Information Security Policy
Last updated: June 20, 2026
AI Hikari, Inc. (the "Company") treats the secure management of information entrusted to us by customers and business partners as a key management priority, and places great importance on information security and the protection of personal information. We comply with relevant laws and guidelines, and have established the following Information Security Policy.
1. Basic Policy
Our basic policy is to appropriately protect the information assets entrusted to us by customers and business partners. - We comply with relevant laws regarding information security and the protection of personal information - We handle entrusted information appropriately, within the scope of its purpose of use - We implement organizational and technical security measures and continuously improve them
2. Data Storage Location
We store and process customer data within Japan. - All data is stored and processed on cloud infrastructure (AWS Tokyo Region) - Data is managed in data centers located within Japan, and is not transferred outside the country
3. Access Control and Least Privilege
We apply role-based access control and the principle of least privilege to prevent unnecessary access to information. - Users and employees are granted only the permissions necessary for their work - Data is segregated by tenant at the database level, so access is limited to authorized data only - Data cannot be accessed without authentication
4. Data Classification and Encryption
We classify the information we handle according to its sensitivity and manage sensitive information appropriately. - We classify and manage the handling of sensitive information - Communication channels are encrypted using TLS - Stored data is also encrypted
5. Network Security
We implement measures to prevent unauthorized access in our cloud environment. - We restrict unnecessary communication through cloud infrastructure network configuration - We implement measures against unauthorized access from external sources
6. Vulnerability and Threat Management
We continuously address system vulnerabilities and threats. - We continuously respond to known vulnerabilities - We apply authentication and authorization in multiple layers to prevent unauthorized operations
7. Incident Response
We maintain a response framework in preparation for information security incidents. - If we detect leakage, loss, or damage of information, we promptly confirm the facts - It is our policy to promptly notify affected customers and business partners - We maintain a framework to receive communications through our contact point
8. Data Subject Rights and Data Deletion
We respect users' rights regarding their personal data. - Upon a user's request, we respond to requests for disclosure, correction, deletion, and provision of personal data - Upon termination of a contract, we delete entrusted data, except for information that is required to be retained by law
9. Continuous Improvement and Employee Training
We continue our efforts to maintain and improve our level of information security. - We regularly review this policy and related handling practices - We provide employees with training on information security and the protection of personal information
10. Contact
For inquiries regarding information security and the handling of data, please contact: AI Hikari, Inc. Email: info@ai-hikari.com