Privacy Policy
Last updated: March 20, 2026
Yositech (“we”, “us”, or “our”) operates RPAlert (“Service”). This Privacy Policy explains how we collect, use, and protect your information.
1. Information We Collect
a) Account Information
When you sign in via GitHub OAuth, we receive:
- GitHub username and email address
- GitHub profile avatar URL
b) SDK Data Collection (via RPAlert SDK)
The RPAlert SDK collects:
- Core Web Vitals: LCP, FID, CLS, TTFB, INP
- Page pathname
- Timestamp
- App identifier (API key, not linked to end-user identity)
The RPAlert SDK does NOT collect:
- End-user IP addresses or personal identifiers
- Cookie values or session tokens
- User-agent strings or device fingerprints
Non-identifying metrics: Performance metrics are collected as aggregate, non-identifying data and are not used to identify individual end users. While timestamps and page paths are recorded, they are not linked to any personal identity.
Customer responsibility: It is the responsibility of customers (RPAlert subscribers) to ensure that monitored URLs do not contain personal information (e.g., user IDs in query strings).
c) Analytics Data (Google Analytics 4, with consent only)
When you consent to analytics cookies, Google Analytics 4 collects:
- Pages visited and navigation interactions
- Approximate geographic location (country/region level)
- Device and browser type
- Referring source and session duration
- Anonymous cookie identifiers (_ga, _gid)
IP anonymization: Google Analytics 4 anonymizes IP addresses by default. Full IP addresses are never logged or stored. Analytics data is only collected after you grant consent via the cookie banner.
d) Billing Information
Payment is processed by Stripe. We do not store your credit card number. We retain Stripe customer ID and subscription status.
e) Usage Data
- Pages visited within the dashboard
- Feature interactions (for product improvement)
- Error logs
2. How We Use Your Information
- To provide, operate, and improve the Service
- To send performance alert notifications (Discord, email)
- To process billing and send receipts
- To respond to support inquiries
- To comply with legal obligations
We do not sell your data. We do not use your data for advertising.
3. Data Retention
| Data type | Retention period |
|---|---|
| Performance metrics (Free plan) | 7 days |
| Performance metrics (Pro plan) | 30 days |
| Performance metrics (Max plan) | 90 days |
| Account data | Until account deletion |
| Billing records | 7 years (tax law requirement) |
4. Data Sharing
We share data only with the following sub-processors:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | USA |
| Stripe | Payment processing | USA |
| Upstash | Rate limiting, transient cache | USA |
| Vercel | Hosting and edge functions | USA / Global |
| Discord | Alert delivery to your webhook | USA |
| Google LLC | Analytics (GA4, consent-only) | USA / Global |
Each sub-processor is bound by data processing agreements. No personal data is stored by Upstash or transmitted to Discord (only performance metrics).
5. Your Rights (GDPR / APPI)
Depending on your location, you may have the right to:
- Access — Request a copy of your personal data
- Portability — Download your data in a machine-readable format
- Rectification — Correct inaccurate data
- Erasure — Request deletion of your account and all associated data
- Objection — Object to processing of your data
To exercise these rights, please use our contact form. We will respond within 30 days.
Data deletion and export requests can also be initiated from: Settings → Account → Privacy
6. Cookies
We use:
- Essential cookies — Supabase session cookie (required for login). Cannot be disabled.
- Analytics cookies (Google Analytics 4) — Enabled only after you click “Accept” in the cookie consent banner. These cookies collect anonymized usage data to help us understand how the Service is used and improve it. You may decline at any time; declining does not affect Service functionality.
Your consent preference is stored in localStorage under the key rpalert_consent. You can clear this at any time by clearing your browser's local storage.
7. Security
We implement industry-standard security measures including:
- HTTPS-only communication
- Encrypted API keys at rest (AES-256-GCM)
- Role-based access control via Supabase Row Level Security
8. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children.
9. International Transfers
Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.
10. Changes to This Policy
We may update this Privacy Policy. We will notify you by email or prominent notice at least 14 days before material changes take effect.
11. Contact
Yositech
Representative: Yoshitaka Nose
3F Shinjuku Dai-7 Hayama Bldg, 1-36-2 Shinjuku, Shinjuku-ku, Tokyo 160-0022, Japan
Phone: +81-50-1794-9861
Privacy inquiries: Contact Form