Privacy Policy
Aligned to SaaS² Data & Telemetry Governance Layer • v3.3(Effective January 2025 · Applies to all RYANES entities, affiliates, and network participants)
1. Purpose
This Privacy Policy explains how RYANES Holdings Co., Ltd. (Japan) and RYANES Holdings Inc. (Canada) — collectively “RYANES,” “we,” or “our” — collect, use, store, and protect information processed through the SaaS² Framework and all related websites, portals, and ecosystem systems.It fulfills legal obligations under Japan’s Act on the Protection of Personal Information (APPI), Canada’s PIPEDA, and the EU GDPR for cross-border operations.
2. Entities & Jurisdiction
| Entity | Jurisdiction | Principal Office | Governing Law |
|---|---|---|---|
| RYANES Holdings Co., Ltd. | Japan | Minato-ku Tokyo 105-0014 Japan | APPI • Civil Code of Japan |
| RYANES Holdings Inc. | Canada | 120 Adelaide St W Toronto ON M5H 1T1 Canada | PIPEDA • Laws of Ontario & Canada |
All processing follows the SaaS² Governance Charter, ensuring mirrored compliance and synchronized security standards across both regions.
3. Scope
This Policy applies to:
- The public RYANES website and sub-domains (ryanes.com, regional mirrors);
- The RYANES Portal (affiliate, partner, and telemetry dashboards);
- Email, form submissions, contracts, and collaboration tools;
- All ventures and partners operating within the SaaS² ecosystem.
Separate privacy addenda may apply to specific ventures or clients where additional data types are processed.
4. Data Collected
4.1 Account & Contact Information
Name, organization, role, email, phone, preferred language, region.
4.2 Operational & Telemetry Data
- Clickstream and referral logs
- Transaction timestamps, IP zones, device fingerprints (hashed)
- Performance metrics: leads, conversions, payouts, and audit traces
4.3 Financial & Compliance Records
Bank or payout details (for verified participants only), tax IDs, and invoice references.
4.4 Technical Logs
System events, authentication tokens, browser signatures, and anomaly flags for security monitoring.
4.5 Cookies & Analytics
Essential cookies enable login, tracking, and localization; optional analytics use aggregated, anonymized data.
5. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Contract fulfillment with clients or partners | Performance of agreement |
| Commission tracking & payouts | Legitimate interest in commercial operations |
| Marketing subscriptions | Consent (freely withdrawable) |
| Compliance records and audits | Legal obligation (Japan / Canada / EU) |
| Telemetry security & fraud prevention | Legitimate interest in system integrity |
6. Use of Information
We use information to:
- Authenticate participants and secure their accounts;
- Operate the SaaS² Telemetry Network for commission verification and governance;
- Process payments and generate tax records;
- Provide client services, technical support, and notifications;
- Improve system performance through aggregated analytics;
- Comply with legal and audit requirements.
No information is sold to third parties.
7. Telemetry & Automated Data Processing
Telemetry is core to SaaS² operations.It records events to ensure transparency, prevent fraud, and calculate commissions accurately.Telemetry data is encrypted, time-stamped, and immutable within our ledger system.Access is restricted to governance officers and auditors under strict NDA and role-based controls.
8. Data Storage & Retention
| Region | Storage Location | Retention Period |
|---|---|---|
| Japan | Tokyo primary data center + encrypted off-site backup | 5 years from final transaction or termination |
| Canada | Toronto mirror instance + redundant AWS region | 5 years |
Data older than the retention period is securely anonymized or deleted.
9. Data Sharing & Disclosure
We may share limited data only as follows:
- Ventures & Partners: For joint project execution under contract.
- Financial Institutions:For verified payout processing.
- Auditors & Regulators: As legally required.
- Service Providers: Hosting, security, and communication vendors under confidentiality agreements.
We never disclose telemetry details to unverified third parties.
10. Cross-Border Transfers
Data flows between Japan and Canada operate under binding corporate rules and encrypted VPN channels.Where EU or EEA data is processed, Standard Contractual Clauses (SCCs) apply.
11. Security Measures
- End-to-end TLS encryption for all traffic
- AES-256 encryption at rest
- Role-based access controls and multi-factor authentication
- 24/7 monitoring and incident response
- Quarterly vulnerability testing and annual external audit
12. Your Rights
Depending on jurisdiction, you have the right to:
- Access your personal data;
- Request correction or deletion;
- Withdraw consent for marketing;
- Receive data in portable format (where applicable);
- File a complaint with a supervisory authority.
Requests can be sent to privacy@ryanes.com and will be answered within 30 days.
13. Cookies & Tracking
Essential cookies enable login sessions, language selection, and telemetry linkage.Non-essential analytics cookies are disabled by default and require opt-in consent.Users can manage preferences via browser settings or the Cookie Control banner.
14. Children’s Data
RYANES services are not directed to minors under 18.We do not knowingly collect data from children. If such data is identified, it will be deleted immediately.
15. Data Breach Notification
In the event of a security incident likely to affect personal data, RYANES will notify affected parties and regulators within 72 hours of confirmation, providing details and mitigation steps.
16. Third-Party Services
Our sites may embed or link to third-party tools (e.g., payment processors, analytics dashboards).Such providers operate under their own privacy policies. RYANES reviews their compliance but cannot assume liability for external processing.
17. Retention of Telemetry for Audit
Telemetry logs are retained for the full legal period of five years to ensure commission audit capability and system integrity. Afterward, records are hashed and archived for statistical purposes only.
18. Updates to Policy
Revisions are dated and posted on this page. Material changes will be announced via Portal notifications or email.Continued use after update constitutes acceptance.
19. Contact Us
Data Protection Officers
| Region | Contact Email | Language |
|---|---|---|
| Japan | privacy.jp@ryanes.com | Japanese / English |
| Canada | privacy.ca@ryanes.com | English / French |