Privacy Policy

Last updated: 2026-05-09

This Privacy Policy describes how Taiyaki Studios K.K. ("Taiyaki", "we", "us") collects, uses, and shares Personal Data when you use the Taiyaki mobile application and the website at taiyakiapp.com (together, the "Service"). Please read it carefully.

Owner and Data Controller

Taiyaki Studios K.K.
2-19-5 Nishishimbashi, Minato, Tokyo, Japan
Owner contact email: support@taiyakiapp.com

Types of Data collected

Among the types of Personal Data that the Service collects, by itself or through third parties, there are:

• Account information — email address and, where you choose to sign in with Apple, the first and last name you provide to Apple at sign-in.
• Authentication credentials — password (stored in hashed form by Firebase Authentication) or your Apple-issued private relay identifier.
• Subscription state — purchase history, active entitlements, trial eligibility, and renewal status, processed via Apple's In-App Purchase system and RevenueCat.
• Push notification tokens — your device's Apple Push Notification service (APNs) token and a OneSignal-generated subscription identifier.
• Device identifiers — your device's IDFA (Identifier for Advertisers) only when you grant App Tracking Transparency permission, and the IDFV (Identifier for Vendor) which is scoped to Taiyaki Studios apps.
• Usage Data — playback history, listened/watched series and episodes, library and favorites, in-app navigation events, and search queries.
• Technical Data — device model, operating system version, app version, locale, time zone, and crash diagnostics.
• Server logs — IP address, user agent, and request timestamps captured by our content delivery network when streaming media.
• Support correspondence — the content of any messages you send to support@taiyakiapp.com or via the in-app support chat.

The Service does not collect or store face data, fingerprint data, or precise location data.

How we use your Personal Data

• To provide and operate the Service, including authenticating you and delivering audio and video content.
• To process subscriptions, free trials, and renewals through Apple In-App Purchase.
• To send transactional and marketing push notifications and emails (you can opt out of marketing messages at any time in app settings or via the unsubscribe link in emails).
• To measure how the Service is used so we can improve it.
• To detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service.
• To measure the effectiveness of advertising campaigns where you have given the necessary consents.
• To comply with legal obligations and enforce our rights.

Third-party services and SDKs

The Service uses the following third-party services. Each has its own privacy practices, linked below.

• Firebase (Google LLC) — authentication, database (Firestore), App Check (using Apple App Attest), and analytics. Firebase privacy.
• RevenueCat (RevenueCat, Inc.) — subscription management and entitlement state. RevenueCat privacy.
• OneSignal (OneSignal, Inc.) — push notifications and email delivery. OneSignal privacy.
• PostHog (PostHog, Inc.) — product analytics in the app and on the website. We disable IP collection and session recording. PostHog privacy.
• Meta (Facebook) SDK (Meta Platforms, Inc.) — Sign in with Facebook (where offered) and advertising attribution. Used only after you grant App Tracking Transparency permission. Meta privacy.
• Apple In-App Purchase + Sign in with Apple (Apple Inc.) — payment processing and authentication. Apple privacy.
• Bunny CDN (BunnyWay d.o.o.) — content delivery for audio and video streaming. Bunny privacy.
• Cloudflare (Cloudflare, Inc.) — hosting and protection of taiyakiapp.com. Cloudflare privacy.

Cookies and similar technologies

The Taiyaki mobile application does not use cookies. The taiyakiapp.com website uses the PostHog analytics SDK in memory persistence mode, which does not write cookies or local storage. We do not place any advertising cookies on the website at this time. If we add advertising tags in the future, we will update this Policy and, where required, request your consent before activating them.

Where your Personal Data is processed

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of your Personal Data. Personal Data is processed at the Owner's operating offices in Tokyo, Japan, and at the data centers of the third-party services listed above, which include facilities in the United States and the European Union. By using the Service, you understand and agree that your Personal Data may be transferred to and processed in countries other than your country of residence.

Retention

We retain Personal Data for as long as necessary to provide the Service and to fulfill the purposes for which it was collected. Specifically:

• Account, authentication, and library data — retained until you delete your account.
• Subscription records — retained as required for tax, accounting, and dispute resolution, typically for the period required under applicable law.
• Server logs and aggregated analytics — retained for up to 24 months.
• Support correspondence — retained for up to 24 months after the last interaction.

Once your account is deleted, your Personal Data is removed from our production systems within 30 days, except where retention is required by law (for example, financial records).

Your rights

Subject to applicable law, you have the right to:

• Access the Personal Data we hold about you;
• Correct inaccurate or incomplete Personal Data;
• Delete your account and associated Personal Data;
• Object to or restrict certain processing;
• Receive your Personal Data in a portable format;
• Withdraw consent at any time, where processing is based on consent;
• Lodge a complaint with your local data protection authority.

How to exercise your rights

The fastest way to delete your account and associated data is to use the in-app feature: Profile → Settings → Delete Account. See the Delete Account page for full instructions, including the email path if you have lost device access.

For all other requests, contact us at support@taiyakiapp.com. We will respond within the timeframe required by applicable law.

Children's privacy

The Service is rated 17+ on the App Store and is intended for adult audiences. We do not knowingly collect Personal Data from children under 13 (or the equivalent minimum age in your jurisdiction). If you believe a child has provided us with Personal Data, please contact us and we will delete it.

California residents (CCPA / CPRA)

If you are a California resident, you have the right to know what Personal Data we collect, to request deletion of your Personal Data, to correct inaccurate Personal Data, and to opt out of the "sale" or "sharing" of Personal Data. We do not sell your Personal Data. Where we use the Meta SDK for advertising attribution after you have granted App Tracking Transparency permission, this may constitute "sharing" under California law; you can opt out by revoking that permission in iOS Settings → Privacy & Security → Tracking, or by contacting us.

European Economic Area, UK, and Switzerland (GDPR)

Where the GDPR applies, our legal bases for processing are: performance of the contract between you and us (to provide the Service), our legitimate interests (to operate, secure, and improve the Service), your consent (for marketing communications and certain tracking), and compliance with legal obligations. International transfers outside the EEA, UK, or Switzerland are protected by Standard Contractual Clauses or equivalent safeguards.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time by posting the updated version on this page and updating the "Last updated" date. Where changes are material, we will notify you in the app or by email.