Last updated: May 11, 2026 (account deletion clause added)
1. Introduction
GuideBloom ("we," "us," or "our") provides a language learning and tour guide service through our web apps (traveler / admin), LINE, WhatsApp, and related channels. This Privacy Policy explains how we collect, use, and protect your personal information.
2. Operator
Operator: GuideBloom (in the process of incorporation)
Authentication data: an Anonymous Auth uid. If you optionally choose "Sign in with Google" or "Email / Password sign-up", we also receive the Google account's display name, email address, and profile picture URL, or the email address you entered plus a hashed password, respectively, via Firebase Authentication (linked to the anonymous uid; the UID itself is preserved).
Location data: via the browser geolocation API (only when you grant permission).
Audio & images: recordings and photos you upload (evidence).
AI analysis results: transcriptions, scores, and comments generated by AI from the above audio / images.
Messaging data: messages exchanged via LINE / WhatsApp, timestamps, platform user IDs.
Usage history: spot views, "Tried it!" records, feedback ratings, and similar interaction logs.
Contact information: phone number / email address you voluntarily provide.
4. How We Use Your Information
To provide, operate, and maintain the service.
To run AI analysis on audio / photos and present results (e.g., pronunciation feedback, photo cultural insights).
To improve the service and its quality (anonymous aggregate analytics).
To respond to inquiries.
To notify users of new features and announcements.
To use anonymous aggregate data for marketing materials.
5. Third-Party Services (Processors)
We use the following third parties as processors and share personal information with them only to the extent necessary.
Google Cloud / Firebase (US): data storage (Firestore), file storage (Cloud Storage), authentication (Anonymous Auth + Google Sign-In), hosting, Cloud Functions
Vertex AI Gemini (Google, US): AI analysis of audio / images, text generation
LINE Messaging API (LY Corporation): messaging via LINE
WhatsApp Business API (Meta, US): messaging via WhatsApp
Stripe (US): future payment processing (not currently used)
Each service has its own privacy policy that governs data handling.
6. International Data Transfer
Through the processors listed in Section 5 (Google, Meta, etc.), we may transfer your personal information outside Japan, including to the United States. As required by Article 28 of the amended Japanese Act on the Protection of Personal Information (effective April 2022), we disclose the following.
(1) Destination country: Primarily the United States.
(2) Data protection regime in that country: The United States does not have a comprehensive personal information protection statute equivalent to the EU GDPR or Japan's APPI. Instead, protection is provided by Section 5 of the FTC Act, state laws (e.g., California's CCPA / CPRA), and sector-specific laws (HIPAA, GLBA, etc.). Both Google and Meta declare GDPR compliance and rely on the EU Standard Contractual Clauses (SCCs) for cross-border transfers. For details, see:
Data at rest encrypted using Google Cloud's standard encryption
Per-uid access control enforced via Firestore / Storage Security Rules
Only the minimum necessary data is transferred (with anonymization where possible before transfer)
7. Data Retention
Audio / photo evidence: 1 year after AI analysis completes (for re-analysis and history)
AI analysis results: while your account exists
Message history: 2 years from last activity
We promptly delete data upon a deletion request.
8. Security
Communication is encrypted via HTTPS
Stored data uses Google Cloud Platform standard at-rest encryption
Firestore / Storage Security Rules enforce per-uid access control
Only the minimum necessary staff have data access
9. Your Rights
You have the right to:
Request disclosure of personal information held about you
Request correction, addition, or deletion of inaccurate data
Request suspension of use or erasure
Request that we stop sharing data with third parties
Withdraw consent (including by uninstalling the app / blocking the account)
Please use the contact details at the bottom of this page to exercise these rights.
Account deletion: full data erasure
Signed-in users can delete their account at any time from Profile > Delete account inside the app. When you delete your account, the following are permanently erased (no recovery possible):
Your Firebase Authentication account (display name, email, credentials)
Activity posts you published on the Service (photos, comments, voice markers, AI feedback summaries)
Photos uploaded with Activity posts (Firebase Storage)
Voice / photo evidence and the linked AI analysis results (users/{uid}/evidence)
All other sub-collections stored under your anonymous uid
After deletion the app continues to work in anonymous mode, but past records cannot be recovered.
10. Cookies and localStorage
We use cookies and localStorage for the following purposes.
Maintaining sign-in state (Firebase Auth)
Remembering UI preferences (e.g., language toggle)
Service usage history (e.g., gb_onboarded, gb_tried)
You may disable cookies / localStorage in your browser, but some features may stop working.
11. Children's Privacy
Our service is intended for users aged 13 and above. Users under 13 must use the service with a parent or guardian's consent.
12. Information You Publicly Share
Content you post via the Activity features (photo / comment posts on Spot pages, Tried it! logs, etc.) becomes publicly visible to all viewers on the Service, including anonymous users.
Publicly shared information includes: uploaded photos, comment text, AI-generated summaries, timestamps, and (if signed in) your display name and profile picture.
Posted content may also be indexed by search engines. Once shared publicly, even after deletion, third parties may have cached or screenshotted the content — complete removal cannot be guaranteed.
Signed-in users can delete their own posts; alternatively, removal can be requested via the operator. See Terms of Service Section 15 (UGC) for details.
13. Changes to This Policy
We may update this Privacy Policy in line with legal changes or service updates. Material changes will be announced on this page.