Privacy Policy — V Workforce

Effective 2026-04-27 · Operator: AID Japan, Niseko, Japan · contact: caesarniseko@gmail.com

V Workforce ("we", "the Service") is an AI-assistant platform that delivers AI workers (V, Iris, Nova, Maya, Alex, Ken, Sherly) to small businesses through messaging surfaces (WhatsApp, LINE, web). This page explains what we collect, why, and your rights.

1. What we collect

• Identifiers: your messaging-platform user id (e.g. WhatsApp phone number, LINE userId). We hash these (SHA-256, first 12 hex chars) before any logging or analytics — raw ids never leave the dispatcher.
• Message content: the text + attachments you send. Used to route to the relevant AI persona and produce a reply. We do not sell or share message content with third parties for advertising.
• Connected-account data: when you authorise our Google integration (Iris's Gmail/Calendar features), we store an OAuth refresh token at file mode 600 on our servers, scoped to the minimum required Google API scopes (gmail.readonly, calendar.events, userinfo.email).
• Receipt images: when you upload a receipt to Alex (accounting persona), the image is sent to Anthropic Claude vision for OCR. The image is not retained by V Workforce after parsing.

2. Third-party processors

We rely on the following processors to operate the Service:

• Meta Platforms (WhatsApp Cloud API): messaging delivery
• LINE Corporation (Messaging API): messaging delivery
• Anthropic (Claude API): natural language + vision processing
• Stripe: payment processing for paid persona subscriptions
• Google: Gmail + Calendar API (only when you have explicitly connected your Google account)

3. How long we retain data

• Hashed-user audit logs: 30 days, then auto-purged
• Session state (your active persona, conversation context): cleared on disconnect or 30-day idle
• OAuth tokens: until you revoke at myaccount.google.com/permissions or message cancel in chat
• Stripe billing records: per Stripe's retention policy (typically 7 years for tax)

4. Your rights

You can:

• Revoke Google access at any time via myaccount.google.com/permissions
• Cancel a paid persona via the Manage subscription link in chat → instant Stripe portal
• Request data deletion by emailing caesarniseko@gmail.com — we'll purge within 30 days
• Disable WhatsApp / LINE delivery by blocking the bot's number / unfollowing the official account

5. Security

All session and token files use Unix mode 600 (owner read/write only). Outbound HTTP is restricted via host-allowlist (SSRF lock) to our explicit processor list. Webhook payloads from Meta and LINE are signature-verified (HMAC-SHA256 against the channel secret) before any processing.

6. Changes

If we materially change this policy, we'll notify you in the chat surface where you interact with us before the change takes effect.

7. Contact

caesarniseko@gmail.com · AID Japan, Niseko, Hokkaido, Japan