AikoAiko

Privacy Policy

Last updated: May 16, 2026
Service: Aiko
Website: aiko4u.com
Contact Email: contact@hyperailab.com

1. Overview

This Privacy Policy describes how personal information is collected, used, stored, protected, shared, retained, exported, erased, and deleted when you use Aiko, including the website located at aiko4u.com and any related applications, portals, interfaces, dashboards, devices, APIs, features, tools, documentation, support channels, and services (collectively, the "Service").

Aiko is a supervised, voice-first artificial intelligence (AI) companion and engagement service designed for older adults in adult day-service settings in Japan, including 通所介護 and 地域密着型通所介護 offices. The Service supports communication, engagement, family connection, supervised sessions, optional familiar-voice personalization, session summaries, facility reporting, consent records, and related administrative functions.

This Privacy Policy is intended to align with applicable privacy laws, including Japan’s Act on the Protection of Personal Information ("APPI"), where applicable. It does not use "PIPA" as a shorthand for Japan’s privacy law.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Service Provider

Legal Entity Name: Mitrofanova Mariia
Registered Address: To be provided upon request.
Contact Email: contact@hyperailab.com

If the Service is provided through a different operating entity, reseller, Merchant of Record, payment provider, facility partner, or enterprise contract, the applicable entity and terms may be identified at checkout, in an order form, or in a written agreement.

3. Important Roles and Responsibility Allocation

Aiko may be used by facilities, operators, staff, family members, guardians, legal representatives, older adults, and other authorized users. Privacy and consent responsibilities depend on the deployment model.

Facilities, operators, and professional users are responsible for their own legal basis, notices, consent procedures, authorization checks, staff access controls, recordkeeping, facility policies, care obligations, and legal compliance where they determine purposes or means of processing or otherwise have independent obligations.

Family members, guardians, legal representatives, and other personal users are responsible for submitting only information, voice samples, content, memories, photos, messages, and relationship data they are authorized to submit.

The Service provider processes information to operate, secure, maintain, improve, support, and enforce the Service, and to provide features requested or authorized by users, facilities, operators, families, and other approved participants.

4. Information We Collect

4.1 Website and Contact Form Information

When you visit aiko4u.com, submit an inquiry, use a contact form, or contact us by email, we may collect:

  • name;
  • email address;
  • phone number;
  • organization name;
  • position or role;
  • message content;
  • inquiry category;
  • communication history;
  • consent preferences;
  • request metadata, including time, IP address, browser, device, and technical logs.

4.2 Account and Authentication Information

The Service may collect:

  • email address;
  • account identifier;
  • display name;
  • phone number;
  • user role;
  • facility affiliation;
  • family relationship information;
  • guardian or representative status;
  • authentication status;
  • access permissions;
  • admin status;
  • whitelist, pilot, beta, invitation, or approval status;
  • login and session information;
  • account creation, update, deletion, and access timestamps.

Authentication may be handled through third-party identity providers, facility systems, or application-managed authentication. The Service may use cookies, tokens, or similar technologies for authentication and security.

4.3 Older-Adult Profile Information

The Service may collect information about older adults where authorized, including:

  • name or profile name;
  • profile identifier;
  • age range or date of birth where needed;
  • facility affiliation;
  • attendance or session eligibility information;
  • preferred language;
  • accessibility preferences;
  • hearing or interaction preferences;
  • family relationship links;
  • content preferences;
  • conversation preferences;
  • consent status;
  • authorized contacts;
  • profile status;
  • onboarding information.

The Service is not intended to collect medical records by default. Users and facilities should not submit medical, clinical, diagnostic, treatment, medication, or sensitive care information unless it is necessary, lawful, authorized, and supported by the applicable Service configuration and agreement.

4.4 Family and Representative Information

The Service may collect information about family members, guardians, legal representatives, and other authorized contacts, including:

  • name;
  • email address;
  • phone number;
  • relationship to the older adult;
  • role or authority;
  • profile links;
  • account status;
  • content contributions;
  • consent records;
  • voice sample status;
  • subscription and billing status;
  • communication preferences.

4.5 User Content

The Service collects and processes content submitted, uploaded, created, or imported by users, facilities, families, staff, and authorized representatives, including:

  • voice samples;
  • audio input;
  • transcribed text where enabled;
  • family memories;
  • messages;
  • prompts;
  • conversation starters;
  • photos or other media where enabled;
  • profile notes;
  • facility notes;
  • staff notes;
  • feedback;
  • support requests;
  • incident reports;
  • consent forms or consent attestations;
  • session context;
  • summaries;
  • account and administrative actions.

User Content may include personal information, sensitive information, family information, or information about older adults. You should not submit information that you are not authorized to process through the Service.

4.6 Voice Samples, Audio, and Familiar-Voice Data

Where familiar-voice personalization is enabled, the Service may collect and process voice samples from family members or other authorized voice providers.

The requested voice sample length will be shown during onboarding and may be approximately 5–10 minutes depending on provider requirements and product configuration.

Voice and audio data may include:

  • voice samples provided for familiar-voice personalization;
  • temporary audio input during sessions;
  • audio metadata;
  • speech-to-text processing data;
  • text-to-speech processing data;
  • synthetic voice configuration data;
  • consent and revocation records;
  • provider processing records;
  • quality, safety, debugging, and support information where enabled.

By default, the Service may process session audio transiently to provide the voice interaction. Persistent storage of full session audio or full transcripts may be disabled, limited, optional, or subject to specific consent, facility configuration, product settings, or written agreement.

4.7 Session, Summary, and Engagement Information

The Service may create and store derived data from interactions, including:

  • session time and duration;
  • session count;
  • interaction metadata;
  • session summaries;
  • staff-facing summaries;
  • family-facing summaries;
  • conversation topics;
  • non-clinical sentiment, tone, or engagement indicators;
  • safety or escalation workflow status;
  • disclosure and consent events;
  • family content usage;
  • facility reporting data;
  • audit logs;
  • user actions such as accept, dismiss, refresh, resolve, view, edit, or delete.

These outputs are operational, engagement, and communication-support data. They are not clinical records, diagnoses, treatment records, emergency alerts, or medical determinations unless a separate written agreement expressly states otherwise.

4.8 Automatically Collected Information

The Service may automatically collect:

  • IP address;
  • device type;
  • operating system;
  • browser type and version;
  • application version;
  • access times;
  • pages or features used;
  • device identifiers where applicable;
  • request metadata;
  • upload and processing metadata;
  • search, session, summary, and feature usage data;
  • error logs;
  • latency and performance logs;
  • security events;
  • rate-limit counters;
  • authentication logs;
  • audit logs;
  • operational status, queues, health markers, backup markers, and warning indicators.

4.9 Cookies and Similar Technologies

The Service may use cookies and similar technologies for:

  • authentication;
  • session management;
  • CSRF protection;
  • security;
  • account access;
  • service functionality;
  • remembering preferences;
  • usage analysis;
  • performance improvement;
  • error monitoring;
  • abuse prevention.

We do not use tracking cookies or analytics tools that collect personal information for advertising or cross-site tracking without consent where consent is required.

You may control cookies through browser settings. Some features may not function correctly if cookies are disabled.

4.10 Payment Information

If paid services, subscriptions, purchases, pilot fees, facility subscriptions, enterprise licenses, family subscriptions, or other paid functions are introduced or enabled, payment data may be processed by third-party payment providers or a Merchant of Record.

The Service does not store full payment card details unless expressly stated. Payment providers may process billing information, payment method details, tax information, fraud-prevention data, transaction history, refund data, invoices, receipts, and subscription status according to their own terms and privacy policies.

5. How We Use Information

Personal information is used for:

  • operating and maintaining the Service;
  • providing the website at aiko4u.com;
  • responding to inquiries and contact form submissions;
  • creating and managing accounts;
  • authenticating users;
  • enforcing access controls, roles, whitelist status, pilot access, beta access, and administrative permissions;
  • onboarding facilities, families, staff, and older-adult profiles;
  • managing authorization, consent, disclosure, and revocation records;
  • providing supervised voice sessions;
  • processing speech-to-text and text-to-speech;
  • enabling optional familiar-voice personalization;
  • generating session summaries, staff summaries, family summaries, reports, and operational outputs;
  • supporting family content contribution and family connection features;
  • supporting facility reporting, incident reporting, support workflows, and administrative functions;
  • providing subscriptions, billing, purchase, cancellation, and support functions;
  • sending service communications, operational notices, security notices, legal notices, and support responses;
  • improving performance, reliability, safety, usability, accessibility, and product quality;
  • detecting, preventing, and responding to fraud, abuse, unauthorized access, security incidents, technical issues, and policy violations;
  • complying with legal obligations, lawful requests, accounting requirements, tax requirements, dispute handling, and enforcement needs;
  • protecting the rights, safety, property, and operations of the Service provider, users, facilities, families, older adults, and third parties.

6. AI Processing and Output Limitations

The Service may use AI systems to process information and generate conversations, summaries, non-clinical indicators, reports, prompts, and other outputs.

AI outputs may be inaccurate, incomplete, outdated, biased, mistranscribed, inappropriate, unavailable, or affected by user input quality, audio quality, device conditions, facility environment, accent, dialect, hearing or speech differences, model limitations, retrieval limits, vendor availability, network issues, latency, or system degradation.

AI outputs are provided for informational, organizational, engagement, and communication-support purposes only. They are not medical advice, mental-health advice, legal advice, financial advice, diagnosis, treatment, care instructions, clinical assessment, emergency alert, safety determination, or final determination.

Facilities, families, staff, and other users are responsible for reviewing and verifying outputs before relying on them.

7. Sharing of Information

We do not sell, trade, or rent personal information.

We may share personal information only as described in this Privacy Policy, including with:

  • authorized users connected to a profile, such as facilities, staff, family members, guardians, legal representatives, or administrators;
  • facility operators and enterprise customers where the Service is deployed through them;
  • service providers that support hosting, storage, security, identity, authentication, speech processing, AI processing, familiar-voice synthesis, email delivery, payment processing, analytics, observability, error monitoring, support, and operations;
  • email delivery providers, including Resend where applicable, to process and deliver contact form submissions, service notices, and support communications;
  • payment providers or Merchants of Record for billing, tax, fraud prevention, receipts, refunds, chargebacks, and subscription management;
  • professional advisors, including legal, accounting, tax, security, compliance, and insurance advisors;
  • authorities, courts, regulators, law enforcement, or other parties where required or permitted by law;
  • parties involved in a business transfer, merger, acquisition, financing, restructuring, sale of assets, or similar transaction;
  • other recipients with consent, direction, or authorization.

Service providers are expected to process personal information for authorized purposes and are subject to contractual, technical, or organizational controls where appropriate.

8. Third-Party Providers and Cross-Border Processing

The Service may rely on third-party providers located in Japan or other countries. Depending on product configuration and provider selection, personal information may be processed outside Japan.

Where required, cross-border processing will be handled through appropriate disclosures, contractual protections, consent flows, or other mechanisms required by applicable law.

Third-party provider availability, data practices, security controls, locations, and terms may change. Users and facilities should review applicable provider information where it is disclosed at checkout, onboarding, in a written agreement, or in product documentation.

9. Data Security

We implement technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, loss, misuse, or destruction.

Measures may include:

  • access controls;
  • authentication;
  • encryption in transit or at rest where appropriate;
  • role-based permissions;
  • audit logs;
  • security monitoring;
  • rate limiting;
  • backup controls;
  • incident response processes;
  • vendor review;
  • administrative controls.

No system can be guaranteed to be completely secure. Users, families, facilities, operators, staff, and administrators are responsible for maintaining device security, account security, network security, physical supervision, and access controls under their control.

10. Data Retention

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, support security, maintain audit records, operate backups, process payments, provide support, and fulfill the purposes described in this Privacy Policy.

Retention periods may vary based on:

  • account status;
  • profile status;
  • facility agreement;
  • consent status;
  • subscription status;
  • pilot or beta status;
  • legal requirements;
  • dispute status;
  • security requirements;
  • backup cycles;
  • audit-log needs;
  • tax and accounting requirements.

Deletion may not immediately remove all data from backups, logs, audit records, legal records, payment records, vendor systems, or records retained for security, compliance, fraud prevention, accounting, dispute handling, or lawful operational purposes.

11. Export, Access, Correction, Deletion, and Objection Requests

Subject to applicable law, identity verification, authorization checks, technical feasibility, facility requirements, and legal exceptions, you may request:

  • access to personal information;
  • correction of inaccurate information;
  • deletion or erasure of personal information;
  • export of available personal information;
  • withdrawal of consent where processing is based on consent;
  • objection or restriction where available under applicable law.

Requests may be sent to contact@hyperailab.com.

We may decline, limit, delay, or condition requests where required or permitted by law, including where necessary for identity verification, consent verification, facility obligations, legal claims, accounting, security, fraud prevention, audit logs, backup integrity, contractual obligations, or protection of other persons.

Facilities, operators, and enterprise customers may be responsible for responding to certain requests where they control the relevant profile, account, records, or processing purpose.

12. Consent Withdrawal and Voice Revocation

Where processing is based on consent, you may withdraw consent according to available controls or by contacting us.

Withdrawal of consent may limit or disable features, including familiar-voice personalization, profile access, summaries, family sharing, facility reporting, or supervised sessions.

If consent for a voice sample or familiar-voice personalization is withdrawn, the Service may disable future use of that voice configuration and process deletion according to applicable technical, legal, vendor, backup, audit, and retention limits.

Withdrawal does not necessarily affect processing that occurred before withdrawal where that processing was lawful at the time.

13. Children’s Privacy

The Service is designed for older adults, families, and care-related organizations. It is not directed to children.

We do not knowingly collect personal information from children under the age of 13. If you believe a child has provided personal information to the Service without required authorization, contact us at contact@hyperailab.com.

14. High-Risk and Sensitive Information

Users should not submit medical records, treatment records, diagnosis information, medication details, legal documents, financial information, government identification numbers, highly sensitive family information, or other high-risk information unless it is necessary, lawful, authorized, and supported by the applicable Service configuration and agreement.

The Service is not designed to be the sole repository for care, emergency, legal, medical, financial, or safety-critical records.

15. Automated Decisions

The Service is not intended to make automated decisions that produce legal effects or similarly significant effects concerning any person.

Users, facilities, families, staff, operators, guardians, and representatives must not use Service outputs as the sole basis for employment, credit, insurance, healthcare, legal, care-level, safeguarding, emergency, financial, or other high-impact decisions.

16. International Users

The Service is primarily focused on Japan. If you access the Service from outside Japan, you understand that information may be processed in Japan or other countries where the Service provider or its service providers operate.

You are responsible for complying with laws applicable to your location and use case.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Updated versions will be posted on aiko4u.com or made available through the Service. Where required, additional notice may be provided. Continued use of the Service after an updated Privacy Policy becomes effective means you accept the updated policy.

18. Contact

Questions or requests about this Privacy Policy may be sent to:

contact@hyperailab.com