Privacy Policy - Tokyo Signature Tours

Effective Date: November 26, 2025

Tokyo Signature Tours (hereinafter, the “Company,” “we,” or “us”) recognizes that the protection of personal information handled in connection with the guided private tour services and related concierge services that we provide (collectively, the “Services”) is a matter of great importance.
The Company complies with Japan’s Act on the Protection of Personal Information (Act No. 57 of 2003, as amended; hereinafter, the “APPI”), as well as other applicable laws, regulations, and relevant guidelines, and hereby establishes this privacy policy (this “Policy”) as follows.

Article 1 (Definition of Personal Information)

For purposes of this Policy, “Personal Information” means “personal information” as defined in Article 2, Paragraph 1 of the APPI, and specifically includes, without limitation, the following:

(1) Information that can identify a specific individual, such as name, address, telephone number, email address, and similar identifiers; and
(2) Information that can be used, in combination with other information, to identify a specific individual without undue effort.

Article 2 (Personal Information Collected and Methods of Collection)

The Company collects Personal Information only to the extent necessary for the provision of the Services, as set forth below.

Information Provided Directly by Customers
The Company may collect the following information directly from customers (“Customers”):

(1) Name, email address, and telephone number;
(2) Lodging information and information about accompanying persons;
(3) Preferences, requests, and constraints (such as dietary restrictions, allergies, desired destinations, time constraints, etc.);
(4) Inquiry details and any other information provided by the Customer through communications with the Company; and
(5) Information regarding age range, physical condition, walking ability, and similar matters, to the extent necessary for planning and conducting the Tour.

Note: Sensitive payment information (such as full credit card numbers and security codes) is retained by the payment processor and is not stored by the Company.

Information Provided via External Services
When the Customer uses external services such as social login services or third-party booking platforms, the Company may, within the scope permitted by the terms of use of such external services and the Customer’s authorization, receive profile information and other related information from those services.

Information Automatically Collected in Connection with Use of the Services
For purposes of understanding usage conditions, maintaining security, and improving the Services, the Company may automatically collect the following information:

(1) Access logs and IP addresses;
(2) Browser and operating system information;
(3) Cookie information;
(4) Device identifiers; and
(5) Location information (only if enabled by the Customer through device settings or similar means).

If the Customer does not provide accurate information, the Customer may not be able to use all or part of the Services.

Article 3 (Purposes of Use)

The Company uses Personal Information only to the extent necessary to achieve the following purposes:

(1) To provide, operate, and manage the Services, including reservation management, identity verification, and responding to inquiries;
(2) To customize Tours, conduct pre-tour consultations, and propose itineraries as necessary to perform the Tours;
(3) To share necessary information with guides who have entered into service agreements with the Company, to the extent required for achieving the purposes set forth in the preceding items;
(4) To ensure safety, respond to violations of the Terms of Use, and prevent disputes and other issues, including:
- Confirming the presence or absence of nuisance or dangerous behavior; and
- Confirming facts in the event of accidents or disputes;
(5) To notify Customers of changes to the Terms of Use, this Policy, other rules established by the Company, and the contents of the Services;
(6) To analyze usage of the Services and improve the quality and functionality of the Services;
(7) To provide information about the Services, campaigns, and other related offerings, based on the Customer’s voluntary consent;
(8) To conduct marketing activities, deliver advertisements, and measure and optimize advertising effectiveness based on the Customer’s consent to the use of Cookies; and
(9) For other purposes that are incidental to, or reasonably related to, the purposes listed above.

Article 4 (Outsourcing and Provision to Third Parties)

Within the scope necessary for operating the Services, the Company may outsource all or part of the handling of Personal Information to third parties and provide Personal Information to such outsourcees. In such cases, the Company will enter into confidentiality agreements and other necessary contracts with such outsourcees, confirm their data protection frameworks, and appropriately supervise their handling of Personal Information.

Outsourcees as described in the preceding paragraph may include guides who have service agreements with the Company, payment service providers, cloud service providers, and other entities necessary for operation of the Services.

Under the APPI, certain outsourcing arrangements may not constitute “provision to a third party.”

With the Customer’s express consent, the Company may provide Personal Information to third parties within the scope of such consent. For example:

Providing the Customer’s name, desired reservation date and time, and similar information to kimono rental shops, restaurants, activity providers, and other partners.

Records of the Customer’s consent and the contents thereof will be retained appropriately and in accordance with the retention period set forth in Article 7.

Notwithstanding the foregoing, the Company may provide Personal Information to third parties without the Customer’s consent in the following cases:

(1) When required by law;
(2) When necessary to protect the life, body, or property of a person and obtaining the individual’s consent is difficult;
(3) When particularly necessary for improving public health or promoting the sound development of children, and obtaining the individual’s consent is difficult; or
(4) When necessary to cooperate with a national or local government agency, or a party entrusted by such agency, in performing functions prescribed by law and obtaining the individual’s consent may impede such performance.

Article 5 (Cross-Border Data Transfers)

The Customer is hereby informed that, due to the Company’s use of services provided by foreign entities such as Stripe, Google, and Meta, the Customer’s Personal Information may be stored and processed on servers located outside Japan.

The Company will only entrust or provide Personal Information to such foreign entities after confirming that they have implemented security measures at a level required under Article 28 of the APPI, or that they otherwise maintain an appropriate framework for the protection of Personal Information as required by that Article.

Article 6 (Security Measures)

The Company implements the following measures to prevent leakage, loss, or damage of Personal Information and to otherwise ensure its secure management:

(1) Limiting the number of persons who can access Personal Information to the minimum necessary, and periodically reviewing and updating access permissions;
(2) Implementing encryption of communications (such as SSL/TLS) when transmitting data;
(3) Obtaining and managing access logs and establishing systems to detect unauthorized access or intrusions;
(4) Providing education, training, and appropriate supervision to personnel and outsourcees (including guides) who handle Personal Information; and
(5) Periodically reviewing and improving the organizational structure and management measures for handling Personal Information.

In the unlikely event of a leakage or other incident involving Personal Information, the Company will take necessary action in accordance with applicable laws, including reporting to the Personal Information Protection Commission of Japan and notifying affected individuals, as required.

Article 7 (Retention Period and Deletion)

As a general rule, the Company retains Personal Information for a period of two (2) years from the date of its last use, after which the Company will, without undue delay, delete or anonymize such information using a secure method.

However, if the Company deems it necessary to retain Personal Information for purposes such as handling claims, disputes, or complaints, the Company may extend the retention period to the extent necessary in light of such circumstances.

Article 8 (Use of Cookies and Analytics Tools)

The Company’s website may use third-party tools such as Google Analytics and Meta Pixel to conduct access analysis, deliver advertisements, and measure advertising effectiveness.

The Company will, through banners or other appropriate means, provide Customers with an opportunity to accept or reject Cookies, taking into account the type of Cookies (e.g., essential Cookies, analytics Cookies, advertising Cookies).

Customers may disable Cookies through their browser settings or by using opt-out tools provided by each service provider. However, if Cookies are disabled, some functions of the Services or the Company’s website may not be available.

Article 9 (Handling of Personal Information of Minors)

If a person under eighteen (18) years of age wishes to use or book the Services, prior consent from a parent or legal guardian (including consent provided via email) is required.

In addition to the preceding paragraph, if a person under eighteen (18) years of age wishes to participate in a Tour, such minor must be accompanied by a parent or legal guardian who is at least twenty (20) years of age. Even if parental consent is obtained, the minor may not participate in the Tour without such accompanying guardian.

If the Company is unable to confirm the requisite parental consent or the accompaniment requirement described above, the Company may refuse to provide the Services.

Article 10 (Customer Rights: Access, Correction, Deletion, Suspension of Use, etc.)

Customers may make the following requests with respect to their Personal Information held by the Company:

(1) Access (disclosure);
(2) Correction or addition;
(3) Deletion;
(4) Suspension of use or erasure; and
(5) Disclosure of records of provision to third parties (only within the scope permitted by applicable law).

Requests may be made in either Japanese or English.

The Company will endeavor, within a reasonable scope, to respond to such requests within forty-five (45) days from the date of receipt. If additional time is required, the Company will notify the Customer of that fact and the anticipated timeframe.

If the Company reasonably determines that a request is unfounded or excessive, the Company may refuse to comply with the request or may require the Customer to bear reasonable fees based on actual costs incurred in responding.

Requests regarding Personal Information may be submitted as follows:

[Point of Contact for Personal Information Requests]

Email: info@tokyosignaturetours.com
Subject line: “Privacy Request”
Required information: Customer’s name, reservation number (if available), and a specific description of the request.

Article 11 (Compliance with Laws and Regulations)

The Company will handle Personal Information appropriately and in good faith in compliance with the APPI, other applicable laws and regulations, and relevant guidelines issued by the Personal Information Protection Commission of Japan and other authorities.

Article 12 (Revisions to this Policy)

The Company may revise this Policy from time to time in response to changes in laws or regulations, modifications to the Services, enhancements to security, or other necessary circumstances.

The revised Policy will become effective upon publication on the Company’s website or by such other method as the Company deems appropriate. When making important changes, the Company will endeavor to provide clear and understandable notice to Customers by reasonable means.

Article 13 (Contact Information)

For inquiries, complaints, or consultations regarding this Policy or the handling of Personal Information, please contact:

[Privacy Contact]

Email: info@tokyosignaturetours.com

The Japanese version of this Policy shall be the official and controlling version. In the event of any discrepancy in interpretation between the Japanese version and any translation, the Japanese version shall prevail.