Sun&R.Lab LLC. (“we”) recognises the importance of personal information and handles it in accordance with Japan's Act on the Protection of Personal Information (APPI) and related laws. This policy describes how we handle information collected through the NEIGE & THÉ Maison site (https://neige-et-the.com, “the Site”) and related services.

1. Information We Collect · 取得する情報

We may collect the following information.

Newsletter subscriptions: email address, source identifier (an internal label indicating where the form was submitted), and timestamp. Stored in our Supabase subscribers table.
Contact form submissions: name, email address, subject (optional), message body, and timestamp. Stored in our Supabase contact_inquiries table (the IP address is stored as a hash).
Purchase / order information: name, email address, phone number, shipping address (postal code, prefecture, and full address), order contents (products, quantities, amount), and order timestamp. Stored in our Supabase orders, order_line_items, and customers tables.
Payment information: card numbers and related payment details are collected and processed directly by our payment processor, Stripe, Inc. (United States); our servers do not hold or store raw card numbers. From Stripe we receive only the payment outcome, transaction identifiers, and amount.
Order-confirmation token: to let you view your order securely, we email a single-use, time-limited (24-hour) magic link to the address used at checkout. The token used to validate that link, together with a copy of the email address, is stored in order_view_tokens and stops working after it expires.
Access logs and cookies: IP address (hashed by Vercel Analytics), browser type, referrer, page visited, timestamp, and cookie identifiers.
Administration and audit information: for site operations we record administrator access (action type, IP address, browser information, timestamp) as an audit log (admin_audit_log). This log is designed not to contain information that identifies you as an individual.

2. How We Use Information · 利用目的

We use the information collected for the following purposes.

Processing orders and payments, shipping products, and sending order-related communications (order confirmations, dispatch notices, etc.)
Customer support for orders, including returns, exchanges, and cancellations
Delivering the Newsletter and managing subscriptions
Replying to and following up on inquiries
Notifying allocation-list members at premier service, and offering limited editions / seasonal releases
Where you have consented, sending tailored offers for products and services (marketing purposes)
Statistical analysis to improve the Site
Detecting and preventing misuse, and operating the Site safely
Compliance with applicable law (including statutory retention of transaction records)

3. Data Retention · 保有期間

We retain information only as long as needed for its purpose.

Newsletter email addresses: deleted promptly upon unsubscribe. An unsubscribe link is included at the foot of every Newsletter email.
Contact form data: retained for up to five years after the inquiry has been resolved (unless a longer period is required by law), then deleted promptly.
Order and transaction records (orders / line items): retained in accordance with statutory record-keeping obligations under Japan's Corporation Tax Act and Electronic Books Preservation Act — in principle for seven years from the filing deadline of the fiscal year in which the transaction occurred. Information not subject to those obligations is deleted promptly once its purpose is fulfilled.
Order-confirmation tokens (order_view_tokens): expire 24 hours after issue; expired tokens are deleted periodically.
Administration / audit logs (admin_audit_log): retained for a limited period for safe operation and abuse detection, then deleted.
Access logs: retained per Vercel Analytics' standard retention period.

4. Third Parties · 第三者提供

We do not provide your information to third parties without your consent, except in the following cases.

When required by law
When necessary to protect a person's life, body, or property and consent is impractical
When provided to processors (database, hosting, email delivery, analytics) within the scope necessary to fulfil the stated purposes

Our principal processors are as follows.

Stripe, Inc. (payment processing · United States): processes card payments. Card data is collected directly by Stripe and handled in compliance with PCI DSS.
Supabase (database · United States / EU): stores Newsletter, Contact form, order, and customer data.
Vercel Inc. (hosting · Vercel Analytics · United States): serves the Site and provides aggregated analytics.
Resend (transactional email · United States): used to send transactional mail such as order confirmations, dispatch notices, and inquiry replies.
Notion Labs, Inc. (CRM · United States): for business (B2B) customers and partners only, we may link order and transaction information to a customer ledger in Notion. We do not currently link individual (B2C) customer information to Notion.

Cross-Border Transfer · 越境移転 (APPI Art. 28)

Of the processors above, Stripe, Vercel, Resend, and Notion are located in the United States, and Supabase in the United States / EU. Having these providers handle your personal data may constitute a “provision to a third party in a foreign country” under Article 28 of Japan's APPI. We take the necessary measures, including through contracts, so that these providers continuously maintain appropriate safeguards. Information about the personal-data protection regimes of the destination countries is available on request at the contact below.

5. Cookies · cookie および類似技術

The Site uses cookies and similar technologies via Vercel Analytics to understand usage and improve the Site. Vercel Analytics anonymises identifiers such as IP addresses before generating aggregated statistics. You may decline cookies through your browser, but some Site features may not work as a result.

For visitors in the European Economic Area (EEA), we handle analytics and marketing cookies in line with the GDPR's guidance.

6. Your Rights · お客様の権利

You may request access to, correction of, deletion of, or a suspension of use of your personal information. Where the GDPR applies, we additionally honour the rights to data portability and withdrawal of consent.

Newsletter unsubscribe: available at any time via the unsubscribe link in any Newsletter email.
Disclosure, correction, deletion, or suspension of order / customer / contact data: please contact contact@neige-et-the.com. We will verify identity and respond within a reasonable time. Note that for information subject to statutory retention (e.g. transaction records) we may decline deletion to the extent of that obligation.

7. Security · 安全管理措置

We employ organisational, human, physical, and technical safeguards to prevent leakage, loss, or damage to information. Measures include access control, encrypted (HTTPS) transport, confidentiality agreements with processors, and prompt deletion of information no longer needed.

8. Children · 子どもの情報

We do not knowingly collect personal information from children under 16. If we learn that we have collected such information without parental consent, we will delete it promptly.

9. Changes · 本ポリシーの変更

We may revise this policy in response to changes in law or service content. Material changes will be announced on the Site. Your continued use after such changes constitutes acceptance of the revised policy.

10. Contact · お問い合わせ窓口

For questions or requests regarding this policy, please contact:

Operator: Sun&R.Lab LLC.
Address: Niigata-shi, Niigata, Japan
Email: contact@neige-et-the.com
Contact form: /en/contact

Effective: 2026-05-07 · Last revised: 2026-05-28

PrivacyPolicy