Privacy

Privacy policy

This section explains the information acquired by Tokiawase, the data handled in Google Calendar / Microsoft Teams / Zoom / Webex integration, purpose of use, storage period, and how to contact us.

Last updated date: June 6, 2026

Operator


business operatorClass Act Co., Ltd.
location7F SH Building, 2-9-9 Shinkawa, Chuo-ku, Tokyo 104-0033
Contact informationtokiawase@classact.co.jp

Information to obtain


  • We collect your name, email address, tenant, authentication status, etc. for account registration, login, identity verification, and notifications.
  • When you log in with Google or integrate Google Calendar, we obtain your Google account identifier, email address, and agreed OAuth scope.
  • To continue linking with Google Calendar, the access token, refresh token, and expiration date are encrypted and saved. Do not display client secret or token on screen, logs, or issues.
  • To calculate candidate dates, get the busy time zone from the Google Calendar FreeBusy API. It is used only for the period and calendar ID necessary for determining free time.
  • For reservation confirmation, Google Meet URL issuance, and host preview, we may handle event title, start/end time, participant email address, created event ID, event URL, etc.
  • When linking meetings with Microsoft Teams, Zoom, Webex, etc., obtain the consented external service account identifier, email address, and granted OAuth scope.
  • To issue the meeting URL, we encrypt and save the OAuth access token, refresh token, and expiration date for Microsoft Teams, Zoom, and Webex. Do not display client secret or token on screen, logs, or issues.
  • Since the meeting URL is issued by the user's explicit operation, it handles the minimum information necessary to create a meeting, such as the event title, start/end time, time zone, created meeting ID, and join URL.
  • For security, auditing, and failure investigation purposes, we may obtain IP addresses, user agents, operation dates and times, request IDs, audit logs, and error logs.

Purpose of use


  • For Tokiawase registration, login, session management, MFA, identity verification, and account protection.
  • To collate the schedules of participants and hosts and present candidate dates, 1on1 reservation slots, and AND adjustment candidates.
  • To create confirmed events in Google Calendar and, if necessary, issue a Google Meet URL based on your explicit actions.
  • To save and display the URL for creating meetings and joining Tokiawase events in the user's selected Microsoft Teams, Zoom, or Webex account.
  • To prevent unauthorized use, manage privileges, audit logs, investigate failures, and maintain service quality.
  • To respond to inquiries, notify important notices, and changes to terms of use and policies.

Handling of Google user data


  • Tokiawase's use of information obtained from Google APIs and transfer to other applications is subject to the Google API Services User Data Policy (including Limited Use requirements).
  • Information obtained from the Google API is used only to provide Google Calendar integration features enabled by the user, such as scheduling, checking availability, creating schedules, and issuing Google Meet URLs.
  • If the user cancels the link, the saved token will be invalidated and deleted, and Tokiawase will no longer access the Google Calendar.
  • Google does not use user data for advertising, sales to third parties, or profiling purposes unrelated to the user.
  • Google user data may only be viewed by a person at the explicit request of a user, when necessary to investigate failures or abuse, comply with regulations, or for aggregated, non-personally identifiable internal operations.
  • We do not use Google user data to develop, improve, or train AI/machine learning models unrelated to Tokiawase's user-facing features.

Handling of conference collaboration data


  • Microsoft Teams, Zoom, and Webex integrations require only the OAuth scope necessary to verify the connection account and issue the user-selected meeting URL.
  • OAuth tokens for Microsoft Teams, Zoom, and Webex are encrypted and stored and are not displayed on screens, logs, issues, PRs, or documents.
  • The Create Meeting API is called only for confirmed appointments or for meeting publishing operations that are explicitly selected by the user.
  • Tokiawase does not capture or store Microsoft Teams, Zoom, or Webex recordings, transcriptions, chat history, participant behavior analysis, or organization management data.
  • If the user cancels the link, the saved token will be invalidated and deleted, and Tokiawase will no longer access the conference provider.

Manage/delete by user


  • External integrations such as Google Calendar, Microsoft Teams, Zoom, and Webex can be canceled at any time from the Tokiawase integration settings screen. After cancellation, the saved token will be invalidated and deleted.
  • You can also revoke Tokiawase access from the "Third-party apps and services" screen on your Google account.
  • Requests for deletion of external linkage data, OAuth token, and account information will be accepted at tokiawase@classact.co.jp.
  • If we receive a request for account deletion or suspension of use, we will delete or anonymize the subject data within a reasonable period of time, except to the extent necessary for laws and regulations, audits, and measures to prevent unauthorized use.

Third party services/contractors


Google APICommunicate with Google's APIs based on user consent for Google Sign-In, Google Calendar API, and Google Meet URL issuance.
Microsoft GraphCommunicate with the Microsoft Graph API based on user consent for Microsoft Teams meeting URL issuance and connection account verification.
Zoom APICommunicate with Zoom API based on user consent to issue Zoom meeting URL and confirm connection account.
Cisco Webex APICommunicate with the Cisco Webex API based on user consent for Webex meeting URL issuance and connection account verification.
Google AnalyticsWe use Google Analytics for anonymous usage analytics to improve the site. Measurement runs only after you consent via the cookie banner, IP addresses are anonymized, and no personally identifying information, events, or tokens are sent.
Infrastructure/operation outsourcingIn order to provide services, maintain, monitor, and provide security, we may use infrastructure operating environments and subcontractors to the extent necessary.

Retention period and deletion


  • OAuth tokens will be stored for the period necessary to provide functions during collaboration, and will be deleted upon cancellation of collaboration, withdrawal, or deletion requests, except to the extent required by law or audit.
  • Audit logs, security logs, and failure investigation logs will be retained for the period necessary to prevent unauthorized use, internal controls, and comply with laws and regulations.
  • Requests for disclosure, correction, suspension of use, or deletion of personal data will be responded to within a reasonable period of time after identity verification.

inquiry


  • We accept inquiries regarding personal information or Google Calendar linked data, deletion requests, and consultations regarding cancellation of linkage.
  • Contact: tokiawase@classact.co.jp