Privacy Policy

Tokylo (“Tokylo,” “we,” “us,” or “our”) operates the website www.tokylo.com, the application at app.tokylo.com, and related products and services (collectively, the “Service”).

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. If you have questions, email privacy@tokylo.com.

We collect three categories of information:

• Information you provide. When you create an account or fill out a form, we collect your name, email address, company, password (hashed), and any content you choose to add to your workspace (contacts, deals, notes, files).
• Automatically-collected information. We log IP address, browser type, device, referring URL, pages visited, timestamps, and basic usage events (e.g. logins, feature usage). We use this for security, debugging, and product analytics.
• Information from connected services. If you connect a third-party channel (Line, Telegram, WhatsApp, email, calendar), we receive the data those services send us — messages, sender names, message timestamps. We act as the data processor for that data on your behalf.

We use personal information to:

• Provide, secure, and improve the Service
• Authenticate you and protect your account
• Respond to support requests and send service-related notifications
• Comply with legal obligations
• Detect, prevent, and respond to fraud, abuse, or security incidents

We do not sell your personal information. We do not use your customer data to train AI models that benefit other customers.

We share information only in these limited cases:

• Sub-processors. We use a small set of vetted vendors to operate the Service — for example, our infrastructure provider (Hetzner Cloud), email delivery (Emailit), and error monitoring (Sentry). A current list is available on request.
• Legal requirements. We may disclose information if required by law, subpoena, or valid court order.
• Business transfers. If Tokylo is acquired or merged, your information may be transferred as part of that transaction. We will notify you before this happens.
• With your consent. Anything else only with your explicit permission.

We retain personal information for as long as your account is active, plus a short period for backup, legal, and accounting purposes (typically 90 days). You can request deletion of your account at any time by emailing privacy@tokylo.com. Deletion takes effect within 30 days, except for data we are required by law to retain.

Depending on your jurisdiction (GDPR, CCPA, APPI, PIPL), you have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Delete your information
• Export your information in a portable format
• Object to or restrict certain processing
• Withdraw consent

To exercise any of these rights, email privacy@tokylo.com. We respond within 30 days.

We use industry-standard technical and organisational safeguards to protect your information — TLS encryption in transit, encryption at rest, hashed passwords, role-based access controls, and continuous infrastructure monitoring. No system is 100% secure; if we discover a breach affecting your data we will notify you within 72 hours.

Tokylo's primary infrastructure is hosted in the European Union (Hetzner Cloud). If you access the Service from outside the EU, your information will be transferred to and processed in the EU. We rely on Standard Contractual Clauses for cross-border transfers where required.

Tokylo is a B2B product not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact privacy@tokylo.com.

We use essential cookies to keep you signed in and a small number of analytics cookies to understand usage patterns. You can disable non-essential cookies in your browser settings. We do not use third-party advertising or retargeting cookies.

We may update this policy. Material changes will be announced by email and via the Service. The “Last updated” date below reflects the most recent version.

Questions, complaints, or data-rights requests: email privacy@tokylo.com.