SECURITY & DATA

Information Security & Data Handling

In providing our AI sales-support service "Kanae," CosmoSketch Inc. implements the following measures to protect the data we are entrusted with by our customers. We do not exaggerate or make statements contrary to fact; we disclose our current situation honestly.

1. Basic Policy

We operate on the principles of keeping customer data separate from that of other companies, handling it to the minimum extent necessary, and incorporating human review. Rather than leaving everything to AI, people are involved in important transmissions and decisions.

2. Safety Management Measures We Implement

Technical measures: encryption of data in transit and at rest, encrypted storage of authentication credentials (secrets), access control and the principle of least privilege, and data separation for each tenant (customer).
Operational measures: audit logging of all sending actions, usage limit management (to prevent runaway costs), and a human review flow before sending.
Organizational measures: limiting who handles data, and strict confidentiality.

3. Handling of AI

External AI (large language models, etc.) is operated under conditions where input data is not used to train that provider's models.
We do not repurpose the data entrusted to us by customers for training our general-purpose models or for use on behalf of other customers.
Because AI-generated output may contain errors, important content is sent only after a person has reviewed it.

4. Data Location & Subcontracting

This service is operated on the cloud managed by our company. To the extent necessary to provide the service, we may subcontract processing to external cloud, delivery, and AI providers, and we exercise appropriate oversight of subcontractors through contracts and other means.

5. Data Return & Deletion

Upon termination of the contract, we will, in accordance with the contract terms, support the export, return, and deletion of customer data.

6. Incident Response

In the unlikely event that there is a risk of information leakage or similar, we will promptly work to confirm the scope of impact, report to affected customers, and prevent recurrence, and we will take the necessary actions in accordance with applicable laws and regulations.

7. Status of Third-Party Certifications (Honest Disclosure)

At present, our company has not obtained third-party certifications such as ISO/IEC 27001 (ISMS) or the Privacy Mark. Regardless of whether such certifications are held, we actually operate the safety management measures described on this page. If there is any change in our certification status, we will disclose it accurately on this page. We will never claim to hold a certification that we have not obtained.

8. Contact

For questions regarding security and data handling, please contact ttakino@cosmosketch.co.jp. We are also happy to discuss enterprise security reviews and on-premises requirements according to the delivery model (Standard / Secure / Edge Runner).

Last updated: June 14, 2026