Privacy Policy

Last updated:

YURIKA, K.K. ("we," "us," or "our") describes how we handle user information in "Simple Memo - Captio-style" (also known as "Simple Memo - Captio-style," hereinafter the "Service").

1. Information We Collect

We may collect the following information:

(A) Information you provide

  • Recipient email address ("To")
  • Subject and signature settings
  • Memo content (to the extent necessary to send the email)

(B) Device and usage information

  • Basic device/OS information
  • Operational logs (send timestamps, status)
  • Technical data for abuse prevention and rate limiting (IP address, request metadata)

2. How We Use Information

We use collected information for the following purposes:

  • Providing email sending features (send, outbox/pending management, resend, history)
  • Operating, maintaining, and improving the Service
  • Preventing abuse and ensuring security (cooldowns, server-side rate limits, etc.)
  • Responding to support inquiries
  • Complying with legal obligations

3. Plan Differences

Data handling is generally the same for Free and Premium plans. Premium is primarily offered to remove the Free daily sending limit after Day 8. Safety and infrastructure limits (e.g., cooldowns and server-side caps) may still apply to both plans.

4. Handling of Memo Content (Important)

  • Memo content is sent as an email based on your action.
  • For delivery, memo content and recipient details may pass through our sending infrastructure (including third-party providers).
  • We do not intend to store or view memo content on an ongoing basis except where necessary for legitimate purposes such as legal compliance, abuse prevention, or troubleshooting.

5. Email Reminder Feature (Optional)

To help you build a memo-writing habit, we offer an optional reminder email feature for users who explicitly opt in.

(A) Consent

  • This feature is disabled by default. We send reminder emails only after you explicitly enable it on the verification screen or in Settings.
  • You can disable it at any time from Settings (one tap), or from the unsubscribe link in any reminder email.

(B) Information We Store

  • A hash (SHA-256) of your email address — stored on our servers (Cloudflare D1).
  • Your consent state (enabled/disabled), last memo send timestamp, and total send count.
  • Reminder send history (timestamps for sent/delivered/opened/clicked/bounced events).
  • The raw email address itself is NOT stored on our servers. It lives only in the contact API of our email delivery provider (Resend).

(C) Sending Frequency

  • Reminders are sent at most once per stall window: 24 hours, 72 hours, and 7 days after your last memo send.
  • Per-user cap: max 2 reminders per 7 days. Service-wide cap: max 80 reminders per day.

(D) Automatic Opt-out

  • If a reminder email bounces or generates a complaint, we immediately stop sending to that address and disable the consent flag.

(E) Service Provider

Reminder email delivery and contact management are handled by Resend, Inc. (USA) under appropriate Data Processing Agreement and compliance with international email regulations (CAN-SPAM, GDPR, the Japanese Act on Regulation of Transmission of Specified Electronic Mail, etc.).

6. Sharing With Third Parties

We do not share personal information with third parties except in the following cases:

  • With your consent
  • As required by law
  • To protect vital interests (life, property, etc.)
  • To service providers to the extent necessary (see Section 7)

7. Service Providers

We may use third-party vendors for email delivery, operations, maintenance, and analytics. In such cases, we appropriately supervise these providers.

8. Security

We take reasonable measures to protect information against leaks, loss, and damage.

9. Retention

We aim not to retain information longer than necessary for the stated purposes. Some logs may be retained for limited periods for security and operational purposes.

10. Updates

We may update this Policy as needed. The updated version will be posted on the Service or our website.

11. Contact

support@simplememofast.com

12. Technical notes on encryption (for reference)

To protect user privacy, the Service implements the following technical measures. These are oriented toward "data minimization" and "on-device protection" rather than promising blanket security.

  • On-device storage: The offline pending-send queue (Outbox) and send history are encrypted on-device with AES-GCM-256 via Apple's native CryptoKit, and stored with file protection class completeFileProtectionUntilFirstUserAuthentication.
  • Key management: A 256-bit symmetric key is stored in Apple Keychain Services (kSecClassGenericPassword). It is excluded from backups and cannot be exported.
  • Transport: All API calls use TLS (HTTPS) over URLSessionConfiguration.ephemeral — no cookies, no caches.
  • Email body handling: Memo bodies transit through our Relay API (Cloudflare Workers) and the external delivery infrastructure (Resend) for the sole purpose of sending email. We do not persistently store them on our infrastructure, and they are not written to logs (except in DEBUG builds during local development).
  • Email address storage on the server: Only if you opt into reminder emails, we store a SHA-256 hash of your email address in Cloudflare D1. The raw address lives only in Resend's Contact API.
  • Dependencies on the data path: Memo body encryption (CryptoKit), key storage (Keychain Services), and network transport (URLSession / Network.framework) are all Apple-native — no third-party SDK sits in the data path.
  • SDKs used for optional features: As of v2.4, an optional onboarding-shortcut feature can pull your email from your Google account; this uses the GoogleSignIn-iOS SDK and the Firebase Authentication SDK. The Firebase App Check SDK is initialized at launch to harden our backend API against abuse (uses Apple App Attest). Anonymous funnel analytics (no PII) are sent in-house to our /v1/analytics/event endpoint with no external analytics SDK.

Note: The Service is not End-to-End Encrypted (E2EE). Memo bodies are delivered through standard SMTP so you (the recipient) can read them in your normal mail client. For workloads requiring true E2EE, consider purpose-built services such as Standard Notes, Signal, or ProtonMail.