Privacy Policy

Last updated: April 10, 2026

1. Introduction

This Privacy Policy describes how Soshi, Inc. ("Tomoji," "we," "us," or "our") collects, uses, and protects your personal information when you use:

By using our services, you agree to the collection and use of information as described in this policy.

2. Information we collect

2.1 Account information

When you sign up for Tomoji, we collect the information you provide during authentication, including your name, email address, and profile picture. We use WorkOS to manage authentication. We do not store your password — all credential handling is managed by WorkOS.

2.2 Content you create

We store content you create and manage through the dashboard, including draft posts, themes, editorial notes, and comments. This content is stored in our database powered by Convex.

2.3 Chrome extension data

The Tomoji Chrome extension collects and processes:

  • Authentication tokens — stored locally in your browser via chrome.storage.session and chrome.storage.local to maintain your sign-in state.
  • Team preference — your last-selected team is stored locally so the extension remembers your context.
  • Page interaction data — the extension interacts with the DOM on x.com and linkedin.com to fill composer fields and detect when you publish a post. When a post is published, the extension sends the publish status and the posted URL back to our servers so your content's status can be updated in the dashboard.

The extension does not read, collect, or transmit your browsing history, personal messages, or any content beyond what you explicitly choose to publish through Tomoji.

2.4 Contact and marketing information

When you submit a contact form on www.tomoji.com, we collect your name, email address, and any optional information you provide (such as LinkedIn URL, company website, and funding stage). This information is stored in Notion for our internal use and added to our mailing list via Loops.

2.5 Usage analytics

We use Google Analytics on our marketing website to understand traffic patterns. Google Analytics collects anonymized usage data such as pages visited, referral source, and device type. No analytics are collected within the Chrome extension or the dashboard.

3. How we use your information

We use the information we collect to:

  • Provide and maintain the Tomoji dashboard and extension
  • Authenticate you and keep your session active
  • Sync your content between the dashboard and Chrome extension in real time
  • Detect when content is published to X or LinkedIn and update its status
  • Respond to your inquiries and support requests
  • Improve our services based on general usage patterns

We do not use your information for advertising, profiling, or any purpose unrelated to providing the Tomoji service.

4. How we share your information

We do not sell, rent, or trade your personal information. We share data only with the following service providers who are necessary to operate Tomoji:

  • WorkOS — authentication and identity management
  • Convex — real-time database and backend infrastructure
  • Vercel — web application hosting
  • Google Analytics — anonymized marketing website analytics
  • Loops — email communications
  • Notion — internal contact management

Each provider processes data only as necessary to perform their service and is bound by their own privacy policies. We may also disclose information if required by law or to protect our legal rights.

5. Data storage and security

Your content and account data are stored on servers provided by Convex and Vercel, located in the United States. Authentication tokens in the Chrome extension are stored locally on your device and are only transmitted to Tomoji's own backend services for authentication purposes. They are never shared with third parties.

We use industry-standard security measures including encrypted connections (HTTPS/TLS), secure token handling, and access-controlled infrastructure. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Data retention

We retain your account data and content for as long as your account is active. If you request account deletion, we will delete your personal information and content within 30 days, except where we are required by law to retain it.

Contact form submissions are retained in our internal systems for business relationship management purposes.

7. Your rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Export your content data in a portable format
  • Withdraw consent for any processing based on consent

To exercise any of these rights, contact us at founders@tomoji.com.

8. Chrome extension permissions

The Tomoji Chrome extension requests the following browser permissions:

  • storage — to persist authentication tokens and user preferences locally
  • alarms — to periodically refresh authentication tokens and keep your session active
  • identity — to initiate the OAuth sign-in flow through your browser
  • Host access to x.com and linkedin.com — to inject the Tomoji side panel for browsing drafts, editing content, and filling the platform composer
  • Host access to dashboard.tomoji.com — to receive messages from the Tomoji dashboard (e.g., when you click "Create post")

The extension does not access any websites beyond those listed above. It does not monitor your browsing activity, read your personal messages, or collect any data outside of the Tomoji workflow.

9. Cookies

The Tomoji dashboard uses essential cookies for authentication and session management. Our marketing website uses Google Analytics cookies for anonymized traffic analysis. We do not use cookies for advertising or cross-site tracking.

10. Children's privacy

Tomoji is not directed at children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page. Your continued use of Tomoji after any changes constitutes acceptance of the updated policy.

12. Contact us

If you have any questions about this Privacy Policy or our data practices, please contact us: