Ships worldwide from 3 warehouses β€” Japan Β πŸ‡―πŸ‡΅Β  Β· USA Β πŸ‡ΊπŸ‡ΈΒ  Β· UK Β πŸ‡¬πŸ‡§
WeeBe
Home / Privacy

Privacy policy

This policy applies to customers outside Japan.

The service is offered under the following data-protection regimes: United Kingdom General Data Protection Regulation + Data Protection Act 2018, General Data Protection Regulation (EU 2016/679), and United States state privacy laws (composite). Sections below that depend on your residence are clearly marked.

1. Controller

The controller of personal data processed through new.weebe.net is Isekai Shujinko LLP.

  • Registered office: 128 City Road, London, EC1V 2NX, United Kingdom
  • Data-protection contact: office@weebe.net

2. Categories of personal data we collect

We collect the following categories of personal data in connection with the service:

  • Contact details (contact name, email, phone).
  • Shipping and billing addresses.
  • Order and purchase history.
  • Payment reference (processor transaction identifier).
  • Account email and authentication credentials.
  • Third-party sign-in tokens.
  • Affiliate commission and payout records.

3. Purposes of processing and lawful bases

We use personal data for the following purposes:

  • Account communications.
  • Order fulfilment.
  • Account support.
  • Tax jurisdiction determination.
  • Fraud risk scoring.
  • Account function (order history).
  • Support and returns.
  • Recommendations.
  • Fraud analytics.
  • Payment reconciliation.
  • Chargeback handling.
  • Authentication.
  • Account recovery.
  • Optional social integrations (MAL, AniList, Discord, YouTube, Twitch, Spotify, Twitter/X).
  • Creator sign-in on studio.
  • Viewer sign-in on companion and community.
  • VTuber affiliate commission tracking and payout.
  • Tax reporting.

For residents of the European Economic Area and the United Kingdom, we rely on one or more of the following lawful bases under Article 6 of the applicable GDPR: performance of a contract with you (GDPR Art. 6(1)(b)), compliance with our legal obligations (GDPR Art. 6(1)(c)), our legitimate interests (GDPR Art. 6(1)(f)), and your consent (GDPR Art. 6(1)(a)).

For residents of the United States, we process personal information under applicable state privacy laws on the basis of a permitted business purpose, performance of the commercial relationship with you, and compliance with legal obligations including tax and commercial record-keeping. We do not sell or share personal information and we do not process personal information for targeted advertising or profiling that produces legal or similarly significant effects.

4. Recipients and external processors

Personal data is disclosed to the following categories of recipients, in each case only to the extent they need the information to perform their service:

  • Companies within our group, for service delivery, quality assurance, research and product improvement, fraud prevention, and general business operations.
  • Payment processor.
  • Shipping carrier.
  • Transactional email provider.
  • Third-party sign-in provider.

We do not sell personal data. Where a recipient acts as our processor, it processes personal data only on our documented instructions under a written contract that requires equivalent safeguards to those set out in this policy.

5. International transfers

If you reside in the European Economic Area.

Where the controller for your data is established in Japan, transfers of personal data from the EEA to the controller in Japan take place under the European Commission's adequacy decision of January 2019 (Article 45 GDPR) and require no additional Chapter V safeguard.

Some processors operate outside the European Economic Area. Where they do, transfers are made under Chapter V of the GDPR β€” under an adequacy decision recognised by the European Commission, under Standard Contractual Clauses under Article 46(2)(c), under the EU-US Data Privacy Framework for certified recipients, or under another lawful transfer mechanism. The categories of recipient and the regions to which transfers may occur are:

  • Payment processor β€” United States, United Kingdom, Japan.
  • Shipping carrier β€” multiple regions worldwide.

A copy of the relevant safeguards is available on written request.

If you reside in the United Kingdom.

Where the controller for your data is established in Japan, transfers of personal data from the United Kingdom to the controller in Japan take place under the UK-Japan adequacy regulations and require no additional Chapter V safeguard.

Some processors operate outside the United Kingdom. Where they do, transfers are made under Chapter V of the UK GDPR β€” under an adequacy decision recognised by the United Kingdom, under the UK International Data Transfer Agreement, under the UK Addendum to the EU Standard Contractual Clauses, or under another lawful transfer mechanism. The categories of recipient and the regions to which transfers may occur are:

  • Payment processor β€” United States, European Economic Area, Japan.
  • Shipping carrier β€” multiple regions worldwide.
  • Transactional email provider β€” European Economic Area.

A copy of the relevant safeguards is available on written request.

6. Retention

We retain personal data only for as long as necessary for the purposes set out in this policy. Where more than one jurisdiction's retention floor applies to a category, we keep the data for the longer floor and delete or anonymise it thereafter:

  • Contact details (contact name, email, phone): retained for up to ten years where member-state commercial and tax record-keeping law so requires.
  • Shipping and billing addresses: retained for up to ten years where member-state commercial and tax record-keeping law so requires.
  • Order and purchase history: retained for up to ten years where member-state commercial and tax record-keeping law so requires.
  • Payment reference (processor transaction identifier): retained for up to ten years where member-state commercial and tax record-keeping law so requires.
  • Account email and authentication credentials: retained for up to four years after account closure, aligned to applicable United States state statutes of limitations on commercial contracts.
  • Third-party sign-in tokens: retained for up to four years after account closure, aligned to applicable United States state statutes of limitations on commercial contracts.
  • Affiliate commission and payout records: retained for up to ten years where member-state commercial and tax record-keeping law so requires.

Where a statutory retention period applies, we cannot delete data before that period expires. On closure of an account, data no longer subject to a statutory minimum is deleted or anonymised.

7. Your rights

Subject to the conditions set out in the applicable law, you have the right to request access to the personal data we hold about you, to request correction of inaccurate data, to request deletion of data that is no longer needed or that we are not otherwise required to retain, and to object to processing we carry out on the basis of our legitimate interests. You will not receive discriminatory treatment for exercising these rights.

Requests should be sent to office@weebe.net. We may ask for information reasonably necessary to verify your identity before responding.

If you reside in the United Kingdom

Under the UK GDPR you additionally have the right to restriction of processing (Article 18), to data portability (Article 20), to withdraw consent at any time where processing is based on consent, and in relation to automated decision-making including profiling (Article 22). You also have the right to lodge a complaint with the Information Commissioner's Office at https://ico.org.uk/make-a-complaint/.

If you reside in the European Economic Area

Under the GDPR you additionally have the right to restriction of processing (Article 18), to data portability (Article 20), to withdraw consent at any time where processing is based on consent, and in relation to automated decision-making including profiling (Article 22). You also have the right to lodge a complaint with a supervisory authority β€” in particular in the member state of your habitual residence, place of work, or of the alleged infringement (Article 77). A list of national supervisory authorities is available from the European Data Protection Board at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

If you reside in the United States

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Florida, Oregon, and other states with comprehensive privacy laws have the rights described above. Most of those laws exclude personal data processed in a business-to-business or employment context, which covers the majority of what we hold for commercial accounts. Where state law does not obligate a response, we still honor access, correction, and deletion requests on a good-faith basis.

We do not sell personal information, we do not share personal information for cross-context behavioral advertising, and we do not process personal information for targeted advertising or profiling that produces legal or similarly significant effects. Because we do not sell or share, the California "Do Not Sell or Share My Personal Information" link and the "Limit the Use of My Sensitive Personal Information" link are not required; we honor the Global Privacy Control browser signal in any event. If our posture changes, this policy will be updated and the statutory links will be added before any such processing begins.

California residents may reference the California Privacy Protection Agency at https://cppa.ca.gov/ for further information. An authorized agent may submit a request on your behalf; we may ask the agent for written authorization and may verify identity directly with you.

8. Automated decision-making

We do not make decisions that produce legal effects concerning you, or similarly significantly affect you, solely on the basis of automated processing within the meaning of Article 22 of the applicable GDPR. Automated systems may perform preliminary checks such as form validation, but do not themselves determine outcomes that produce legal or similarly significant effects. If solely automated decision-making is introduced in the future, this policy will be updated in advance and the safeguards required by Article 22 will be provided, including the right to obtain human intervention, to express your point of view, and to contest the decision.

9. Cookies and similar technologies

We use strictly necessary storage in your browser β€” a session identifier, your authentication state, and the contents of your current order basket β€” so the service functions. We do not use analytics, advertising, or cross-site tracking technologies.

Consent for strictly-necessary storage is not required under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (United Kingdom) or under Article 5(3) of the ePrivacy Directive as transposed in each EEA member state. If non-essential technologies are introduced in the future, your consent will be obtained in the manner the law requires before any such technology is deployed.

10. Children

The service is directed to adults. We do not knowingly collect personal data from children below the applicable minimum age for information-society services without the consent of a holder of parental responsibility.

For residents of the United States, the service is not directed to children under 13 (the federal COPPA threshold) and we do not knowingly collect personal information from anyone under 18 for commercial accounts.

Under Article 8 of the GDPR, the age of consent for information-society services is 16, or a lower age specified by the member state of the data subject within the range 13 to 16. Where we knowingly offer a service directly to a child below that age, we rely on the consent of the holder of parental responsibility.

Under the Data Protection Act 2018, the age of consent for information-society services in the United Kingdom is 13.

11. Contact

For any question about this policy, or about how we handle your personal data, please write to us at:

  • Isekai Shujinko LLP
  • 128 City Road, London, EC1V 2NX, United Kingdom
  • office@weebe.net

12. Changes to this policy

We may update this policy from time to time to reflect changes to the service or to applicable law. Where a change is material, it will be announced on the site before it takes effect. The date of the most recent update is shown below.

Last updated: 2026-04-24

ShopTVFeedVideosAccount
WeeBe
CtrlK
Sign In
Ships worldwide from 3 warehouses β€” Japan Β πŸ‡―πŸ‡΅Β  Β· USA Β πŸ‡ΊπŸ‡ΈΒ  Β· UK Β πŸ‡¬πŸ‡§
Home / Privacy

Privacy policy

This policy applies to customers outside Japan.

The service is offered under the following data-protection regimes: United Kingdom General Data Protection Regulation + Data Protection Act 2018, General Data Protection Regulation (EU 2016/679), and United States state privacy laws (composite). Sections below that depend on your residence are clearly marked.

1. Controller

The controller of personal data processed through new.weebe.net is Isekai Shujinko LLP.

  • Registered office: 128 City Road, London, EC1V 2NX, United Kingdom
  • Data-protection contact: office@weebe.net

2. Categories of personal data we collect

We collect the following categories of personal data in connection with the service:

  • Contact details (contact name, email, phone).
  • Shipping and billing addresses.
  • Order and purchase history.
  • Payment reference (processor transaction identifier).
  • Account email and authentication credentials.
  • Third-party sign-in tokens.
  • Affiliate commission and payout records.

3. Purposes of processing and lawful bases

We use personal data for the following purposes:

  • Account communications.
  • Order fulfilment.
  • Account support.
  • Tax jurisdiction determination.
  • Fraud risk scoring.
  • Account function (order history).
  • Support and returns.
  • Recommendations.
  • Fraud analytics.
  • Payment reconciliation.
  • Chargeback handling.
  • Authentication.
  • Account recovery.
  • Optional social integrations (MAL, AniList, Discord, YouTube, Twitch, Spotify, Twitter/X).
  • Creator sign-in on studio.
  • Viewer sign-in on companion and community.
  • VTuber affiliate commission tracking and payout.
  • Tax reporting.

For residents of the European Economic Area and the United Kingdom, we rely on one or more of the following lawful bases under Article 6 of the applicable GDPR: performance of a contract with you (GDPR Art. 6(1)(b)), compliance with our legal obligations (GDPR Art. 6(1)(c)), our legitimate interests (GDPR Art. 6(1)(f)), and your consent (GDPR Art. 6(1)(a)).

For residents of the United States, we process personal information under applicable state privacy laws on the basis of a permitted business purpose, performance of the commercial relationship with you, and compliance with legal obligations including tax and commercial record-keeping. We do not sell or share personal information and we do not process personal information for targeted advertising or profiling that produces legal or similarly significant effects.

4. Recipients and external processors

Personal data is disclosed to the following categories of recipients, in each case only to the extent they need the information to perform their service:

  • Companies within our group, for service delivery, quality assurance, research and product improvement, fraud prevention, and general business operations.
  • Payment processor.
  • Shipping carrier.
  • Transactional email provider.
  • Third-party sign-in provider.

We do not sell personal data. Where a recipient acts as our processor, it processes personal data only on our documented instructions under a written contract that requires equivalent safeguards to those set out in this policy.

5. International transfers

If you reside in the European Economic Area.

Where the controller for your data is established in Japan, transfers of personal data from the EEA to the controller in Japan take place under the European Commission's adequacy decision of January 2019 (Article 45 GDPR) and require no additional Chapter V safeguard.

Some processors operate outside the European Economic Area. Where they do, transfers are made under Chapter V of the GDPR β€” under an adequacy decision recognised by the European Commission, under Standard Contractual Clauses under Article 46(2)(c), under the EU-US Data Privacy Framework for certified recipients, or under another lawful transfer mechanism. The categories of recipient and the regions to which transfers may occur are:

  • Payment processor β€” United States, United Kingdom, Japan.
  • Shipping carrier β€” multiple regions worldwide.

A copy of the relevant safeguards is available on written request.

If you reside in the United Kingdom.

Where the controller for your data is established in Japan, transfers of personal data from the United Kingdom to the controller in Japan take place under the UK-Japan adequacy regulations and require no additional Chapter V safeguard.

Some processors operate outside the United Kingdom. Where they do, transfers are made under Chapter V of the UK GDPR β€” under an adequacy decision recognised by the United Kingdom, under the UK International Data Transfer Agreement, under the UK Addendum to the EU Standard Contractual Clauses, or under another lawful transfer mechanism. The categories of recipient and the regions to which transfers may occur are:

  • Payment processor β€” United States, European Economic Area, Japan.
  • Shipping carrier β€” multiple regions worldwide.
  • Transactional email provider β€” European Economic Area.

A copy of the relevant safeguards is available on written request.

6. Retention

We retain personal data only for as long as necessary for the purposes set out in this policy. Where more than one jurisdiction's retention floor applies to a category, we keep the data for the longer floor and delete or anonymise it thereafter:

  • Contact details (contact name, email, phone): retained for up to ten years where member-state commercial and tax record-keeping law so requires.
  • Shipping and billing addresses: retained for up to ten years where member-state commercial and tax record-keeping law so requires.
  • Order and purchase history: retained for up to ten years where member-state commercial and tax record-keeping law so requires.
  • Payment reference (processor transaction identifier): retained for up to ten years where member-state commercial and tax record-keeping law so requires.
  • Account email and authentication credentials: retained for up to four years after account closure, aligned to applicable United States state statutes of limitations on commercial contracts.
  • Third-party sign-in tokens: retained for up to four years after account closure, aligned to applicable United States state statutes of limitations on commercial contracts.
  • Affiliate commission and payout records: retained for up to ten years where member-state commercial and tax record-keeping law so requires.

Where a statutory retention period applies, we cannot delete data before that period expires. On closure of an account, data no longer subject to a statutory minimum is deleted or anonymised.

7. Your rights

Subject to the conditions set out in the applicable law, you have the right to request access to the personal data we hold about you, to request correction of inaccurate data, to request deletion of data that is no longer needed or that we are not otherwise required to retain, and to object to processing we carry out on the basis of our legitimate interests. You will not receive discriminatory treatment for exercising these rights.

Requests should be sent to office@weebe.net. We may ask for information reasonably necessary to verify your identity before responding.

If you reside in the United Kingdom

Under the UK GDPR you additionally have the right to restriction of processing (Article 18), to data portability (Article 20), to withdraw consent at any time where processing is based on consent, and in relation to automated decision-making including profiling (Article 22). You also have the right to lodge a complaint with the Information Commissioner's Office at https://ico.org.uk/make-a-complaint/.

If you reside in the European Economic Area

Under the GDPR you additionally have the right to restriction of processing (Article 18), to data portability (Article 20), to withdraw consent at any time where processing is based on consent, and in relation to automated decision-making including profiling (Article 22). You also have the right to lodge a complaint with a supervisory authority β€” in particular in the member state of your habitual residence, place of work, or of the alleged infringement (Article 77). A list of national supervisory authorities is available from the European Data Protection Board at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

If you reside in the United States

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Florida, Oregon, and other states with comprehensive privacy laws have the rights described above. Most of those laws exclude personal data processed in a business-to-business or employment context, which covers the majority of what we hold for commercial accounts. Where state law does not obligate a response, we still honor access, correction, and deletion requests on a good-faith basis.

We do not sell personal information, we do not share personal information for cross-context behavioral advertising, and we do not process personal information for targeted advertising or profiling that produces legal or similarly significant effects. Because we do not sell or share, the California "Do Not Sell or Share My Personal Information" link and the "Limit the Use of My Sensitive Personal Information" link are not required; we honor the Global Privacy Control browser signal in any event. If our posture changes, this policy will be updated and the statutory links will be added before any such processing begins.

California residents may reference the California Privacy Protection Agency at https://cppa.ca.gov/ for further information. An authorized agent may submit a request on your behalf; we may ask the agent for written authorization and may verify identity directly with you.

8. Automated decision-making

We do not make decisions that produce legal effects concerning you, or similarly significantly affect you, solely on the basis of automated processing within the meaning of Article 22 of the applicable GDPR. Automated systems may perform preliminary checks such as form validation, but do not themselves determine outcomes that produce legal or similarly significant effects. If solely automated decision-making is introduced in the future, this policy will be updated in advance and the safeguards required by Article 22 will be provided, including the right to obtain human intervention, to express your point of view, and to contest the decision.

9. Cookies and similar technologies

We use strictly necessary storage in your browser β€” a session identifier, your authentication state, and the contents of your current order basket β€” so the service functions. We do not use analytics, advertising, or cross-site tracking technologies.

Consent for strictly-necessary storage is not required under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (United Kingdom) or under Article 5(3) of the ePrivacy Directive as transposed in each EEA member state. If non-essential technologies are introduced in the future, your consent will be obtained in the manner the law requires before any such technology is deployed.

10. Children

The service is directed to adults. We do not knowingly collect personal data from children below the applicable minimum age for information-society services without the consent of a holder of parental responsibility.

For residents of the United States, the service is not directed to children under 13 (the federal COPPA threshold) and we do not knowingly collect personal information from anyone under 18 for commercial accounts.

Under Article 8 of the GDPR, the age of consent for information-society services is 16, or a lower age specified by the member state of the data subject within the range 13 to 16. Where we knowingly offer a service directly to a child below that age, we rely on the consent of the holder of parental responsibility.

Under the Data Protection Act 2018, the age of consent for information-society services in the United Kingdom is 13.

11. Contact

For any question about this policy, or about how we handle your personal data, please write to us at:

  • Isekai Shujinko LLP
  • 128 City Road, London, EC1V 2NX, United Kingdom
  • office@weebe.net

12. Changes to this policy

We may update this policy from time to time to reflect changes to the service or to applicable law. Where a change is material, it will be announced on the site before it takes effect. The date of the most recent update is shown below.

Last updated: 2026-04-24