Cookie Policy
Last Updated: April 1, 2026
Section 1. General Overview
This Cookie Policy explains how SmoothQ uses cookies, browser storage, and similar identification technologies. We use these technologies only to the extent reasonably necessary for continuity of user experience, authentication safety, settings retention, anti-abuse controls, and related service operation, and we seek to provide transparency regarding external transmission and available controls. This Policy should be read together with our Privacy Policy.
Section 2. Scope
This Policy applies to cookies and browser-side storage used on the public site, authentication-related endpoints, inquiry and login pages, map display functions, and other portions of the Service where information may be stored on a user's device. Once a user leaves SmoothQ and interacts with another website or service, the policies of that external destination govern its own cookie practices.
Section 3. Definitions
In this Policy, "Cookie" means a small piece of data stored in the user's browser, while "web storage" means localStorage or similar browser-provided storage areas. "External transmission" means the transmission of information relating to the user device, browsing behavior, identifiers, or other related data to our servers or to third-party servers. Some cookies expire when the browser session ends, while others remain for a defined period.
Section 4. Legal Positioning
We distinguish between categories of cookie-related information by taking into account Japanese concepts under the Act on the Protection of Personal Information and the external transmission rules under the Telecommunications Business Act. Technologies that are essential for authentication, security, and settings retention are used as part of service provision. If we introduce optional analytics, advertising, experimentation, or other non-essential technologies in the future, we will implement appropriate notice, control, and, where required, consent handling.
Section 5. Technologies We Currently Use
As of April 1, 2026, the Service primarily uses: (i) HTTP cookies for authentication continuity, (ii) cookies for CSRF protection, (iii) localStorage for display preference retention such as font size, (iv) localStorage for login-related token retention in certain user flows, (v) localStorage values for wait-time refresh state, and (vi) communications to external map tile providers. Optional third-party advertising cookies or persistent behavioral analytics cookies are not generally deployed on the public site at this time.
Section 6. Essential Authentication Cookies
The Service may use the "smoothq_auth_token" cookie for authenticated or administrative functions. Its baseline configuration is HTTP Only, SameSite=Strict, Secure in production, and a maximum validity period of 24 hours. This cookie is used to maintain login state and confirm access privileges. If a user blocks or deletes this cookie, authenticated functions or protected areas may not work correctly.
Section 7. Security Cookies
We may issue the "__Host-csrf-token" cookie to support anti-CSRF protections for state-changing requests. This cookie is generally retained for up to 24 hours, uses SameSite=Strict as a baseline, and is compared with a request header value to reduce forged request risk. If the cookie is rejected or deleted, certain form submissions or state-changing actions may fail for security reasons.
Section 8. Use of Browser Storage
In addition to cookies, the Service may use localStorage for values such as "access_token," "refresh_token," "fontSize," and wait-time refresh timestamps. These values are used to preserve login convenience in certain flows, maintain user display preferences, and control refresh-related behavior. Because localStorage can remain on the device until removed by the browser user, users on shared devices should log out and clear browser storage as appropriate after use.
Section 9. External Transmission
When map functionality is used, communications to OpenStreetMap tile infrastructure may transmit the user's IP address, browser information, requested URL, and similar network-level information required to render the map. If a user intentionally follows external SNS share links, facility websites, or other external destinations, those third parties may separately set cookies or collect information under their own policies. For external transmissions we control, we seek to disclose the destination, categories of information, and purpose within a reasonable scope.
Section 10. Consent, Choice, and Controls
The technologies ordinarily deployed on the Service at this time are used mainly for authentication continuity, security, and settings retention. If we later introduce optional analytics, advertising, or experimentation technologies, we will provide category-based explanations, controls, settings management, and consent or opt-out mechanisms as appropriate. Users may reject or delete cookies through their browser settings, but doing so may impair authentication, inquiry submission, preference retention, or security-related functions.
Section 11. Retention Periods
Retention varies depending on the purpose of the cookie or storage item. Authentication and CSRF cookies are generally configured with a maximum retention period of 24 hours and may expire earlier on logout or deletion. localStorage values may remain until the user clears them or the application overwrites them. Users of shared devices should take particular care to clear locally stored data after use.
Section 12. Browser-Side Management
Most major browsers allow users to control cookie acceptance, delete existing cookies, define per-site exceptions, and use anti-tracking features. However, disabling all cookies or browser storage on a blanket basis may prevent login, inquiry submission, settings retention, CSRF protection, or similar functions from working as intended. Where possible, we provide guidance on the expected impact of such controls, but detailed browser procedures depend on the browser vendor.
Section 13. Policy Updates
We may revise this Policy when laws change, technologies are added or removed, external transmission destinations change, or optional cookies are introduced. Material changes will be communicated through the Service and, where required, may involve renewed consent or settings review. The updated version becomes effective on the date shown on this page unless otherwise stated.
Section 14. Contact
If you have questions about cookies, external transmission, retention periods, browser controls, or locally stored data, please contact us using the contact point below. We aim to explain the relevant data categories, technical necessity, and expected consequences of disabling the relevant technology in a manner understandable to users.
Operator
JPSM Group Supervising Operations Executive: Haruki Ogasawara Locations: Tokyo / Okayama / Ibaraki Contact: contact@smoothq.jp
SmoothQ: https://smoothq.jp/