SUPERNOVA Inc. Acquires Privacy Mark (P-Mark)
SUPERNOVA Inc. has acquired the Privacy Mark. Following their ISO/IEC 27001 certification in August 2025, this strengthens their security framework, allowing corporate clients to securely use their generative AI service, "Stella AI for Biz".
📋 Article Processing Timeline
- 📰 Published: April 23, 2026 at 20:13
- 🔍 Collected: April 23, 2026 at 11:31
- 🤖 AI Analyzed: April 24, 2026 at 02:07 (14h 35m after Collected)
SUPERNOVA Inc. (Headquarters: Minato-ku, Tokyo; CEO: Token Kimoto; hereinafter "the Company") has acquired the Privacy Mark (P-Mark) certified by the JIPDEC (Japan Information Processing Development Center). Following the ISO/IEC 27001 (Information Security Management System) acquired in August 2025, the addition of a third-party certification specialized in personal information protection has further strengthened our system, allowing corporate clients to use generative AI for their business operations with peace of mind.
■ Background of Acquiring the Privacy Mark
As the business use of generative AI expands, concerns such as "Will the inputted information be used for AI training?" and "Is personal information handled appropriately?" remain some of the biggest barriers for corporate clients considering its adoption.
The Company acquired ISO/IEC 27001 in August 2025 and has been preparing our information security management system. By acquiring the Privacy Mark (P-Mark), a third-party certification specifically focused on personal information protection, we believe that corporate clients can use our services with greater confidence from the perspectives of both information security and personal data protection.
■ Security Initiatives in "Stella AI for Biz"
In addition to acquiring third-party certifications, the Company implements multi-layered security measures from both service infrastructure and access management perspectives.
- Third-party Certification: ISO 27001:2022 Acquired (Guarantees the reliability of the management system by acquiring international information security management system certification)
- Third-party Certification (NEW): Privacy Mark (P-Mark) Acquired (A third-party organization certifies the system taking appropriate protection measures for personal information)
- Data Protection: Customer Data Protection (Protects confidentiality by not using customer data for training generative AI models)
- Data Protection: Data Encryption (Prevents the risk of information leakage from unauthorized access by encrypting stored data)
- Data Protection: Domestic Server Usage (Ensures domestic management of data by utilizing cloud servers located in Japan)
- Network Protection: WAF / IPS / IDS (Protects the service from external attacks by introducing a Web Application Firewall and an Intrusion Detection/Prevention System)
- Access Management: Single Sign-On (SSO) ★ (Tightens account management with SAML authentication Single Sign-On (SSO) linked with the company's existing ID management system)
- Access Management: Two-Factor Authentication ★ (Strengthens account security with multi-factor authentication via email)
- Access Management: IP Restriction ★ (Prevents unauthorized access by only allowing access from specified IP addresses)
- Access Management: Audit Logs (Realizes the detection and tracking of unauthorized access by allowing user authentication logs such as authentication results, methods, and IP addresses to be retrieved from the management screen)
★ These are not automatically applied and require configuration by the customer on the management screen.
■ Voices of Companies Actually Adopting the Service
NTT Docomo, Inc., Corporate Strategy Department, Business Development Office
"Stella AI for Biz has acquired the Privacy Mark (P-Mark) following ISO 27001, making it a service equipped with third-party certifications for both security and personal information protection. We believe that this backing of reliability is extremely important when promoting the business utilization of generative AI.
In our company, the accumulation and utilization of knowledge are steadily progressing through cross-departmental knowledge sharing utilizing prompt templates and RAG functions. Because we are a large organization, we feel the effects of group knowledge sharing even more strongly.
Also, we feel that the meeting minutes function, whose official version was released the other day, has a high degree of perfection. Features such as speaker separation in hybrid meetings (remote work and offline) and the registration of in-house unique terminology, combined with overwhelmingly high transcription accuracy compared to other services, significantly increase business efficiency because almost no correction effort is needed. We find it reassuring that these various functions can be used under a robust security environment.
We look forward to the speed of feature additions, becoming more convenient and efficient, and further promoting DX."
■ Future Outlook
The Company will prioritize preparing an environment where corporate clients can securely introduce and establish generative AI into their business. In addition to the continuous strengthening of our security system, we will proceed with feature development aligned with customers' business challenges, aiming for a generative AI service that is easy to use for people in any industry or company size.
Generative AI technology is evolving daily, and new services are being born one after another. We maximize the use of the latest technology and, by providing easy-to-use, high-quality services to our customers, act as a bridge connecting technology and people, for anyone
■ Background of Acquiring the Privacy Mark
As the business use of generative AI expands, concerns such as "Will the inputted information be used for AI training?" and "Is personal information handled appropriately?" remain some of the biggest barriers for corporate clients considering its adoption.
The Company acquired ISO/IEC 27001 in August 2025 and has been preparing our information security management system. By acquiring the Privacy Mark (P-Mark), a third-party certification specifically focused on personal information protection, we believe that corporate clients can use our services with greater confidence from the perspectives of both information security and personal data protection.
■ Security Initiatives in "Stella AI for Biz"
In addition to acquiring third-party certifications, the Company implements multi-layered security measures from both service infrastructure and access management perspectives.
- Third-party Certification: ISO 27001:2022 Acquired (Guarantees the reliability of the management system by acquiring international information security management system certification)
- Third-party Certification (NEW): Privacy Mark (P-Mark) Acquired (A third-party organization certifies the system taking appropriate protection measures for personal information)
- Data Protection: Customer Data Protection (Protects confidentiality by not using customer data for training generative AI models)
- Data Protection: Data Encryption (Prevents the risk of information leakage from unauthorized access by encrypting stored data)
- Data Protection: Domestic Server Usage (Ensures domestic management of data by utilizing cloud servers located in Japan)
- Network Protection: WAF / IPS / IDS (Protects the service from external attacks by introducing a Web Application Firewall and an Intrusion Detection/Prevention System)
- Access Management: Single Sign-On (SSO) ★ (Tightens account management with SAML authentication Single Sign-On (SSO) linked with the company's existing ID management system)
- Access Management: Two-Factor Authentication ★ (Strengthens account security with multi-factor authentication via email)
- Access Management: IP Restriction ★ (Prevents unauthorized access by only allowing access from specified IP addresses)
- Access Management: Audit Logs (Realizes the detection and tracking of unauthorized access by allowing user authentication logs such as authentication results, methods, and IP addresses to be retrieved from the management screen)
★ These are not automatically applied and require configuration by the customer on the management screen.
■ Voices of Companies Actually Adopting the Service
NTT Docomo, Inc., Corporate Strategy Department, Business Development Office
"Stella AI for Biz has acquired the Privacy Mark (P-Mark) following ISO 27001, making it a service equipped with third-party certifications for both security and personal information protection. We believe that this backing of reliability is extremely important when promoting the business utilization of generative AI.
In our company, the accumulation and utilization of knowledge are steadily progressing through cross-departmental knowledge sharing utilizing prompt templates and RAG functions. Because we are a large organization, we feel the effects of group knowledge sharing even more strongly.
Also, we feel that the meeting minutes function, whose official version was released the other day, has a high degree of perfection. Features such as speaker separation in hybrid meetings (remote work and offline) and the registration of in-house unique terminology, combined with overwhelmingly high transcription accuracy compared to other services, significantly increase business efficiency because almost no correction effort is needed. We find it reassuring that these various functions can be used under a robust security environment.
We look forward to the speed of feature additions, becoming more convenient and efficient, and further promoting DX."
■ Future Outlook
The Company will prioritize preparing an environment where corporate clients can securely introduce and establish generative AI into their business. In addition to the continuous strengthening of our security system, we will proceed with feature development aligned with customers' business challenges, aiming for a generative AI service that is easy to use for people in any industry or company size.
Generative AI technology is evolving daily, and new services are being born one after another. We maximize the use of the latest technology and, by providing easy-to-use, high-quality services to our customers, act as a bridge connecting technology and people, for anyone