MONJI+

About MONJI+

The philosophy, vision, and future MONJI+ aims for

What is a WebOps Enablement Platform?

The Philosophy, Strengths, and Evolution of MONJI+

Pride and Hope in the Web Industry.The Vision of MONJI+

Growing with You — MONJI+

Development Story

Why Go Global? The World Is Waiting for Your Work

Features

Power your results with AI, data, and teamwork. All you need for web operations in one platform

Feature list

Find features by goal

Feedback features

Don't let feedback end at comments

Site Management & Improvement

Find issues, fix them, and drive improvement

AI features

AI and teams working together

Marketing features

Improve with data in view

Knowledge Sharing & Team Development

Build a strong team that doesn’t depend on individuals

External tool integrations

Keep using the tools you already rely on

Security features

Security that protects your team's important data

Core features

Core features that power your WebOps

Use Cases

Maximize the results of your WebOps with MONJI+

Basic Usage

The foundation that supports your results

About Teams/Projects

Key Topics

  • Overview of Teams/Projects
  • Four key benefits
  • Recommended ways to use

About Members/Guests

Key Topics

  • What Members can do
  • What Guests can do
  • How to invite Members/Guests

What is MONJI Flow Fabric?

Key Topics

  • Why WebOps becomes a cycle of continuous improvement
  • How MONJI+ differs from traditional WebOps
  • Practical examples of MONJI Flow Fabric

Pricing Plans

Choose the best plan for your team size and goals

Pricing Plans

Key Topics

  • Plan details
  • Feature comparison by plan
  • How to get started

About the 30-Day Free Trial

Key Topics

  • How to get started from free registration
  • 3 key points
  • What happens after the trial

About selecting and paying for a paid plan

About the Referral Reward Coupon

User Support

Your go-to support page for troubleshooting and getting the most out of MONJI+

Usage Guide (Support Site)

Easy-to-follow guidance from basic operations to advanced features of MONJI+.

Popular Guides

View Usage Guide外部リンク

FAQ (Support Site)

Find answers to frequently asked questions and solutions to common issues.

Top Questions

View FAQ外部リンク

Re:MONJI

A co-creation development program that evolves MONJI+ together with our users.

Contact Us

If you have any questions or concerns, please feel free to contact us.

Privacy Policy

HOMEseparatorPrivacy Policy

MONJI Privacy Policy (Global, Non-EEA/UK/CH & Mainland China) — v1.0

Last updated: 2025-12-03 (JST)
Not offered in the EEA/UK/Switzerland or Mainland China (PRC). The Service is not directed to, and may not be used by, any person located in the European Economic Area, the United Kingdom, Switzerland, or Mainland China (the People’s Republic of China, excluding Hong Kong SAR, Macau SAR, and Taiwan), and in other payment-unsupported jurisdictions. Coverage is maintained on our web-maintained Restricted Regions List.
B2B only. The Service is intended solely for business and organizational use.
This Privacy Policy (Policy) explains how ALAKI Inc. (“we,” “us,” “our”) collects, uses, discloses, and protects information in connection with the MONJI platform, websites, and related services (the Service). If this Policy is provided in multiple languages, the English version controls in case of inconsistency.

Company & Contact

ALAKI Inc. — Osaka Eki-mae No.3 Bldg. 2F-Room5,6, 1-2-2 Umeda, Kita-Ku Osaka-City, Osaka Pref, 530-0001 Japan
Privacy inquiries: [email protected]

1) Scope; Roles

  • This Policy applies to information we process about: (a) Customer personnel who create accounts and use the Service; (b) visitors of our websites; and (c) Customer Content we process on behalf of a Customer.
  • Controller vs. Processor.
    • We are a controller for Account Data (e.g., admin/user profile, billing contacts, support communications, website analytics).
    • We are a processor/service provider for Customer Content submitted to the Service by or for a Customer. Our Data Processing Addendum (DPA) forms part of the agreement with all customers and governs such processing.
  • Regional Supplements Control.
    • This Privacy Policy includes regional notices (e.g., California). If any conflict arises, the applicable regional notice controls for residents of that region.

2) Information We Collect

  • Account Data: name, work email, employer/organization, role, authentication and audit logs, plan/usage/billing details, support tickets.
  • Customer Content: data, text, images, files, comments, and other materials submitted or generated within the Service by or for Customer.
  • Technical Data: IP address, device/OS/browser info, locale, time zone, telemetry (request logs, performance, security events), cookies and similar technologies.
  • Payment Data: limited billing data and payment tokens via Stripe (we do not store full card numbers). For transactions processed via Stripe’s Managed Payments, Stripe acts as the merchant of record and may issue receipts/invoices; we receive limited billing/tax data and do not store full card numbers.
  • Communications: feedback, survey responses, and emails to [email protected].

3) How We Use Information

We use information to:
  • Provide and secure the Service; authenticate users; operate features; detect/prevent abuse and fraud; and comply with law.
  • Support and improve the Service, including analytics of aggregated/de-identified data.
  • Communicate about updates, security, and transactions; provide support.
  • Process payments and taxes via Stripe, including Managed Payments where Stripe is the merchant of record (and, where not applicable, via Stripe/Stripe Tax).
  • AI features: as detailed in Section 7 (AI) below.
We do not use Customer Content to market third-party products; we do not sell personal information.

4) Legal Bases (outside the EEA/UK/CH)

We rely on contract performance (providing the Service under our Terms), legitimate interests (security, fraud prevention, analytics), and legal obligations (e.g., tax, compliance). Where local law requires consent (e.g., certain cookies), we will request it.

5) Sharing & Disclosures

  • Sub-processors (initial list): Google Cloud Platform (Japan); Cloudflare (global edge); Twilio SendGrid (US); Stripe (US/international); and AI model providers used for optional AI features (currently OpenAI).
  • Stripe (US/international) — payments and tax handling, including Managed Payments as merchant of record where applicable (billing info and tokens; no full card numbers stored by us).
  • Customer-configured integrations (e.g., Slack/Chatwork/Google) are enabled by Customer and are not our sub-processors.
  • Legal: We may disclose where required by law, valid process, or to protect rights, safety, and the Service (see notice-and-takedown in Terms).
  • Business transfers: in a merger, acquisition, or reorganization, information may transfer subject to this Policy.

6) International Transfers; Location

  • Primary hosting is in Japan (GCP asia-northeast regions). Limited processing may occur in other countries (e.g., US for email/payments; global for edge delivery). Where Managed Payments applies, Stripe processes payments as merchant of record and may issue receipts/invoices in its name.
  • In disasters or DDoS emergencies, temporary processing may occur in other regions; we will provide notice where feasible.
  • The Service is not offered in the Restricted Regions; do not submit personal data of individuals located in those regions. If detected, we may suspend and delete such data in line with our Terms and DPA.

7) AI Features — Privacy Terms (Alignment with ToS)

  • No Training by Default (Opt-in Only). Unless an organization admin explicitly opts in under Admin → Security & Privacy → Data Use (AI), we do not use Customer Content (inputs/outputs) to train or improve models. Changes are audit-logged.
  • Third-Party Models. Some AI features may use OpenAI or other providers under no-training, data-minimization terms. Admins can disable AI features.
  • Prohibited Inputs. Do not submit to AI features: health/medical (PHI); biometric/genetic; children’s data (under 13); precise geolocation; government IDs; financial account credentials; special categories (e.g., race, religion, political or union affiliation, sex life/sexual orientation); criminal history; authentication secrets; or any Restricted-Region personal data.
  • Remediation. We may block, and will generally delete prohibited AI inputs within 72 hours upon detection, and may suspend offending use.

8) Your Choices & Controls

  • Account settings: update profile, roles, and preferences.
  • Communications: opt out of non-transactional emails using in-message controls.
  • Cookies: control via browser settings; certain features may require cookies.
  • Do Not Track / GPC: We do not respond to browser “Do Not Track” (DNT) signals; however, we honor valid Global Privacy Control (GPC) signals as described in the California section of this Privacy Policy.
  • Data portability/export: We do not provide any self-service export or bulk download feature during the subscription term, and we do not return or export Customer Content after termination (see Section 10). Customers should maintain independent copies of any data they need to retain.

9) Security

We implement technical and organizational measures intended to protect information (e.g., encryption in transit, logical access controls, logging/monitoring, vulnerability management). No method of transmission or storage is 100% secure.

10) Retention & Deletion (Minimal Deletion SOP; aligned with ToS)

  • During term: We retain Customer Content for the subscription term to provide the Service.
  • Termination: After termination/expiration, we execute the following steps:
    • (a)Access revocation (T+0): disable logins/tokens.
    • (b)Primary deletion (within 3 business days): delete primary Customer Content from application data stores/object storage; remove related search indexes/caches where applicable.
    • (c)Secondary deletion (within 10 business days): purge residual/derived artifacts (thumbnails, embeddings, denormalized views, queues/streams, analytics staging).
    • (d)Backups: are overwritten on a rolling schedule; we do not restore Customer Content from backups after termination.
    • (e)Sub-processors: instructed to delete/minimize Customer Content promptly after termination; we maintain evidence of such requests.
    • (f)Minimal records only: retain billing records, security logs, and deletion audit logs for a limited period per internal policy (generally 90–365 days), then delete or de-identify.
  • Export/return: We do not return Customer Content after termination.

11) Professional Services (Deliverables)

When we provide Professional Services (implementation, configuration, migration, template customization, or similar):
  • We may process Account Data and Customer Content necessary for the engagement.
  • Unless an SOW states otherwise, Deliverables are provided on a reasonable-efforts basis and AS IS; Customer is responsible for validating Deliverables in its own environment and for maintaining independent backups.
  • We are not responsible for broken links, layout/display shifts, encoding or font/rendering differences caused by third-party content, CDNs/caches, or device/OS/locale/browser/network differences outside our reasonable control.

12) Children’s Privacy

The Service is not directed to children and we do not knowingly collect personal information from individuals under 16. If you believe a child under 16 has provided personal information, contact [email protected] and we will delete it.

13) State/Local Rights (Outside EEA/UK/CH)

Depending on where you live, you may have certain rights (e.g., access, correction, deletion) with respect to Account Data. To exercise, contact [email protected] and we will respond consistent with applicable law. For Customer Content, contact your organization’s administrator; we act as a processor.
  • California Privacy Notice (CCPA/CPRA)
    • Scope. This section supplements this Policy for California residents.
    • No Sale/Share. We do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA (including no cross-context behavioral advertising). We honor Global Privacy Control (GPC) signals as a valid request to opt out of sale/sharing for the browser/session that sends the signal.
    • Categories Collected. In the last 12 months, we collected the following categories of personal information (as defined by CCPA/CPRA): Identifiers (e.g., name, work email), Commercial information (plan/transactions), Internet or other electronic network activity information (telemetry, logs), Professional information (employer/role). We do not knowingly collect precise geolocation, government ID numbers, or Sensitive Personal Information other than minimal security/audit data as permitted by law.
    • Sources. From you (account creation, support), from your organization (admin provisioning), and automatically (Service telemetry/cookies).
    • Business/Commercial Purposes. To provide, secure, and improve the Service; to process transactions and taxes; to detect/prevent fraud and abuse; to comply with law.
    • Disclosures for Business Purposes. We disclose personal information to service providers/contractors (e.g., cloud hosting, email delivery, payments) under written agreements that restrict use to business purposes. We do not sell or share personal information.
    • Retention. We retain personal information only as long as reasonably necessary for the purposes described above, consistent with our retention policy. Representative periods include: account/billing records for the subscription term plus up to 7 years (tax/audit); security logs generally 90–365 days; deletion audit logs generally 90–365 days.
    • Your Rights. California residents may request access (know), deletion, and correction of personal information; opt out of sale/sharing (not applicable as we do not sell/share); and be free from discrimination for exercising these rights.
    • How to Exercise. Submit requests at [email protected] or via in-product controls (where available). We will verify requests (e.g., logged-in account, email confirmation, or reasonable documentation) and respond within 45 days (with one 45-day extension where permitted). You may use an authorized agent; we may require proof of authorization and your verification.
    • Sensitive Personal Information. We do not use or disclose Sensitive Personal Information to infer characteristics or for any purpose requiring a “Right to Limit” under the CPRA. If that were to change, we will provide a “Limit the Use of My Sensitive Personal Information” link and honor such choices, including GPC-based signals where applicable.

14) Third-Party Sites & Services

Links and integrations may point to third-party websites/services. Their practices are governed by their own policies. We are not responsible for them.

15) Changes to This Policy

We may update this Policy by posting the revised version and notifying users via the website, email, in-product notice, or other reasonable means. The effective date appears at the top. Your continued use after the effective date constitutes acceptance.

Annex — Sub-processors & Transfers (Summary)

  • Google Cloud Platform (Japan) — app/DB (Customer Content, account info, logs)
  • Cloudflare (Global) — CDN/WAF (IP and HTTP telemetry)
  • Twilio SendGrid (US) — transactional email (addresses, message metadata)
  • Stripe (US/international) — payments, Managed Payments / merchant of record (billing info, tokens; no full card numbers stored)
  • AI Providers (e.g., OpenAI) — optional AI features under no-training terms

Your California Privacy Choices

For California residents: use the links below to manage your choices; we honor Global Privacy Control (GPC).
Updates to sub-processors or their scope will be posted; where required, we will give 30 days’ prior notice of material changes.