Privacy

Privacy Policy

This page explains what Kiroku, the Kiroku iOS app and Share Extension, Evidence Camera, and Evidence Voice Memos store, how we use that information, and how to contact us about privacy concerns.

Privacy Policy

Last updated: June 29, 2026

1. Introduction

This policy applies to the Kiroku web service, the Kiroku iOS app and Share Extension, Evidence Camera, Evidence Voice Memos, the Chrome extension "Kiroku Monitor - Webpage Change Monitor," and related websites, apps, APIs, shared pages, monitoring features, and subscription features (collectively, "the Service"). This policy explains what information the Service collects and stores, how we use it, where it is stored, and how to contact us about privacy matters.

2. Information We Collect

2.1 Account and installation information

When you create an account, we collect your email address. We do not collect passwords (we use passwordless authentication). The Kiroku iOS app, Evidence Camera, and Evidence Voice Memos may also store an installation ID, authentication token, app type, app version, build number, distribution channel, language setting, consent version, consent timestamp, and related device-level state to support login-free use, consent records, usage limits, abuse prevention, device-level recovery, and support.

2.2 Web archive information

Kiroku saves the URLs you specify for archiving from the website, iOS app, iOS Share Extension, Safari or other share sheets, and browser extensions. We store archive results including screenshots, mobile and desktop capture variants when available, HTML, AI summaries, metadata, save times, source type, public or private settings, and processing status on our servers. When you trigger "Archive on Kiroku" from the Kiroku Monitor Chrome extension popup, only the target URL is sent to the archive API (https://kiroku.today/api/archive) and stored through the same mechanism. Archives are public unless set to private.

2.3 Evidence Camera photo and video information

Evidence Camera stores photo and video files captured or saved by users, thumbnails, media type, file size, video duration, device-side capture time, server receipt time, SHA-256 hash, information needed for server receipts and evidence certificates, titles, notes, collections, lock status, deletion status, shared links, public IDs, password-protected sharing settings, and report or review status. If a photo or video includes people, places, documents, screens, license plates, addresses, conversations, or other personal or confidential information, that information is stored as part of the file.

2.4 Evidence Voice Memos recording information

Evidence Voice Memos stores audio files recorded or saved by users, waveform or playback-derived data, file size, recording duration, device-side recording time, server receipt time, SHA-256 hash, information needed for server receipts and evidence certificates, titles, notes, collections, lock status, deletion status, shared links, public IDs, password-protected sharing settings, and report or review status. If a recording includes voices, conversations, ambient sounds, names, addresses, account details, health information, business secrets, or other personal or confidential information, that information is stored as part of the audio file.

2.5 Access, device, and log information

For rate limiting, abuse prevention, security, incident investigation, and service improvement, we may store hashed IP addresses, User-Agent strings, access times, requested endpoints, error information, and logs related to saving, uploading, sharing, deleting, and legal consent. We may preserve logs to the extent necessary for legal compliance, rights-infringement handling, or safety response.

2.6 Inquiry information

Information submitted through contact forms, including inquiry type, related URL, reason, details, reply email address, related shared pages, and archive URLs, is stored for handling purposes.

2.7 Local data stored by the Kiroku Monitor Chrome extension

Kiroku Monitor stores the following entirely within your browser (IndexedDB and chrome.storage): the list of URLs you choose to monitor, monitoring settings such as CSS selectors and notification keywords, and historical page snapshots (HTML and extracted text used for diff comparison). This local data is never automatically transmitted to Kiroku servers or any third party. To detect changes, the extension sends HTTP requests directly from your browser to the URLs you specify; that traffic flows between the target site and your browser only and does not pass through our servers. Uninstalling the extension removes all of this local data.

2.8 iOS app, App Store subscription, and notification information

If you use the Kiroku iOS app, we may store app installation identifiers, app authentication tokens, language settings, app settings, archive history tied to the installation, push notification tokens, badge-related event counts, and notification preferences. If you purchase or restore Kiroku Pro through the App Store, Apple processes the payment. We receive and store the information needed to verify and manage the subscription, such as product ID, transaction ID, original transaction ID, subscription status, expiration or renewal information, App Store environment, and an app account token or installation identifier. We do not receive your full payment card details from Apple.

2.9 URL monitoring, RSS monitoring, and automated archive information

For Pro monitoring features, we store the URLs, RSS feed URLs, monitoring settings, check schedules, last checked time, detected changes, generated archive IDs, notification delivery status, and related logs needed to operate URL monitoring, RSS monitoring, badges, and notifications. When a monitored page or feed item changes, Kiroku may automatically create an archive and store it using the same archive mechanism described above.

3. Purpose of Use

Collected information is used for the following purposes:

  • Providing and operating web archiving, the Kiroku iOS app and Share Extension, Evidence Camera, Evidence Voice Memos, shared pages, server receipts, evidence certificates, libraries, and collections
  • Account authentication, device-level usage management, consent recordkeeping, App Store and web subscription verification, billing management, and Pro entitlement management
  • Operating URL monitoring, RSS monitoring, automated archive creation, push notifications, badges, and change notifications
  • Rate limiting, abuse prevention, security, and response to rights infringement, privacy violations, and prohibited content
  • Responding to inquiries
  • Service improvement, analysis, incident investigation, and quality improvement

4. Third-Party Disclosure

The operator will not provide users' personal information to third parties except in the following cases:

  • With the user's consent
  • When required by law (court orders, law enforcement inquiries, etc.)
  • When providing to contractors within the scope necessary for service operation, such as hosting, database, object storage, email, analytics, payment/subscription, App Store, push notification, and AI or text-processing providers
  • When necessary to investigate abuse, rights infringement, privacy violations, security incidents, or prohibited content

5. Cookies

The Service may use cookies, local storage, iOS app storage, Keychain storage, and device storage for authentication, language settings, consent status, subscription state, notification settings, shared-page display, and service improvement. You can disable cookies or storage in your browser or device settings, but some features such as login, private settings, sharing, subscriptions, notifications, and consent records may become unavailable.

6. Data Storage

Saved archives, photos, videos, recordings, thumbnails, evidence packs, generated files, and derived files are stored on Cloudflare R2 or other storage services. Metadata, server receipts, hashes, sharing settings, monitoring settings, push tokens, consent records, App Store subscription information, web billing information, and account-related information are stored in Supabase or other databases and external services. This data is retained until it is deleted by the user, a deletion request is processed, a retention period expires, the operator decides to delete it, or retention is necessary for legal, billing, security, or safety reasons.

When you delete your account or request deletion of an app installation, personal information associated with the account or installation, such as email address, installation identifiers, and push tokens, is deleted or anonymized where reasonably possible. However, archives, photos, videos, recordings, server receipts, logs, subscription records required for accounting or fraud prevention, information needed for report or takedown handling, and information needed for legal compliance or rights protection may remain until processed through an individual deletion request or operator review.

7. User Rights

Users have the following rights:

  • The right to request deletion of archives, photos, videos, recordings, and shared pages you have saved
  • The right to request disclosure, correction, or deletion of your personal information
  • The right to request account deletion or app-installation data deletion
  • The right to disable push notifications from iOS settings or from the app where available
  • The right to manage or cancel App Store subscriptions through your Apple ID subscription settings

Please submit these requests through the contact form. Contact Form

8. Use by Minors

The Service does not impose age restrictions, but we recommend that minor users use the Service with parental consent.

9. Policy Changes

The operator may change this policy as necessary. Changed policies take effect upon posting on this page. If significant changes are made, users will be notified through the Service.

10. Contact

For inquiries regarding the handling of personal information, please use the contact form. Contact Form