Privacy Policy
Last updated: March 29, 2026
DOREMI K.K. ("Company", "we", "us", or "our") operates the Erasy service at erasy.app ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address
- Name (if provided via Google OAuth)
- Authentication identifiers from your sign-in method (Google OAuth or email/password)
1.2 Usage Data
We automatically collect:
- Number of images processed and processing timestamps
- Subscription plan and billing history
- IP address (for rate limiting of unregistered usage)
- Browser type, device information, and operating system
1.3 Uploaded Images
When you use the Service, you upload images for background removal processing. These images are:
- Temporarily stored in Cloudflare R2 during processing
- Sent to our GPU processing infrastructure for AI inference
- Not stored permanently — images are deleted after processing is complete and results are delivered
- Not used to train AI models or for any purpose other than providing the Service to you
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process your image background removal requests
- Manage your account and subscription
- Process payments and send billing-related communications
- Enforce usage limits based on your plan
- Send transactional emails (welcome emails, payment confirmations)
- Prevent fraud and abuse of the Service
- Improve and optimize the Service
- Comply with legal obligations
3. Third-Party Services
We use the following third-party services to operate Erasy. Each processes data according to their own privacy policies:
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication & user management | Email, name, OAuth tokens |
| Stripe | Payment processing | Payment method, billing info, email |
| Modal | GPU image processing | Uploaded images (temporary) |
| Cloudflare | Hosting, database, storage | Usage data, images (temporary), IP address |
| Resend | Transactional emails | Email address |
4. Cookies and Tracking
We use the following cookies and similar technologies:
- Authentication cookies: Essential cookies set by Clerk to maintain your login session
- Security cookies: Used for CSRF protection and rate limiting
We do not use advertising cookies or third-party tracking pixels. We do not sell your data to advertisers.
5. Data Retention
- Account data: Retained for as long as your account is active. You may request deletion at any time.
- Usage records: Retained for 12 months for billing and analytics purposes.
- Uploaded images: Deleted immediately after processing. Not retained beyond the active session.
- Payment records: Retained as required by applicable tax and financial regulations (typically 7 years in Japan).
6. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS for all connections)
- Secure authentication via Clerk (passwords are hashed, never stored in plaintext)
- Payment information is handled entirely by Stripe (PCI DSS compliant) — we never store card details
- Access controls and least-privilege principles for infrastructure
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data and account
- Portability: Request your data in a portable format
- Objection: Object to processing of your personal data
- Withdrawal of consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at contact@playdoremi.com. We will respond within 30 days.
8. GDPR (European Economic Area Users)
If you are located in the European Economic Area (EEA), the following applies:
- Legal basis for processing: We process your data based on (a) contractual necessity (to provide the Service), (b) legitimate interests (to improve the Service and prevent abuse), and (c) your consent (where applicable).
- International transfers: Your data may be transferred to and processed in countries outside the EEA, including Japan and the United States. We ensure appropriate safeguards are in place, including the EU-Japan adequacy decision and standard contractual clauses with our service providers.
- Supervisory authority: You have the right to lodge a complaint with your local data protection authority.
9. Children's Privacy
The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email.
11. Contact
If you have any questions about this Privacy Policy or our data practices, please contact us at:
DOREMI K.K.
Email: contact@playdoremi.com
Address: Aoyama Marutake Bldg. 6F, 3-1-36 Minami-Aoyama, Minato-ku, Tokyo 107-0062, Japan