Last updated: May 2, 2026
Hinata Saito (the “operator”) sets out this Privacy Policy (the “Policy”) regarding the handling of personal information and other user-related information in SnapWiFi (the “App”). By using the App, you are deemed to have agreed to this Policy.
Note: This Policy was originally drafted in Japanese. The English version is provided for convenience only; in case of any discrepancy, the Japanese version prevails.
1. Information We Collect
The App collects the following information:
- Images: images that the User captures with the camera or selects from the device.
- App Attest information: the keyId, assertion, and signature counter issued by Apple's App Attest.
- Communication information: IP address, request timestamp, HTTP status, error details, and user agent.
- Language preference: the device's preferred language (used to switch the language of response messages).
The App does not collect names, addresses, phone numbers, email addresses, location data, contacts, or payment information.
2. Purpose of Use
The information collected is used solely for the following purposes:
- To extract Wi-Fi connection information (SSID, password, authentication method, and similar) from images and present it to the User.
- To prevent abuse and to confirm that access is from the official App (App Attest information).
- To apply rate limits for abuse prevention and system protection (IP address, keyId).
- To record logs for incident response, security, and quality improvement.
- To respond to legal obligations.
3. Provision to Third Parties and Cross-Border Transfer
3.1 Provision to Image-Analysis Provider
To extract Wi-Fi information from images, the App transmits image data to the Gemini API provided by Google LLC, located in the United States.
- Destination country: United States of America.
- Destination party: Google LLC.
- Conditions of handling: data is handled in accordance with the terms of service and privacy policies published by Google LLC.
- Personal-information protection regime in the United States: the United States does not have a single, comprehensive personal-information protection regime equivalent to the Japanese Act on the Protection of Personal Information; protection is provided through sector-specific laws and the policies of individual operators.
By using the App, the User agrees to the transmission of images to a third party located in the United States as described above.
3.2 Hosting Provider
The server side of the App runs on services provided by Cloudflare, Inc. (located in the United States). Access logs and similar information may pass through that company's facilities.
3.3 Other Third-Party Provision
Apart from the above, the operator does not provide collected information to third parties, except in the following cases:
- Where the User has consented.
- Where disclosure is required by law.
- Where it is necessary to protect the life, body, or property of a person and obtaining the User's consent is difficult.
4. Retention Periods
| Type of information | Retention period |
|---|---|
| Images (data sent to the Gemini API) | Discarded promptly after extraction; not stored on the operator's storage. |
| App Attest keyId and public key | Until the User stops using the App and the operator determines that the data is no longer required. |
| Signature counter | Same period as the keyId above. |
| Access logs and error logs | Up to 90 days from collection. |
| Rate-limit counters | Automatically deleted after each counter's aggregation period (per minute / per day). |
Where applicable law specifies a different retention period, that period applies.
5. Security Measures
The operator takes reasonable technical and organisational measures to prevent the leakage, loss, or damage of collected information and to otherwise ensure its safe handling. Specifically, the operator implements encrypted communication (HTTPS), access controls, deletion of data that is no longer required, and abuse-detection mechanisms.
6. User Rights
The User may request the operator to notify them of the purpose of use, disclose, correct, add, delete, suspend the use of, or stop the third-party provision of, information about themselves. To make a request, please contact the operator using the contact details at the end of this Policy. After identity verification, the operator will respond within a reasonable period.
Because the App does not collect contact details such as the User's name, the operator may ask the User to present information that allows their requests to be identified, such as an App Attest keyId, in order to confirm identity.
7. Children's Privacy
The App is rated for all ages; however, parents and guardians are asked to review the contents of images used and the contents of this Policy and provide their consent before children use the App. The operator does not intentionally collect information from children under 13. If the operator becomes aware that information from a child has been collected without parental consent, it will promptly delete that information.
8. Cookies and Similar Technologies
The App itself does not use cookies. The server side of the App may temporarily process common communication information such as request headers and IP addresses for the purposes of abuse detection and rate limiting.
9. Changes to This Policy
This Policy may be revised as necessary in response to changes in laws, changes to the App's specifications, or other circumstances. Important changes will be announced in the App, on the official site, or by other appropriate means. The revised Policy applies from the effective date specified by the operator.
10. Contact
For questions about this Policy, requests for disclosure, or other communications, please contact:
- Operator: Hinata Saito (individual developer)
- Email: charo@beavers-hive.com
- Contact form: Open Google Form
The operator's address is not published in this Policy; however, the operator will respond in accordance with the prescribed procedures upon a disclosure request based on applicable law.