Off-Nadir Delta
← Back to Home

Privacy Policy

1. Introduction

Off-Nadir Delta ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WebGIS satellite imagery analysis platform.

Business Operator Information and Personal Information Protection Manager: For details about our business operator and representative (who also serves as the Personal Information Protection Manager), please see our Specified Commercial Transactions Act page.

Contact for Privacy Inquiries: support@offnadir-lab.com

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us:

  • Email address (for account creation and authentication)
  • Payment information (processed securely through Stripe)
  • Profile information (display name, optional)

    ℹ️ About Display Names:

    • Setting a display name is entirely optional
    • If you share layer sets with other users (available on Pro and higher plans), your display name may be visible to them
    • Privacy Tip: We recommend using a pseudonym rather than your real name to protect your privacy
    • You can change or remove your display name at any time in your profile settings

2.2 Usage Information

We automatically collect certain information about your use of our service:

  • Token usage and consumption patterns
  • Map interactions and layer management activities
  • Search queries and satellite imagery requests
  • Browser type, device information, and IP address
  • Access times and referring website addresses

2.3 Cookies and Tracking

We use authentication cookies to maintain your session and provide core functionality. We also use Vercel Speed Insights for performance monitoring.

Cookie Consent: By creating an account and agreeing to our Terms of Service, you consent to our use of cookies and tracking technologies as described in this policy. Essential cookies required for authentication and core functionality are automatically enabled when you use our service.

2.4 reCAPTCHA

We use Google reCAPTCHA v3 to protect our website from spam and abuse. reCAPTCHA collects hardware and software information, such as device and application data, and sends this data to Google for analysis.

The use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Service.

reCAPTCHA is primarily used on our sign-up pages to prevent automated bot registrations and ensure the security of our platform.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide, maintain, and improve our services
  • Process your transactions and manage your subscription
  • Send you technical notices, updates, and support messages
  • Monitor usage patterns to optimize service performance
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations
  • Marketing Communications (Optional): If you opt in during registration or in your account settings, we may send you newsletters containing product updates, usage tips, and feature announcements. You can unsubscribe at any time via the link in each email or through your account settings.

In particular, we may analyze usage data (such as token usage, map interactions, and satellite imagery requests) to understand how the Service is used and to improve and develop features. Where reasonably possible, we aggregate or de-identify such usage data so that it can no longer be reasonably linked to an identified or identifiable individual. Aggregated or de-identified usage data may be used to generate usage statistics and reports, which we may publish or make available on a commercial basis. These statistics and reports do not identify individual users.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in these circumstances:

4.1 Third-Party Service Providers in Foreign Countries

We use third-party service providers located in foreign countries to operate our service:

CountryUnited States

  • Services provided: Authentication and database management, payment processing, application hosting and performance monitoring, satellite image processing, and email marketing services (for newsletter delivery, if opted in)
  • Personal data provided: Authentication information, user account data, payment information, access logs, IP addresses, metadata from image processing requests, and email address with subscription preferences (for newsletter services)
  • Data protection framework: All providers participate in the EU-US Data Privacy Framework, which ensures adequate protection standards for personal data transfers
  • Security measures: Our service providers are certified under industry-leading security standards including ISO 27001, SOC 2 Type II, and PCI DSS Level 1 (for payment services). All data is encrypted in transit and at rest.

4.2 Other Disclosures

  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit and at rest
  • Database-level security policies (Row Level Security)
  • Regular security audits and updates
  • Secure authentication mechanisms

6. Data Retention

We retain your personal information as follows:

  • Active account data: Retained while your account is active
  • After account deletion: Completely removed within 30 days
  • Legally required records: Retained for up to 7 years as required by applicable laws

You may request account deletion at any time by contacting support.

7. Your Rights Regarding Personal Data

7.1 Rights You Can Exercise

You have the right to:

  • Request notification of the purpose of use
  • Access and receive a copy of your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your account and data
  • Request suspension of use or provision to third parties
  • Data portability

7.2 How to Make a Request

Contact Method: Send an email with the subject line "Personal Data Request" to:

support@offnadir-lab.com

Identity Verification: Requests must be sent from your registered email address

Response Time: We will respond within 2 weeks of receiving your request

Fees: No fees are charged for disclosure requests

8. Third-Party Services

Our service integrates with third-party providers for:

  • Authentication and database services
  • Payment processing
  • Cloud infrastructure and serverless computing
  • Satellite imagery data access (Copernicus/ESA)

These third parties have their own privacy policies governing the use of your information. For details about data transfers to foreign service providers, see Section 4.1 above.

9. Satellite Data Access Transparency

We are committed to transparent and license-compliant access to satellite imagery data. Here is how we handle satellite data requests:

9.1 Data Sources

  • Copernicus Sentinel Data: Accessed via AWS Earth Search and Microsoft Planetary Computer public STAC APIs
  • License: Copernicus Sentinel data is provided under the Copernicus Sentinel Data License (free, full, and open access)

9.2 Technical Implementation

  • Token Stripping: All access tokens (Azure SAS tokens, AWS signatures, signed URLs) are automatically stripped from API responses before they reach your browser. Only sanitized metadata is returned.
  • Server-Side Processing: Satellite imagery tiles are fetched by our servers and delivered to your browser as standard PNG image files. Your browser never sees internal URLs, signed parameters, or provider credentials.
  • Debug Information Control: Internal debugging headers and URLs are disabled in production environments. Log files automatically mask any signature parameters.
  • Proper Attribution: All satellite imagery displayed in our service includes appropriate attribution to data providers as required by Copernicus and provider licenses.

9.3 Your Data Downloads

When you download or export satellite-derived data from our service, we ensure that:

  • Downloaded files do not contain any provider access tokens or signed URLs
  • Appropriate license and attribution information is included with exports
  • Your use of downloaded data is subject to the original data provider licenses

10. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our service. Continued use after changes constitutes acceptance.

12. Complaints and Inquiries

12.1 Contact Information

If you have questions or concerns about this Privacy Policy or our handling of personal information, please contact us at:

Email: support@offnadir-lab.com

Business Hours: Weekdays 10:00-18:00 (Japan Time)

12.2 External Consultation

We are not a member of any certified personal information protection organization. You may also consult with the Personal Information Protection Commission:

https://www.ppc.go.jp/

13. Anonymous and Pseudonymous Data

We may create aggregated or de-identified usage statistics that are not reasonably capable of identifying you. Such data is not treated as personal information. We do not create or use pseudonymized data.

Last Updated: December 31, 2025