was shared for marketing (“Shine the Light” request).

- Not face discrimination for exercising their privacy rights.

- Opt-out via Global Privacy Control (GPC)—a universal privacy signal now recognized under California law. 

Submit requests via email to [email protected].  We’ll verify identity reasonably and respond within 45 days, with an optional 45-day extension if needed.

6. Data Retention & Security

We retain personal data only as long as needed for business or legal purposes. Once data is no longer necessary or upon user request, it is securely deleted or anonymized.

We employ industry-standard security protocols—encryption, access controls—and continuously review them to protect against unauthorized access.

7. Your Role

You’re responsible for:

- Keeping your account credentials secure.

- Maintaining accurate contact information.

- Consulting subject-matter professionals (e.g. medical or legal) before acting on general advice from the Service.

8. Minors

The Service is not directed at minors under age 16. If we learn we’ve collected data from someone under 16, we will delete it promptly in compliance with applicable laws.

9. Upcoming Compliance Mandates

While not currently required, we are proactively preparing for CPPA mandates effective in coming years, including:

- Cybersecurity audits (phased from 2027 to 2030 based on scale). 

- Risk assessments for high-risk processing, sensitive data, ADMT use or context. Reporting due as early as April 2028. 

- ADMT-regulated disclosures, opt-outs, and appeal rights before January 2027 if such systems are used. 

10. Privacy Policy Updates

We may update this policy to align with evolving legal standards. Changes take effect upon posting with updated “Last Updated” date. For significant revisions, we will notify you by email or in-Service alerts as required by law.

11. Contact Us

For privacy questions or requests:

Email: [email protected]

Links: Policy link includes “Do Not Sell or Share My Personal Information” and “Limit Use of My Sensitive Personal Information” as required.