Machine translation by shutto翻訳 is used.

Security Policy

    1. Demarcation point of responsibility with users

    Responsibilities of E-Agency E-Agency will implement the following security measures:
    • Security measures for API Mail applications
    • Protection of customer data stored in API Mail applications
    • Security measures for middleware, OS, and other infrastructure used to provide the API Mail application.

    Customer Responsibilities: Customers are required to implement the following security and privacy protection measures in accordance with their own security policy and privacy policy.
    • Appropriate management of passwords assigned to each user
    • Proper management of the API Mail service (registration, deletion, permission settings, organization administrator settings, etc.)
    • Management of data generated and stored when using API Mail (customer email addresses, email content, etc.)
    • Responsibility for the use of data generated when using API Mail
    • Appropriate management of personal information registered with API Mail (notification and publication of purpose of use, and other measures required under the Personal Information Protection Act)

    2. Data storage location

    As a general rule, all data is stored within Japan.
    In addition, if it is difficult to store data within Japan due to the structure of the service we use, we will use it in consideration of the risks associated with storing data in that country.

    3. Data Deletion

    • If you decide to delete data generated and stored in the course of using the service, the data will be promptly deleted or anonymized from the database based on your actions.
    • After the service agreement with the customer is terminated, customer data will be deleted. However, customer information, backup data, and log data will be stored for the following period.
    • We will store logs and backups of the data to the extent necessary for the stable operation of our services, such as to respond to malfunctions or prevent fraudulent use.

    The maximum retention periods for customer information, customer data, log data, backup data, etc. are as follows:
    1. Backup data
      • Stored for one year
    2. Log data
      • Stored for 2 years
    3. Customer data
      • Each data entry will be deleted after the specified period has elapsed.
        1. Sending history
          • Retention period: 14 days
        2. Action information (opening/clicking)
          • Retention period: 1 year
        3. Bounce Information
          1. API Mail
            • Retention period: 20 days
          2. Email relay
            • Retention period: 60 days

    4. Encryption method

    • All transmission and reception of personal information and personal-related information collected when using this service will be via SSL/TLS encrypted communications.
    • All customer information stored in the database (such as names, email addresses, and data used by each function) is encrypted at the disk level using standard GCP and AWS functions. Passwords are also irreversibly encrypted (hashed) and stored in the database.

    5. Backup method

    • All customer information stored in the database (such as name, email address, and data used for each function) is backed up daily and 35 generations of data are stored.
      However, we do not accept requests from customers regarding the restoration of backup data, etc.
    • Files uploaded to API Mail are stored in highly available cloud storage. Even if data becomes corrupted at one point, it will be automatically repaired using redundant data.

    6. Clock synchronization

    Logs provided within the service are provided in the time zone JST (UTC+9).
    The log times are synchronized with the Amazon Time Sync Service.

    7. Vulnerability Management

    API Mail undergoes regular vulnerability assessments of its web applications by third parties.
    We regularly collect vulnerability information regarding the operating system, middleware, and other components used in our systems.
    Furthermore, if vulnerability patches for components used in the system are released, they will be applied to the production environment after verification in a test environment.

    8. Security Guidelines

    • When developing systems, we follow industry standards and best practices for the languages ​​we use.
    • The development process is carried out in accordance with our internal coding standards.

    9. Information security education

    We provide necessary information security training, thoroughly inform employees about our basic policy and various regulations, and improve their literacy.

    10. Response in the event of an incident

    • For inquiries regarding information security incidents, please report them using the inquiry form below.
    • In the event of a security incident that affects you (such as data loss or prolonged system outage), we will contact you via your contracted email address or via a News on the administration screen, aiming to do so within 72 hours of the incident occurring.

    11. Inquiries regarding security, etc.

    For inquiries or reports regarding the following, please contact us using the inquiry form below.
    https://www.submit.ne.jp/apimail/contact
    To TOP