Privacy Policy

Effective Date: April 30, 2026 · Contact: arbitra-info@doctors-inc.jp

This Privacy Policy explains how Arbitra (operated by Doctors Inc., "we," "our," "us") collects, uses, shares, and protects your personal information when you visit our website or use our medical coordination services.

We are a Japan-incorporated company providing cross-border medical coordination services to residents of the United States. Because we are based in Japan but serve US residents, this policy is designed to satisfy both United States privacy laws (including state-level laws in California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Florida, and others) and Japan's Act on the Protection of Personal Information (APPI).

🇯🇵 Japanese-language APPI disclosure: A Japanese-language version of this policy, structured according to the requirements of Japan's APPI, is available in Japanese here. The English version below is the primary user-facing document; the Japanese version exists for APPI regulatory compliance.

1. Who We Are

Trade name: Arbitra
Operating entity: Doctors Inc. (ドクターズ株式会社) · Japan
US entity: Doctors Holdings, Inc. · 222 Broadway, Floor 22, New York, NY 10038
Japan address: PMO Hamamatsucho II 5F, 2-3-6 Shibakoen, Minato-ku, Tokyo 105-0011, Japan
Representative: Dr. Takao Yanagawa, MD — Neurosurgeon, President and CEO
Contact: Privacy contact: arbitra-info@doctors-inc.jp
Date of establishment: September 26, 2016 (Arbitra service launched 2026)

We are a medical coordination service operating under Doctors Inc. (Japan) and Doctors Holdings, Inc. (New York, USA), founded and led by board-certified neurosurgeon Dr. Takao Yanagawa, MD. We are not a licensed healthcare provider, hospital, clinic, or medical professional. We connect US residents with independent Japanese hospitals and physicians.

2. Information We Collect

2.1 Information you provide at the registration / inquiry stage

Full name
Email address
Country of residence (we serve US residents only)
Procedure or condition of interest (general category, e.g. "knee replacement")
Optional: an estimate received from a US provider

2.2 Information we collect at later engagement stages (with separate, specific consent)

If you proceed beyond the initial inquiry, we will request additional information at the moment it becomes necessary, with separate disclosures and consent at each step:

Detailed medical history, diagnoses, and treatment plans
Medical records, imaging, and laboratory results
Mailing address, phone number, emergency contact
Travel and scheduling preferences

Some of this information is sensitive personal information under both US state laws and Japan's APPI. We collect such data only with your explicit, informed consent at the time it is requested, and only to the extent necessary to coordinate your care.

2.3 Information collected automatically

IP address (and approximate location derived from it)
Browser type, operating system, device information
Pages visited, time on page, referring URL
Information from cookies and similar technologies (see Section 7)

3. How We Use Your Information

We use the information we collect for the following specific purposes (our stated purpose of use under APPI):

To respond to your inquiry, provide consultation, and prepare cost estimates
To match you with appropriate Japanese hospital partners for your condition
To coordinate your treatment journey, including travel logistics and interpretation
To communicate with you about your inquiry and our services
To comply with legal obligations under US and Japanese law
To protect our rights, prevent fraud, and ensure the security of our service
To improve our website and service quality (using aggregated, non-identifying data)
With your separate opt-in consent, to send promotional communications

We will not use your personal information for purposes materially different from those listed above without first notifying you and, where required by law, obtaining your consent.

4. How We Share Your Information

4.1 Japanese hospital partners

To provide our coordination service, we share relevant medical and personal information with our Japanese hospital partners. This sharing requires your explicit consent and is requested at the time we are ready to send your case to a specific hospital — not at the registration stage.

4.2 Service providers (data processors)

We use the following categories of third-party service providers, each of whom is contractually bound to protect your information and use it only for the services they provide to us:

Function	Provider	Location
Website hosting	Amazon Web Services (AWS)	Japan
Analytics	Google Analytics	Japan
Email delivery	Gmail (Google Workspace)	Japan

4.3 Legal and safety disclosures

We may disclose your information when required by law, court order, or government request; to protect the safety of any person; to investigate fraud or violations of our terms; or in connection with a corporate transaction (merger, acquisition, asset sale) where we will require the recipient to honor this policy.

4.4 We do not sell your personal information

We do not sell your personal information to third parties for monetary consideration, and we do not engage in cross-context behavioral advertising or "share" personal information for targeted advertising in the manner defined by California's CCPA/CPRA. See your rights below.

5. Cross-Border Data Transfers

Because we are a Japanese company providing services to US residents, your personal information will be transferred across international borders.

5.1 From the United States to Japan

When you submit information through our website, your data may be received and stored on servers located in Japan, the United States, or both. By using our service, you understand that your information will be processed in accordance with this Privacy Policy regardless of where it is stored.

5.2 Cross-border transfers to US-affiliated entities (APPI Article 28)

Our service providers are primarily Japan-based. However, two recipients are incorporated in the United States, which constitutes a cross-border transfer under APPI Article 28:

Doctors Holdings, Inc. (New York, USA) — our US affiliate, which may receive personal data as part of business operations. As a related entity, it is subject to the same data handling standards as Doctors Inc.
Google LLC (United States) — the parent company of Google Analytics and Gmail (Google Workspace). While data is processed on Japan-region servers, Google LLC is a US-incorporated entity. Information about the US data protection environment is published by Japan's Personal Information Protection Commission at www.ppc.go.jp. Google LLC participates in the EU-US Data Privacy Framework and maintains contractual data protection measures.

6. Sensitive Health Information — Special Handling

Health information is treated as sensitive personal information under US state privacy laws and as sensitive personal information under APPI Article 17.

6.1 Federal HIPAA — important note

We are not a HIPAA "covered entity" (we are not a healthcare provider, health plan, or healthcare clearinghouse) and we are not generally a HIPAA "business associate." HIPAA's protections therefore do not directly apply to most of the information we hold. Health information we receive is protected by the security measures described in Section 11 of this policy and by your rights as described in Sections 8 and 9.

6.2 Washington My Health My Data Act (MHMDA)

If you are a Washington State resident, you have specific rights regarding your "consumer health data," including the right to confirm whether we are collecting it, the right to access and delete it, and the right to withdraw consent. We do not sell consumer health data and do not use geofencing around healthcare facilities.

6.3 Nevada SB 370

If you are a Nevada resident, you have similar rights under Nevada's consumer health data law. We do not sell your consumer health data.

6.4 Connecticut, Maryland, and other state health-data provisions

Several states have specific provisions for health data within their general privacy laws. Your rights under these laws apply automatically and are described in Section 9.

7. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

Strictly necessary cookies: Required for the website to function (e.g., session management, form submission). These cannot be disabled.
Analytics cookies: We use Google Analytics to understand how visitors use our site. Google Analytics sets cookies to collect aggregated, anonymised information about how the site is used. You can opt out via Google's opt-out tool or your browser settings.
Advertising cookies: We may use Meta and Google advertising pixels to measure the effectiveness of our advertising. If we do, we will provide a cookie banner allowing you to opt out, and we will honor Global Privacy Control (GPC) signals from your browser.

You can control cookies through your browser settings. Disabling certain cookies may affect site functionality.

8. Your Rights — All US Users

Regardless of which US state you live in, you have the following rights:

Right to know: Request a copy of the personal information we hold about you
Right to correct: Request correction of inaccurate information
Right to delete: Request deletion of your personal information (subject to legal exceptions)
Right to opt out of sale or sharing: Although we do not sell or share data for behavioral advertising, you may submit an opt-out request as a precaution
Right to withdraw consent: Withdraw any consent previously given for processing
Right to non-discrimination: We will not discriminate against you for exercising your rights

To exercise any of these rights, email arbitra-info@doctors-inc.jp. We will verify your identity before responding and aim to respond within 45 days (with one 45-day extension if necessary, as permitted by law).

9. Your Rights — State-Specific Provisions

9.1 California (CCPA/CPRA)

California residents have the rights listed in Section 8, plus:

Right to limit the use of sensitive personal information
Right to opt out of automated decision-making (we do not currently use automated decision-making with legal effects)
Right to designate an authorized agent to make requests on your behalf

We do not sell personal information or share it for cross-context behavioral advertising under the CCPA/CPRA. We have not done so in the prior 12 months.

9.2 Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Florida (and other comprehensive state privacy laws)

Residents of these states have substantially the same rights as listed in Section 8. Some states additionally provide a right to appeal a denial of your request — you may exercise this right by replying to our denial email or contacting us at the address below.

9.3 How we verify your identity

Before responding to a rights request, we will ask you to verify your identity (typically by confirming information you have already provided, such as the email address used to submit your inquiry). We do this to protect your information from unauthorized access.

10. APPI — Japanese Law Disclosures

Because we are a Japanese company, Japan's Act on the Protection of Personal Information (個人情報の保護に関する法律, "APPI") applies to our handling of your data, regardless of where you live. The disclosures below summarize our APPI obligations in English; a Japanese-language version is available here.

10.1 Retained personal data — APPI Article 32

Under APPI Article 32, we are required to make the following items "knowable" to data subjects regarding retained personal data:

Business operator name and address: See Section 1 above
Representative: See Section 1 above
Purpose of use: See Section 3 above
Procedure for disclosure / correction / cessation requests: See Section 8 above and Section 13 below
Where to file complaints: See Section 13 below
Security measures: See Section 11 below

10.2 Sensitive personal information — APPI Article 17

We do not collect sensitive personal information (including medical history) without your explicit, prior consent. At the LP/registration stage, we do not collect such information; we collect only general procedure interest. Sensitive medical information is collected only at later engagement stages, with specific consent at that time.

10.3 Provision to third parties — APPI Article 27

We provide your personal data to third parties (specifically, Japanese hospital partners) only with your prior consent. Provision to service providers acting as our processors does not require separate consent under APPI but is subject to our oversight and contractual data protection obligations.

10.4 Provision to third parties in foreign countries — APPI Article 28

See Section 5.2 above. Cross-border transfers are limited to our US affiliate (Doctors Holdings, Inc.) and Google LLC (parent of our analytics and email providers). Contractual data protection measures are in place with both.

10.5 Personal-related information — APPI Article 31

To the extent we share cookie identifiers, IP addresses, or similar information with third parties who may combine them with personal data, we obtain consent or rely on appropriate legal grounds as required by APPI Article 31.

11. Data Security and Retention

11.1 Security measures

We implement organizational, physical, and technical security measures designed to protect your personal information, including:

Organizational: Internal privacy policies, designated privacy officer, regular staff training, incident response procedures
Personnel: Confidentiality obligations on all employees and contractors, role-based access controls
Physical: Restricted access to facilities and devices that store personal information
Technical: HTTPS/TLS encryption in transit, encryption at rest where applicable, access logging, regular security review of systems and vendors

No method of internet transmission or electronic storage is 100% secure. We will notify you of a security breach affecting your personal information as required by applicable US state law and APPI's breach notification requirements (Article 26).

11.2 Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

The duration of your inquiry or service relationship with us
A reasonable period thereafter to respond to follow-up inquiries, resolve disputes, and enforce our agreements
Any longer period required by applicable law (for example, tax and accounting record retention obligations under Japanese law)

When personal information is no longer needed for these purposes, we will delete or anonymize it.

12. Children's Privacy

Our services are not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it promptly. If you believe a child has provided us with information, please contact us at the address below.

13. How to Contact Us / Exercise Your Rights

For privacy-related questions, data requests, or complaints, please visit our Contact page.

If you are not satisfied with our response, you may also contact an independent authority:

Japan — Personal Information Protection Commission (個人情報保護委員会): www.ppc.go.jp
US — Federal Trade Commission: www.ftc.gov

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a new "Last Updated" date. For material changes, we will notify you by email at least 30 days before the change takes effect, where practical.