Privacy Policy
Effective date: March 22, 2026
1. Overview
Ichiba Tech, Inc. ("Ichiba Tech," "we," "us," or "our") operates the ichiba.tech marketplace. This Privacy Policy describes what personal data we collect, how we use it, who we share it with, and your rights regarding that data. By using our Platform, you agree to the practices described here.
2. Data We Collect
Account data
When you register, we collect your email address and passkey credential (a public key stored on our servers; your private key never leaves your device). We do not collect passwords.
Organization data
When you create or join an organization, we collect the organization name, your role within it, and the list of members and their access levels.
Listing and transaction data
We store the infrastructure listings you create and the details of any purchases made through the Platform, including buyer/seller organizations, listing specifications, and pricing.
Payment data
Payment information is collected and processed directly by Stripe. We receive and store only a payment reference and billing status.
Buyer credentials
Some sellers require cloud provider credentials (such as AWS access keys) to provision resources on your behalf. When required, you enter these credentials in the app. They are stored encrypted in our database per buyer organization and seller organization pair, and are transmitted to the relevant seller's gateway at the time of purchase. They are not stored by Ichiba Tech beyond what is necessary for provisioning and are deleted when you remove them or your organization is deleted.
Purchase access details
After a purchase is provisioned, the seller's gateway returns access credentials for the provisioned resource (such as SSH keys, IAM user credentials, or connection strings). These are stored encrypted in our database and displayed only to the purchasing organization. They are retained for the life of the active purchase.
Usage data
We collect server logs (IP addresses, request timestamps, client information) and product analytics about how users interact with the Platform.
3. How We Use Your Data
- Operate the Platform — to provide marketplace functionality, process transactions, and authenticate users.
- Communications — to send transactional emails such as email verification, purchase confirmations, and billing notifications.
- Product analytics — to understand usage patterns and improve the Platform.
- Security and fraud prevention — to detect and respond to abuse and security incidents.
- Legal compliance — to comply with applicable laws and enforce our Terms of Use.
We do not sell your personal data. We do not use your data to serve advertising.
4. Data Sharing and Sub-processors
We share data with the following service providers. Each has signed a Data Processing Agreement with Ichiba Tech:
| Provider | Purpose | Data shared |
|---|---|---|
| Railway | Cloud hosting and database | All Platform data |
| Stripe | Payment processing and billing | Payment and billing data |
| Resend | Transactional email delivery | Email address and message content |
Buyer credentials are also transmitted to the seller's gateway operator at the time of purchase. Seller gateways are operated by third-party sellers, not by Ichiba Tech. Credentials are transmitted over TLS and are used solely to provision the resource described in the listing. Ichiba Tech is not responsible for how seller gateway operators handle credentials after receipt.
We may also disclose personal data if required by law or to protect the rights or safety of Ichiba Tech, our users, or the public.
5. Data Retention
- Account and organization data — retained for the life of your account, then deleted or anonymized within 30 days of deletion.
- Transaction and billing records — retained for 7 years to meet legal requirements.
- Application logs — retained for 90 days.
- Backups — overwritten on a 30-day rolling schedule.
6. Security
All data is encrypted in transit using TLS. Data at rest is encrypted by our hosting provider. Access to production systems is restricted to authorized personnel, protected by MFA, and reviewed regularly. If customer data is confirmed or suspected to have been exposed, affected users will be notified within 72 hours of discovery.
7. Your Rights
Depending on your location, you may have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — request correction of inaccurate data.
- Deletion — request deletion of your account and associated data, subject to legal retention requirements.
- Portability — request your data in a machine-readable format.
- Objection — object to certain processing activities.
To exercise any of these rights, email privacy@ichiba.tech. We will respond within 30 days.
8. Cookies
The Platform uses a session cookie for authentication. We do not use third-party tracking or advertising cookies. The session cookie is essential and cannot be disabled without logging out.
9. Children
The Platform is intended for business use and is not directed at individuals under 18. We do not knowingly collect data from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email. Continued use of the Platform after updates are posted constitutes your acceptance.
11. Contact
For privacy inquiries or to exercise your rights, contact us at privacy@ichiba.tech.
Ichiba Tech, Inc.
Incorporated in Delaware, United States