Sign in Subscribe

Privacy Policy

How DLKR handles your data. Covers data collection, storage, and your rights under APPI, GDPR, and CCPA.

Last updated: March 29, 2026

Overview

DLKR Inc. ("I," "me," "my") is a Kabushiki Kaisha (K.K.) registered in Japan.

Registered address: 3F Yazawa Building UFC, 3-1-9 Shibuya, Shibuya-ku, Tokyo 150-0002, Japan

I provide brand strategy services and publish a newsletter with related digital content for clients and subscribers worldwide, primarily in the United States. This privacy policy explains how I collect, use, store, and protect your personal information.

This policy applies to all visitors, subscribers, and clients who interact with my website (thedlkr.com), my newsletter and digital content, my client portal, and any platforms I use to deliver those services.

I collect and use personal information for the following purposes: delivering brand strategy services and digital content, managing newsletter subscriptions, communicating about projects and orders, processing payments, improving my website and services, and meeting legal obligations. Details on each are below.

Information I collect

Information you provide directly:

  • Name and email address (when you subscribe to my newsletter, contact me, book a call, or place an order)
  • Business information (company name, website URL, social media profiles) submitted through intake forms
  • Information about your business, product, team structure, brand challenges, and working preferences submitted through service intake forms
  • Payment information (processed securely by third-party providers — I don't store credit card details)
  • Files, documents, or materials you share as part of a service engagement or through intake form uploads
  • Questions and comments posted on articles as part of a paid membership
  • Call recordings (Google Meet, recorded only with your explicit permission)

Information collected automatically:

  • First-party, cookie-free analytics data collected by Ghost's native analytics (pages visited, time on site, referral source, unique visitors within 24-hour windows). When you're logged in as a member, Ghost may record which posts you view to improve your experience and help me understand which content is most useful. This data is never shared with third parties.
  • Cookies used by embedded tools (booking widgets, payment forms) — see Cookies section below
  • IP address and general location data
  • Device and browser information
  • Access logs for member-only content during your active membership

Information from third-party platforms:

  • Ghost CMS, hosted by Magic Pages (newsletter subscriptions, content delivery, member activity tracking)
  • AgencyHandy.com (client portal, orders, invoicing, intake form submissions)
  • Cal.com (scheduling)
  • Stripe, PayPal, or Wise (payment processing for consulting services)
  • Google Meet (video calls, recorded only with your explicit permission)
  • Google Workspace (email, document storage and collaboration)

Each of these platforms may collect additional data about you automatically — including IP address, device information, and usage behavior — according to its own privacy policy. I've linked each provider's policy below for your reference. My use of your data from these platforms is limited to the purposes described in this policy.

How I use your information

I use your personal information to:

  • Deliver the services you've purchased
  • Manage your newsletter subscription and deliver digital content
  • Communicate with you about your project, questions, or account
  • Process payments and send invoices
  • Improve my website and services
  • Send relevant updates (only with your consent — you can unsubscribe at any time)
  • Meet legal obligations
  • Prepare for engagements using your intake form responses (e.g., reviewing your brand's online presence before a kickoff call)
  • Answer member questions through article comments
  • Reference the general nature of our engagement (industry, type of work) in portfolio or marketing materials — without identifying you by name, unless you grant written permission (see Terms of Service for details)

I don't sell your personal information to third parties. I don't use your information for automated decision-making or profiling.

For California residents: I don't sell or share your personal information as those terms are defined under the CCPA/CPRA.

Legal basis for processing

Japan (APPI): I process your personal information based on your consent and as necessary to fulfill our service agreement, in accordance with the Act on the Protection of Personal Information.

EU/EEA (GDPR): For individuals in the European Economic Area, I rely on the following legal bases under the General Data Protection Regulation:

  • Contractual necessity (Article 6(1)(b)) — to deliver services you've purchased and process related payments
  • Consent (Article 6(1)(a)) — for marketing communications and call recordings
  • Legitimate interest (Article 6(1)(f)) — to improve my website, prevent fraud, and protect my legal rights

You may withdraw consent at any time without affecting the lawfulness of processing that occurred before withdrawal.

United States: I comply with applicable state privacy laws. California residents may have additional rights under the CCPA/CPRA (see Your Rights section below).

Cookies

My website uses only essential cookies — those required for the site and embedded tools (booking widgets, payment forms) to function. I don't use any third-party analytics or advertising cookies.

Website analytics are handled by Ghost's native analytics, which are first-party and cookie-free. They don't use cookies or any form of persistent browser storage to identify visitors across sessions, browsers, or devices. Instead, Ghost counts unique visitors within 24-hour windows. This data is never shared with third parties.

Essential cookies include those used by the Ghost membership system to keep you logged in and deliver content based on your membership tier.

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of booking widgets and payment forms.

Data sharing

I share your information only with third-party service providers necessary to deliver my services:

  • Ghost CMS (hosted by Magic Pages) — Newsletter hosting, subscription management, content delivery, member activity tracking, and first-party cookie-free website analytics
  • AgencyHandy.com — Client portal, order management, invoicing
  • Cal.com — Scheduling
  • Stripe / PayPal / Wise — Payment processing for consulting services
  • Google Workspace — Email, video calls, document storage

Each provider has its own privacy policy. I select providers that maintain reasonable security standards.

I may also share information if required by law or to protect my legal rights.

Under Japan's APPI, sharing your data with these service providers falls within the "entrustment of handling" exception (Article 27(5)(i)). I remain responsible for overseeing how these providers handle your data on my behalf.

Data storage and security

Your data is stored on servers operated by the third-party platforms listed above. These servers may be located in Japan, the United States, the European Union, or other countries. Ghost CMS is hosted by Magic Pages, with servers in the European Union (Germany).

I take reasonable steps to protect your information: encrypted connections (HTTPS), secure passwords, and limited access to personal data. No method of electronic transmission or storage is completely secure.

Cross-border data transfers:

Your personal data may be transferred to and processed in countries outside Japan, including the United States (where most service providers are based). These countries may have different data protection standards than Japan.

Under Japan's APPI (Article 28), I'm required to inform you that:

  • Your data may be transferred to the United States, the European Union, and other countries where my service providers maintain servers
  • The Personal Information Protection Commission (PPC) has recognized certain jurisdictions, including the EU/EEA and the UK, as having equivalent data protection standards to Japan. For transfers to other countries (including the United States), I rely on confirming that each service provider maintains data protection measures that meet the standards required by APPI
  • Each provider listed in the Data Sharing section above maintains security practices and data handling policies that I've reviewed for adequacy

Under the GDPR, for any personal data transferred from the EEA, I rely on the European Commission's adequacy decision for Japan (where applicable) and Standard Contractual Clauses for transfers to countries without an adequacy decision.

Data retention

I keep your personal information only as long as necessary to fulfill the purposes described in this policy, or as required by law:

  • Client project files and communications: Retained for 5 years after project completion, then deleted
  • Payment records: Retained as required by Japanese tax law (typically 7 years)
  • Website analytics data: Retained in anonymized form
  • Newsletter subscriber information: Retained until you unsubscribe
  • Marketing contact information: Retained until you unsubscribe
  • Intake form submissions: Retained for 5 years after the related service is completed, then deleted
  • Call recordings: Retained for 6 months after the related service is completed, then deleted — unless you request earlier deletion
  • Digital content access logs (member-only content): Retained for the duration of your subscription, then deleted within 90 days of cancellation
  • Member comments on articles: Stored and retained by Ghost CMS (hosted by Magic Pages) for the duration of your membership. Comments are visible to other paid members. You can request deletion of your comments at any time.

You can request deletion of your data at any time (see Your Rights below).

Some data may need to be retained beyond your deletion request where required by law (for example, payment records under Japanese tax law). In those cases, I'll explain what's being retained and why.

Data breach notification

If I become aware of a data breach that affects your personal information and is likely to harm your rights or interests, I'll:

  • Notify you by email as promptly as possible, describing what happened and what data was involved
  • Report the breach to the Personal Information Protection Commission (PPC) in Japan as required by APPI
  • Where applicable, notify relevant supervisory authorities under GDPR (within 72 hours) or comply with state breach notification laws in the United States

Your rights

Depending on your location, you may have the following rights:

  • Access — Request a copy of the personal information I hold about you
  • Correction — Request correction of inaccurate information
  • Deletion — Request deletion of your personal information
  • Restriction — Request that I limit how I use your information
  • Portability — Request a copy of your data in a portable format
  • Objection — Object to certain types of processing
  • Withdraw consent — Withdraw consent at any time where processing is based on consent

Japan (APPI): You have the right to request disclosure, correction, addition, deletion, or cessation of use of your personal information. You may also request disclosure of records related to third-party provision of your data. These rights apply under the Act on the Protection of Personal Information as amended.

EU/EEA (GDPR): You have the rights listed above and the right to lodge a complaint with a supervisory authority in your country.

California (CCPA/CPRA): You have the right to know what personal information is collected and how it's used, request correction of inaccurate information, request deletion, and opt out of the sale or sharing of personal information. I don't sell or share personal information. You also have the right not to be discriminated against for exercising your privacy rights.

To exercise any of these rights, contact me at [email protected]. I'll respond within 30 days.

To protect your privacy, I may need to verify your identity before fulfilling a request. I'll explain the verification process when you contact me.

Children's privacy

My services aren't directed at individuals under the age of 18. I don't knowingly collect personal information from minors. If I learn that I've collected information from a minor, I'll delete it promptly.

Changes to this policy

I may update this privacy policy from time to time. Changes will be posted on this page with an updated date. For significant changes, I'll notify you by email or through a notice on my website.

Contact

If you have questions about this privacy policy or how I handle your data:

Email: [email protected]

DLKR Inc.
3F Yazawa Building UFC, 3-1-9 Shibuya, Shibuya-ku, Tokyo 150-0002, Japan