Risk Checker
Sign in
PRIVACY POLICY

Privacy Policy

Last updated: 2026-05-22 / Beta · Provisional

AI Risk Scanner (the "Service") is committed to transparent handling of personal information and content. This policy clarifies what data is retained, why, and how.

1. Data the Service retains

  • Account information: Email address, display name, and avatar URL obtained from Google OAuth.
  • Analysis history: Job ID, number of detected faces, candidate count, risk scores, and execution timestamps. (Does not include the binary content of uploaded videos or images. File names are also not stored.)

2. Purpose of use

We use the information only for the purposes below. We never use it for marketing without your consent, and never sell or transfer it to third parties.

  • Providing the Service and running analysis
  • Account authentication and abuse prevention (including usage limits)
  • Maintaining and improving service quality (aggregate data only; never in a personally identifiable form)
  • Important notifications about changes or incidents (sent to your registered email)

3. About Google OAuth sign-in

The Service uses Google OAuth (OpenID Connect) for sign-in. At sign-in, Google shares the following with the Service:

  • Email address (for account identification)
  • Display name / full name (for UI presentation)
  • Avatar URL (for UI presentation)

The Service never accesses your Google account password, contacts, calendar, drive, or any other information.Authentication is handled according to Google's security standards (including 2-factor authentication where enabled), and the session is managed by the authentication provider (Supabase) via an encrypted cookie.

By linking your Google account, Google may retain sign-in records on its side under its own policy. See the Google Privacy Policy for details.

4. Handling of videos and images

On our servers (Supabase Storage / Vercel Function), uploaded videos and images are retained only temporarily during analysis and, regardless of success or failure, are deleted from our servers immediately after processing. Detailed analysis output (similar candidates, face crops, AI commentary, etc.) is also never stored on our servers and is returned only to your browser upon completion.

5. Important notes on third-party AI services

The Service uses the following third-party AI services for analysis. Under those providers' policies, data may be retained for a period:

  • Google Gemini File API: Used for feature extraction from videos and images. Under Google's terms, uploaded files are retained for up to 48 hours.
  • Anthropic Claude API: Used for risk evaluation. Videos and images are not sent; only text summaries are processed.
  • SerpAPI: Used to fetch candidate image URLs. Videos and images are not sent.

* Please review each provider's privacy policy via their respective links. The Service cannot be held responsible for how third-party providers handle your data.

6. Use of cookies

The Service uses only the minimum cookies required to maintain your authentication session.

  • Authentication cookie (encrypted JWT session cookie issued by Supabase Auth). Used to keep you signed in.
  • We do not use tracking cookies for advertising, third-party ad-network tags, or retargeting pixels.
  • You can disable cookies in your browser, but you will not be able to sign in.

7. Access logs and error logs

For stable operation and troubleshooting we collect the following logs. They are never used to identify individuals.

  • Access logs (IP address, User-Agent, request URL, timestamp) — collected by Vercel by default
  • Error logs (stack traces of failures) — collected by Vercel by default
  • Analysis execution logs (metadata of Gemini / Claude / SerpAPI calls) — for debugging; does not include uploaded content

These logs are automatically deleted after a certain period in accordance with Vercel's policy.

8. Communication encryption

All communication is encrypted via HTTPS / TLS. Supabase Storage encrypts data at rest with AES-256.

9. Third-party disclosure

We never disclose personal information obtained from users to third parties without the user's consent.However, the third-party AI and infrastructure services we use to operate the Service (Supabase / Vercel / Google / Anthropic / SerpAPI) may process data within the scope necessary for their respective purposes.

10. Data deletion and disclosure requests

If you would like to request deletion or disclosure of your account and analysis history, please contact us via the operator below. We will respond within a reasonable timeframe after identity verification.

11. Use by minors

The Service is generally intended for users aged 13 and above. Users under 13 should read this policy with the consent of a guardian.

12. Notes regarding the beta

The Service is currently in beta, and this policy may be updated without prior notice. The Service provides AI-based reference information; final decisions on publication or commercial use must be made under the supervision of legal counsel or other qualified professionals.

13. Operator and contact

Service operator: LightKing Tokyo (https://lightking-tokyo.lovable.app/home)

Please direct inquiries about this Privacy Policy or the handling of personal information to the contact information listed on the operator's website above.