Privacy Policy
Effective date: 2026-05-17
Nippon Brief (“we”, “us”, or “our”) operates the website at nipponbrief.com (the “Service”). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over your data.
This policy supplements our Terms of Service and Cookie Policy.
1. Data Controller
The data controller responsible for the processing of your personal data is:
- Operator: Nippon Brief, edited by nachaman
- Location: Tokyo, Japan
- Contact:
legal@nipponbrief.com
We do not currently have a representative in the EU/EEA or UK. EU/UK readers may contact us directly using the email above.
2. Information We Collect
2.1 Information you provide directly
- Newsletter subscriptions: When you subscribe to our newsletter via beehiiv, we collect your email address and (optionally) your name.
- Email inquiries: When you contact us by email, we collect your name, email address, subject, and message content.
- Comments (if enabled): When you post a comment, we collect the name and email you provide. Email is not displayed publicly.
2.2 Information collected automatically
When you visit Nippon Brief, the following may be collected automatically:
- Device and browser information: browser type and version, operating system, screen resolution, language preference
- Network information: IP address (truncated where supported), approximate location (country / region level only)
- Usage data: pages visited, time spent per page, referring URL, search queries that brought you to the site, click events on internal and outbound links
- Cookies and similar technologies: see our Cookie Policy for details
We do not collect:
- Precise geolocation (GPS coordinates)
- Sensitive personal data (health, political opinions, religious beliefs, etc.)
- Financial information (we do not process payments directly)
- Identity documents (passport, ID card, etc.)
3. Legal Bases for Processing (EU/UK readers)
Under GDPR and UK GDPR, we rely on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Sending newsletter content | Consent (Art. 6(1)(a) GDPR) |
| Responding to email inquiries | Legitimate interest in responding to readers (Art. 6(1)(f) GDPR) |
| Analytics (Google Analytics 4, Microsoft Clarity) | Consent (via cookie banner) |
| Affiliate referral attribution | Legitimate interest in attributing referrals (Art. 6(1)(f)). We set no affiliate cookie ourselves; any tracking cookie is set by the partner network on its own site under its terms when you click through |
| Site security, fraud prevention | Legitimate interest (Art. 6(1)(f) GDPR) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
4. How We Use Information
We use the collected information to:
- Operate, maintain, and secure the Service
- Deliver newsletter content (only to confirmed subscribers)
- Track affiliate referrals so we receive credit for purchases made via our links
- Analyze site usage to improve content quality and editorial decisions
- Respond to inquiries, corrections, and partnership requests
- Comply with applicable laws and respond to lawful requests from authorities
We do not:
- Sell your personal data to third parties
- Share your email address with advertisers or affiliates
- Use your data for purposes incompatible with the original purpose of collection
- Profile readers individually for editorial decisions
5. Third-Party Services
Nippon Brief relies on the following third-party services. Each operates under its own privacy policy:
| Service | Purpose | Data shared | Privacy Policy |
|---|---|---|---|
| Google Analytics 4 | Site usage analytics (consent-gated) | Truncated IP, device info, cookie IDs | policies.google.com/privacy |
| Microsoft Clarity | Aggregate usage & session insights (consent-gated) | Usage events, device info, cookie IDs | privacy.microsoft.com/privacystatement |
| Cloudflare (Pages, CDN, Email Routing) | Static hosting, CDN, security, email routing | IP address (for security), email metadata (routing only, content not stored) | cloudflare.com/privacypolicy |
| beehiiv | Newsletter delivery | Email, open/click events | beehiiv.com/privacy |
| Affiliate networks (Amazon Associates, Airalo, Klook, Booking.com, Agoda, JRPass.com) | Affiliate referral tracking | Cookie-based referral ID, purchase events | (see respective providers) |
| Image API providers (Unsplash, Pexels, Pixabay) | Image delivery for articles | Standard request logs only | (see respective providers) |
5.1 Advertising
We do not currently display advertising on the Service, and no advertising cookies are set. If we introduce display advertising (e.g. Google AdSense) in future, we will update this policy and the Cookie Policy, and such cookies will be set only after your consent via the cookie banner. General opt-out tools for personalized advertising remain available at Google Ad Settings, aboutads.info (US), and youronlinechoices.eu (EU).
5.2 International data transfers
Some third-party services (notably Google, Cloudflare) may process data in the United States or other countries outside Japan, the EU, and the UK. These transfers rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Each provider’s certification to applicable data transfer frameworks (e.g., EU-US Data Privacy Framework, where applicable)
6. Cookies and Tracking
We use cookies, local storage, and similar technologies for the purposes described in our Cookie Policy.
In short:
- Strictly necessary cookies are always set
- Functional, analytics, and advertising cookies are only set after consent in regions with consent requirements (EU/EEA, UK, California)
- You can manage your preferences via the “Cookie Preferences” link in the site footer at any time
7. Data Retention
We retain personal data only as long as necessary for the purpose for which it was collected:
| Data type | Retention period |
|---|---|
| Newsletter email addresses | Until unsubscription + 30 days |
| Email inquiries | Up to 24 months for follow-up, then deleted |
| Analytics data (GA4) | Up to 26 months (Google Analytics default) |
| Analytics data (Microsoft Clarity) | Per Microsoft Clarity’s retention (cookies up to ~1 year) |
| Server access logs | Up to 90 days |
| Comments (if enabled) | Indefinitely while the article is published, unless removed on request |
When you exercise your right to deletion (see §8), we will delete or anonymize your data within 30 days, except where retention is required by law.
8. Your Rights
8.1 Under GDPR / UK GDPR (EU, EEA, UK readers)
You have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data (the “right to be forgotten”)
- Restrict processing in certain circumstances
- Object to processing based on legitimate interest
- Data portability (receive your data in a structured, machine-readable format)
- Withdraw consent at any time (for processing based on consent)
- Lodge a complaint with your local data protection authority
8.2 Under CCPA / CPRA (California readers)
You have the right to:
- Know what personal information we collect, use, disclose, and (if any) sell or share
- Delete your personal information (subject to exceptions)
- Correct inaccurate personal information
- Opt-out of the sale or sharing of personal information — we do not sell personal data, but ad-related cookies may qualify as “sharing” under CCPA. Use our cookie banner or the “Do Not Sell or Share My Personal Information” link in the footer
- Limit use of sensitive personal information (we do not knowingly collect sensitive personal information)
- Non-discrimination for exercising these rights
8.3 Under APPI (Japan readers)
You have the right to:
- Disclosure of personal data we hold about you
- Correction, addition, or deletion of inaccurate data
- Suspension of use or deletion of data processed in violation of law
8.4 How to exercise your rights
To exercise any of the rights above, email legal@nipponbrief.com or use the Contact page. We will respond within:
- 30 days for GDPR / UK GDPR requests
- 45 days for CCPA requests
- Reasonable time (typically 30 days) for APPI requests
We may ask for additional information to verify your identity before processing the request.
9. Children’s Privacy
Nippon Brief is not directed at children under 13 years of age (or 16 in the EU/EEA). We do not knowingly collect personal information from children.
If you are a parent or guardian and believe a child has provided us with personal data, please contact legal@nipponbrief.com and we will delete it promptly.
10. Security
We implement reasonable technical and organizational measures to protect personal data, including:
- HTTPS / TLS encryption for all site traffic
- Cloudflare WAF and DDoS protection
- Reputable third-party services (Google, Microsoft, Cloudflare, beehiiv) operating under industry-standard security practices
- Limited internal access to subscriber data, on a need-to-know basis
- 2FA on all administrative accounts (registrar, hosting, content management)
However, no method of internet transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
10.1 Data breach notification
In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay, in accordance with applicable law (e.g., GDPR Art. 34, APPI Art. 26).
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be:
- Posted on this page with an updated effective date
- Announced via newsletter (to subscribers) and/or a banner on the Service for significant changes
Your continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact
For privacy-related inquiries:
- Privacy / data rights:
legal@nipponbrief.com - General:
hello@nipponbrief.com - Editorial corrections:
editor@nipponbrief.com
Or use the Contact page.
Last updated: 2026-05-17 Operator: Nippon Brief, edited by nachaman, based in Tokyo, Japan
Revision history
- 2026-05-16: Initial publication
- 2026-05-17: Expanded with GDPR/UK GDPR/CCPA/APPI specifics, AdSense disclosure detail, third-party service table, retention table, data controller section, breach notification clause, contact email differentiation