Morijournaling AI

Privacy Policy

Last Updated: July 15, 2026

WHEREAS, franky, Inc. ("Company," "we," "us," or "our") develops and operates the Mori Journaling AI platform; and

WHEREAS, the Company is committed to protecting the privacy and Personal Data of individuals who use the Services (as defined herein);

NOW, THEREFORE, this Privacy Policy ("Policy") describes how the Company collects, uses, stores, processes, and discloses Personal Data when Users utilize the Mori Journaling AI device (Model: MRD01) (the "Device"), the Mori companion application (the "App"), and the Company's website located at mori.to (the "Website") (the Device, the App, and the Website are collectively referred to hereinafter as the "Services").

By accessing or using our Services, you ("User" or "you") acknowledge that you have read, understood, and agree to the collection, Processing, and use of your information as set forth in this Policy. If you do not agree to the terms of this Policy, you shall not access or use the Services.

Policy Summary

The following is a summary of the key points of this Policy. For full legal details, please refer to the respective sections.

  • Information We Collect: Account information (name, email address, etc.), purchase information, voice recording data, usage data, browsing data through cookies, and pseudonymous affiliate attribution and conversion data.
  • How We Handle Voice Data: Recordings are made locally on the Device, and initial processing such as noise reduction is performed on-Device. Subsequent processing occurs on your smartphone and in the cloud. Audio data is retained for a limited period of several hours for reprocessing purposes and is then automatically deleted.
  • How We Use Your Information: Your information is used for service delivery and improvement, account management, security, customer support, and affiliate referral attribution and conversion measurement. The use of User Content for service improvement analysis shall be conducted only with the User's separate consent.
  • No AI Training or Unauthorized Use: We will not use your audio data, transcriptions, or AI-generated content for AI model training or any other purpose beyond what is necessary to provide the Services, without your explicit consent.
  • Data Protection: We implement industry-standard security measures, including encryption in transit and at rest, and strict access controls.
  • Your Rights: You may request access to, correction of, deletion of, portability of your Personal Data, and opt out of marketing communications.
  • Data Ownership: All recordings and User Content remain the property of the User.

Definitions

For the purposes of this Policy, the following terms shall have the meanings ascribed to them below:

  • "Personal Data" shall mean any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identifiable natural person or household.
  • "Processing" shall mean any operation or set of operations performed on Personal Data, including but not limited to collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction.
  • "User Content" shall mean all voice recordings, transcriptions, AI-generated journal entries, and any other content created by Users through the Services.
  • "Device" shall mean the Mori Journaling AI hardware device (Model: MRD01).
  • "Service Provider" shall mean any third-party entity that processes Personal Data on behalf of the Company for the purposes of providing the Services.

1. Information We Collect

1-1. Information You Provide

  • (a) Account Information: Email address and password provided when you create an account with the Services (passwords are managed through a third-party authentication service and cannot be viewed or accessed by the Company in plaintext).
  • (b) Purchase Information: Billing address, shipping address, and payment details (payment transactions are processed by our third-party payment processor; the Company does not directly store full payment card information).
  • (c) Support Communications: Information you provide when contacting our customer support team, including but not limited to the content of your communications and any attachments thereto.
  • (d) User Content: Voice recordings, transcriptions, AI-generated journal entries, and other content you create using the Services.
  • (e) Voice Feature Data (Voiceprints): Voice feature data temporarily generated during the speaker diarization process. Such feature data may constitute a personal identification code under the Act on the Protection of Personal Information, and the Company treats it as Personal Data. Voice feature data shall be promptly deleted upon completion of Processing and shall not be permanently retained.
  • (f) Contract Management Information: The version number of this Policy that the User has acknowledged, the User's consent or rejection of specific services or features, the version number of the service agreement, and the timestamps of such actions.

1-2. Information Collected Automatically

  • (a) Device Information: Device model, serial number, firmware version, operating system, Bluetooth connection data, device temperature, and battery status.
  • (b) Usage Data: Features used, session duration, recording frequency, and interaction patterns within the App.
  • (c) Log Data: IP address, browser type, access times, and referring URLs when you visit our Website.
  • (d) Location Data: The Company collects location data only if the User grants location permission in the App.

1-3. Information from Cookies and Tracking Technologies

The Company uses cookies and similar tracking technologies on the Website to collect browsing data and measure affiliate referrals and purchase conversions. Affiliate measurement data may include a pseudonymous profile identifier, order ID, currency, promotion code, discount, and product-level information (including category, SKU, quantity, and subtotal), together with a SHA-1 hash of a normalized email address. The Company does not transmit the raw email address to its affiliate measurement provider. For details regarding the types of information transmitted externally, the recipients of such information, and the purposes of use through the Company's cookies and tracking technologies, please refer to our Cookie Policy.

2. How We Process Your Voice Data

Your voice and audio data are central to the Mori Journaling AI experience. The Company is committed to handling such data with the highest level of care and in accordance with applicable law.

2-1. On-Device Processing

  • (a) Audio is initially recorded and stored locally on the Device.
  • (b) Basic audio processing occurs on the Device prior to any data transfer.

2-2. Cloud Processing

  • (a) When you utilize AI-powered features (including but not limited to transcription, summarization, and journaling assistance), your audio data shall be transferred to the Company's secure cloud servers via a Bluetooth connection to your mobile device, and subsequently via an encrypted internet connection to the Company's servers.
  • (b) Audio data transmitted for AI Processing shall be used solely for the purpose of generating the output requested by the User (i.e., transcriptions, summaries, and journal entries).
  • (c) The Company shall not use your audio data, transcriptions, or AI-generated content to train, develop, or improve any AI or machine learning models, or for any other purpose beyond what is necessary to provide the Services, without the User's explicit consent. Provided, however, that the Company may use User Content for analysis for the purpose of improving the quality of the Services, only with the User's separate consent.
  • (d) All third-party AI Service Providers engaged by the Company are bound by contractual agreements that expressly prohibit the use of User data for model training or for any purpose other than providing the requested service as set forth in Section 6-1 hereof.

2-3. Data Storage

  • (a) Your transcriptions and AI-generated content shall be stored in encrypted form on the Company's secure cloud servers.
  • (b) Audio data transmitted for Processing shall be promptly deleted upon completion of such Processing.
  • (c) You may download or delete your data at any time through the App.
  • (d) You shall retain full ownership of all your recordings and User Content. Nothing in this Policy shall be construed as transferring any ownership rights in User Content to the Company.

3. How We Use Your Information

The Company shall use your information for the following purposes:

  • (a) Service Delivery: To provide, maintain, and improve the Mori Journaling AI experience, including but not limited to transcription, summarization, and AI journaling features.
  • (b) Account Management: To create and manage your account, process transactions, and provide customer support.
  • (c) Communications: To send you service-related notifications and updates. Promotional communications shall be sent only with the User's prior consent, and you may opt out of such communications at any time pursuant to the procedures described in Section 8 hereof.
  • (d) Security and Fraud Prevention: To protect the security and integrity of our Services, detect and prevent fraud, and enforce our Terms of Service.
  • (e) Analytics and Improvement: To understand how our Services are used and to improve our products. Such analytics and improvement shall principally be conducted using aggregated, de-identified data only (such data constitutes statistical information and does not constitute anonymously processed information as defined under applicable data protection laws). The use of User Content for analysis purposes shall require the User's separate consent.
  • (f) Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
  • (g) Affiliate Measurement: To attribute referrals to affiliate partners, measure purchase conversions, prevent duplicate conversion reporting, and administer the Company's affiliate program.

4. Data Security

The Company implements industry-standard security measures to protect your Personal Data:

  • (a) Encryption in Transit: All data transmitted between the Device, the App, and the Company's servers shall be encrypted using TLS 1.2 or higher.
  • (b) Encryption at Rest: Stored data shall be encrypted using AES-256 encryption.
  • (c) Access Controls: Strict access controls shall ensure that only authorized personnel can access the Company's systems. No employee shall have direct access to your voice data or AI-generated content.
  • (d) Bluetooth Connection: The Device utilizes Bluetooth V5.4 for data transfer to the App. Data stored on the Device is encrypted using AES-256-GCM prior to transfer.
  • (e) Infrastructure Security: The Company's cloud infrastructure is hosted with providers that maintain industry-standard certifications (including but not limited to SOC 2 and ISO 27001).
  • (f) Company Security Certifications: The Company is working toward SOC 2 Type I certification and will subsequently pursue SOC 2 Type II certification.

NOTWITHSTANDING THE FOREGOING, WHILE THE COMPANY TAKES COMMERCIALLY REASONABLE MEASURES TO PROTECT YOUR DATA, NO METHOD OF ELECTRONIC TRANSMISSION OR STORAGE IS COMPLETELY SECURE. THE COMPANY CANNOT AND DOES NOT GUARANTEE ABSOLUTE SECURITY OF YOUR PERSONAL DATA, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.

5. Data Retention

  • (a) Account Data: The Company shall retain your account information for so long as your account remains active. Upon deletion of your account, the Company shall delete your Personal Data within thirty (30) days, except to the extent retention is required by applicable law.
  • (b) Voice Data and User Content: Your recordings, transcriptions, and AI-generated content shall be retained until you elect to delete them or delete your account. You may delete individual recordings or all data at any time through the App.
  • (c) Usage Data: Aggregated, de-identified usage data may be retained indefinitely for analytics purposes.
  • (d) Legal Requirements: Notwithstanding the foregoing, the Company may retain certain information as required by applicable law, regulation, or legal obligation, even following account deletion.
  • (e) Affiliate Attribution Data: A pseudonymous browser profile identifier used for affiliate attribution may remain in local storage for up to 720 days, unless the User deletes browser storage earlier. Conversion records may be retained by the applicable Service Provider in accordance with its privacy policy and the Company's affiliate program requirements.

6. How We Share Your Information

The Company does not sell your Personal Data. The Company may disclose your information in the following circumstances:

6-1. Service Providers

The Company shares information with third-party Service Providers who assist in operating the Services, as set forth in the table below:

CategoryPurposeData Shared
Cloud InfrastructureData storage and ProcessingEncrypted user data
AI ProcessingTranscription and summarizationAudio data (processed solely for service delivery; not retained for model training)
AI Processing (Transcription)Speech-to-text conversionAudio data (Providers: Deepgram, Soniox)
AI Processing (Summarization and Journaling)Summarization of transcriptions and journal entry generationTranscription data (Provider: OpenAI)
Payment ProcessingTransaction handlingPayment information
AnalyticsService improvementAggregated, de-identified usage data
Affiliate Attribution and Conversion MeasurementReferral attribution, purchase conversion measurement, duplicate prevention, and affiliate program administrationPseudonymous profile identifier; order ID; currency, promotion code, discount, and product-level category, SKU, quantity, and subtotal; and a SHA-1 hash of the normalized email address (Provider: Impact Tech, Inc., operating as impact.com; raw email address is not shared)
Customer SupportSupport ticket managementAccount and communication data
Email ServicesService communicationsEmail address and name

All Service Providers are bound by contractual obligations to process Personal Data only as instructed by the Company and in accordance with this Policy.

For further details on each Service Provider, please refer to our Trust Center.

Certain Service Providers listed above are located outside of Japan. With respect to the provision of Personal Data to such foreign entities, the Company shall comply with the cross-border transfer requirements under applicable data protection laws, including Article 28 of the APPI. Information regarding the personal data protection systems in the relevant countries is set forth in Section 7 hereof.

6-2. Legal Requirements

The Company may disclose your information where required to do so by law, regulation, legal process, subpoena, court order, or governmental request.

6-3. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, sale of all or substantially all assets, or other similar transaction, your information may be transferred as part of that transaction. The Company shall provide notice to Users of any such change in accordance with applicable law.

6-4. With Your Consent

The Company may share your information with third parties when you have provided explicit, informed consent to such disclosure.

7. Cross-Border Data Transfers

franky, Inc. is headquartered in Tokyo, Japan, and the Services are available in both Japan and the United States. Your Personal Data is stored on cloud infrastructure located in the United States. Your Personal Data may be transferred to, and processed in, countries other than your country of residence, including but not limited to Japan and the United States.

  • (a) Japan to United States: Data transfers from Japan to the United States shall be conducted in compliance with the Act on the Protection of Personal Information (Act No. 57 of 2003, as amended; "APPI") requirements for cross-border transfers of Personal Data.
  • (b) United States to Japan: Data transfers from the United States to Japan shall be handled in accordance with applicable United States federal and state privacy laws.
  • (c) The Company shall ensure that appropriate safeguards are in place for all cross-border data transfers, including but not limited to contractual protections with Service Providers requiring compliance with applicable data protection laws. For further details on data transfer destinations, please refer to our Trust Center.

8. Your Rights and Choices

Depending on your jurisdiction of residence, you may have the following rights with respect to your Personal Data:

8-1. All Users

  • (a) Access: Request a copy of the Personal Data we hold about you.
  • (b) Correction: Request correction of inaccurate or incomplete Personal Data.
  • (c) Deletion: Request deletion of your Personal Data, subject to applicable legal exceptions.
  • (d) Data Portability: Request your data in a structured, commonly used, and machine-readable format.
  • (e) Opt-Out of Marketing: Unsubscribe from promotional communications at any time.
  • (f) Account Deletion: Delete your account and all associated data through the App or by contacting the Company.
  • (g) Tracking Choices: Manage non-essential tracking through browser controls and the mechanisms described in the Cookie Policy. When the Website detects a Global Privacy Control ("GPC") signal, Impact affiliate tracking is disabled.

8-2. California Residents (CCPA/CPRA)

If you are a resident of the State of California, you have additional rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the "CCPA"):

  • (a) Right to Know: You have the right to request information regarding (i) the categories and specific pieces of Personal Data the Company has collected about you, (ii) the categories of sources from which such Personal Data was collected, (iii) the business or commercial purpose for collecting such Personal Data, and (iv) the categories of third parties with whom the Company shares your Personal Data.
  • (b) Right to Delete: You have the right to request deletion of your Personal Data, subject to certain exceptions as set forth under the CCPA.
  • (c) Right to Correct: You have the right to request correction of inaccurate Personal Data maintained by the Company.
  • (d) Right to Opt-Out of Sale/Sharing: THE COMPANY DOES NOT SELL YOUR PERSONAL DATA. If the Company engages in activities that may constitute "sharing" as defined under the CCPA (including but not limited to targeted or cross-context behavioral advertising), you may opt out by (i) transmitting a Global Privacy Control ("GPC") signal through your browser, (ii) using the browser and industry opt-out mechanisms described in the Cookie Policy, or (iii) contacting the Company at support@mori.to for assistance with a sale/sharing opt-out request.
  • (e) Right to Non-Discrimination: The Company shall not discriminate against you for exercising any of your rights under the CCPA, including but not limited to denying goods or services, charging different prices, or providing a different level or quality of services.

To exercise your rights under this Section 8-2, please contact the Company at support@mori.to. The Company shall verify your identity prior to processing your request and shall respond within forty-five (45) days of receipt (which period may be extended by an additional forty-five (45) days where reasonably necessary, with notice to the User). You may also designate an authorized agent to submit requests on your behalf, subject to proper verification.

8-3. Japanese Residents (APPI)

If you are a resident of Japan, you have rights under the Act on the Protection of Personal Information (Act No. 57 of 2003, as amended; "APPI"):

  • (a) Right to Disclosure: You may request disclosure of the Personal Data the Company holds about you.
  • (b) Right to Correction: You may request correction, addition, or deletion of your Personal Data if it is inaccurate.
  • (c) Right to Cease Use: You may request that the Company cease using or delete your Personal Data if it was obtained through improper means or is no longer necessary for the purposes for which it was collected.
  • (d) Right to Cease Third-Party Provision: You may request that the Company cease providing your Personal Data to third parties.

For details on exercising these rights, please refer to the Japanese version of this Policy.

9. Children's Privacy

The Services are intended exclusively for adults. The Services are not directed to, and shall not be used by, individuals under the age of eighteen (18) or individuals who have not reached the age of majority in their jurisdiction, whichever is greater. The Company does not knowingly collect Personal Data from such individuals. If you believe the Company has inadvertently collected information from such an individual, please contact us at support@mori.to. Upon verification, the Company shall promptly delete such information.

10. Third-Party Links and Services

The Services may contain links to third-party websites or services that are not owned or controlled by the Company. The Company shall not be responsible for, and this Policy does not apply to, the privacy practices of any such third parties. The Company encourages Users to review the privacy policies of any third-party services they access through the Services.

11. Changes to This Privacy Policy

The Company reserves the right to modify or update this Policy from time to time in its sole discretion. The Company shall notify Users of material changes by posting the updated Policy on the Website and, where appropriate, by sending a notification through the App or via email. Your continued use of the Services following the posting of any changes shall constitute your acceptance of the updated Policy. If any provision of this Policy is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

12. Contact Us

If you have questions, concerns, or requests regarding this Policy or the Company's data practices, please contact us:


franky, Inc.
5th Floor, 1-13-9, Tomigaya, Shibuya, Tokyo, Japan
Representative Director: Yu Akasaka