Privacy Policy

Effective: April 2, 2026 | Last Updated: May 22, 2026

Fordart Limited GK ("we," "us," or "Miseai") operates the 「みせあい」 platform (miseai.co), an automated social media posting service for small businesses. This Privacy Policy describes how we collect, use, store, and protect information when you use our services.

1. Information We Collect

1.1 Account Information

• Business name and contact information (email address, phone number)
• Business category and location
• Login credentials (email and password, stored securely with bcrypt hashing)

1.2 Social Media Account Data

When you connect your Instagram Business or Creator account through Instagram Login, we receive:

• Instagram Business Account ID
• Instagram username and account type (Business or Creator)
• Instagram access token (long-lived, automatically refreshed)

We use these credentials solely to publish content to your Instagram account on your behalf. We do not require a Facebook account or Facebook Page. We do not access your private messages, follower lists, or any data beyond what is necessary for content publishing.

1.3 Content and Images

• Photos and images you upload for use in automated posts
• Business profile information used to generate AI-powered captions
• Posting preferences, schedules, and content categories

1.4 Automatically Collected Data

• Post publishing logs (timestamps, success/failure status, media IDs)
• Service usage data for system monitoring and improvement

2. How We Use Your Information

Purpose	Data Used
Publish scheduled posts to your Instagram account	Social media tokens, images, AI-generated captions
Generate AI-powered captions tailored to your business	Business profile, category, content preferences
Provide posting history and analytics	Post logs, timestamps, media IDs
Maintain and refresh API access tokens	Instagram access tokens (automatically refreshed)
Send service notifications (post failures, system alerts)	Email address

3. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with the following third-party services, solely for the purpose of delivering our service:

Service	Purpose	Data Shared
Meta (Instagram Graph API)	Publishing posts to your Instagram	Images, captions, access tokens
Anthropic (Claude API)	AI caption generation	Business profile context (no personal data)
Templated.io	Feed image generation	Text overlays, background images

4. Data Storage and Security

• All data is stored on secured servers with restricted SSH access
• Passwords are hashed using bcrypt (never stored in plaintext)
• API tokens are stored in encrypted environment variables
• Authentication uses JWT tokens with HttpOnly secure cookies
• Three-tier backup system (post-publish, daily, weekly) with off-site redundancy
• All web traffic encrypted via HTTPS (Cloudflare SSL)

5. Data Retention

• Active accounts: Data retained for subscription duration
• Post logs: Retained for 12 months
• Cancelled accounts: Deleted within 30 days
• Instagram tokens: Auto-refreshed during subscription; revoked upon cancellation

6. Your Rights

• Access your data through the customer dashboard (my.miseai.co)
• Correct inaccurate information via account settings
• Delete your account by contacting us (see Data Deletion Requests below)
• Disconnect Instagram at any time through your settings
• Export posting history by request

Data Deletion Requests

To disconnect Instagram and delete the data we hold:

1. Email [email protected] with "Data Deletion Request" in the subject line
2. Include your Instagram username (@xxx) and account holder name
3. After identity verification, we will delete the following within 7 business days:
   • Instagram Business Account ID (ig_user_id)
   • Instagram access token
   • Past posting logs and caption history
4. You can also revoke the connection directly via Instagram: Settings → Apps and Websites → miseai-direct-IG → Remove

7. Instagram Data

Our use complies with Meta Platform Terms and Developer Policies.

• We only request permissions necessary for content publishing (instagram_business_basic, instagram_business_content_publish)
• We do not require or access any Facebook account data
• We do not use data for advertising or profiling
• You may revoke access at any time via Instagram Settings → Apps and Websites

8. Cookies

We use essential cookies only (HttpOnly authentication cookie). No tracking, analytics, or advertising cookies.

9. Children's Privacy

Miseai is a B2B service. We do not knowingly collect information from individuals under 18.

10. International Data

Miseai is operated from Japan. Data may be transferred to and processed in Japan.

11. Changes to This Policy

We may update this policy from time to time. Changes will be posted with an updated date.

12. Contact Us

• Email: [email protected]
• Company: Fordart Limited GK
• Address: Atami, Shizuoka, Japan