Privacy Policy

Last Updated: April 10, 2026

This is an English translation provided for convenience. In the event of any conflict between this translation and the Japanese version, the Japanese version shall prevail.

About the Operator

Yomu (the "App") is provided by Jumpei Takiyasu (the "Operator"). This policy governs the handling of personal information in the App and related web pages (the "Service").

• Operator: Jumpei Takiyasu
• Contact: https://yomu.juntaki.com/en/support

Section 1 – Information We Collect

The Service handles the following information to provide its features. Information stored on-device (imported PDFs, OCR/index data, reading position, settings, chat history) is principally stored on the user's device. However, information may be sent to our servers to the extent necessary for AI questions, billing verification, security checks, and similar purposes.

• Information sent during anonymous use: A random installation ID generated on-device, timezone, App Attest certificate data, and information required for quota management
• Information sent during billing: Product ID, Transaction ID, Original Transaction ID, subscription expiration date, and other subscription verification data
• Information sent during AI questions: Recent messages (up to 10), current spread page text context, timezone
• Information handled for security purposes: IP address (to prevent excessive session issuance), App Attest attestation and verification data
• Access logs: Access date/time, request destination, response result, source IP address, and related information (may be recorded and retained by the Operator or contracted infrastructure providers for incident response, fraud prevention, and security maintenance)

Section 2 – Purpose of Use

Collected information is used solely within the following purposes. The Operator will not use personal information beyond these purposes.

• Providing features such as PDF reading, full-text search, and AI chat
• Determining free-quota and Pro entitlements, and reflecting billing status
• Fraud prevention, incident response, and security maintenance
• Responding to inquiries and sending important notices
• Improving and enhancing the Service (including creating statistical information in non-personally identifiable form)

Section 3 – AI Processing

• When using the AI question feature, recent messages and current page content are sent to a third-party AI service provider (OpenRouter and the model providers it routes to).
• Data transmitted is limited to the purpose of answering the user's question.
• The Operator does not use user data for training AI models. Handling of data by external AI service providers follows each provider's policies and settings.
• After AI processing, transmitted data is deleted within a reasonable period.

Section 4 – Use of Third-Party Services

The Service uses the following third-party services as sub-processors to provide its features. How each handles information follows their respective privacy policies.

• Apple Inc.: In-App Purchase (StoreKit), App Attest, speech recognition / Privacy Policy: https://www.apple.com/legal/privacy/
• Cloudflare, Inc.: API, database, hosting infrastructure / Privacy Policy: https://www.cloudflare.com/privacypolicy/
• OpenRouter, Inc.: AI response generation / Privacy Policy: https://openrouter.ai/privacy

Section 5 – Disclosure to Third Parties

The Operator will not provide users' personal information to third parties except in the following cases. Transmission of information to sub-processors listed in Section 4 constitutes "entrustment" and does not constitute third-party disclosure.

• With the user's consent
• As required by law
• When necessary to protect a person's life, body, or property, and obtaining consent is difficult
• When cooperation is required for a government agency, local government, or their agent to execute duties prescribed by law

Section 6 – Cross-Border Transfers

In using this Service, personal information may be processed outside Japan. The Operator reviews sub-processors' security measures and contractual terms before use.

• United States: Processing on servers of sub-processors such as Apple, Cloudflare, and OpenRouter
• Other countries: Processing on globally operated infrastructure of sub-processors (specific countries may vary based on infrastructure configuration)

Section 7 – Cookies & Tracking Technologies

The App does not use cookies, IDFA (advertising identifier), or other tracking technologies for ad delivery or measurement.

Our website uses Google Analytics to understand access trends. This service may collect access information using cookies. Information collected is managed under Google's Privacy Policy and is not used by the Operator to identify individuals. Users can disable cookies through their browser settings.

Section 8 – Minors

Users under 18 years of age must obtain parental consent before purchasing a paid plan. If the Operator discovers it has unintentionally collected personal information from a minor, it will delete that information promptly.

Section 9 – Security Measures

The Operator implements the following security measures to prevent leakage, loss, or damage of personal information.

• Organizational measures: Establishing rules for handling personal information; reviewing handling status
• Technical measures: TLS encryption for communications; storing authentication tokens in device Keychain; tamper prevention via signature verification
• Physical measures: Relying on the physical security of contracted cloud service providers

Section 10 – Retention, Deletion & User Rights

[Retention Period] On-device data (PDFs, reading position, chat history, etc.) is retained until deleted by the user or the app is uninstalled; subscription/billing verification data and fraud prevention logs (IP addresses, etc.) for the period required by law or necessary to achieve the purpose.

[Data Deletion] Uninstalling the app deletes on-device data. Information subject to legal retention obligations (billing records, etc.) will be deleted after the mandatory period expires.

[User Rights] To the extent that the Operator holds personal information subject to disclosure obligations under applicable law, users may request notification of purpose of use, disclosure, correction/addition/deletion, suspension or erasure of use, and suspension of third-party provision, pursuant to the Act on the Protection of Personal Information. The Operator will respond in accordance with the law after verifying the requester's identity. For the request procedure, please contact the inquiry desk at the bottom of this policy.

Section 11 – Policy Updates

• The Operator may update this policy in response to legal changes or feature updates.
• For material changes, users will be notified at least 30 days before the effective date via in-app notification or posting on this page.
• For minor changes, posting on this page may serve as the notification.

Section 12 – Contact

For inquiries regarding this policy, or to request disclosure, correction, or deletion of personal information, please contact us at:

• Operator: Jumpei Takiyasu
• Support page: https://yomu.juntaki.com/en/support