Skip to content

Shirofune Security and Privacy Policy

Last updated: March 2025
Shirofune is committed to protecting our customers' data and upholding the highest standards of security and privacy across our platform. This policy outlines our approach to data protection, system integrity, and operational resilience.

1. Governance and Commitment

・We maintain a structured governance framework led by a Chief Information Officer (CIO).
・Company-wide information security policies are reviewed regularly.
・All employees and contractors undergo annual security training.
・Access to customer data is managed via approval workflows and documented procedures.
・We perform ongoing compliance reviews and risk assessments based on industry standards.

2. Data Security and Privacy Measures

Encryption
・Data in transit is encrypted with TLS 1.2 or higher.
・Data at rest is encrypted using AES-256.
・Backups are encrypted and stored on AWS high-durability systems.
Data Protection Tools
・AWS CloudTrail, GuardDuty, Config, Macie, and IAM policies ensure data protection, threat detection, and resource compliance.
Privacy Controls
・Customer data is never shared without explicit consent.
・Users may request data access, correction, or deletion, subject to verification.
Data Portability and Deletion
・Upon account cancellation, all customer data is exported or securely deleted.

3. System Availability and Disaster Recovery

・Shirofune maintains 99.93% uptime.
・Services are deployed across multiple AWS Availability Zones for redundancy.
・Daily backups are retained for 30 days and encrypted.
・In case of major outages, services are restored using backups or failover systems.
Monitoring & Incident Response
・Real-time monitoring of system health, performance, and threats.
・Internal alerts are sent within minutes; users are notified based on severity.

4. Access Control and Monitoring

・Role-Based Access Control (RBAC) and least privilege principles are enforced.
・Google SSO is supported; more providers are planned.
・OAuth 2.0 is used for secure integration with ad platforms.
・Activity logs include timestamps, user actions, and IPs, retained indefinitely.
・Endpoints are protected by antivirus and managed under secure configuration policies.

5. Cloud Infrastructure and Compliance

・Hosted fully on Amazon Web Services (AWS) in Japan.
・Architecture aligns with AWS Well-Architected Framework.
・Each team operates in logically isolated environments.
Security Features
・IAM, KMS, WAF, AWS Shield, CloudTrail, CloudWatch, and GuardDuty are in use.
・Daily encrypted backups are stored on Amazon S3.
・Real-time performance monitoring and automated scaling ensure availability.

6. Contact Information

For questions or requests related to security and privacy:
Shirofune Security Team
📧 support@shirofune.com

🌐 https://shirofune.com

Ready to streamline
your ad operations?

No credit card required.
Cancel anytime.

Start Free Trial

Let our team help you get started with confidence.

Request a Demo