Privacy Policy

Last updated: 2026/04/11

Preamble

This is the Privacy Policy of the website: https://toani.ai. toani.ai is a brand of zkMe Technology Limited. Please note: Separated Privacy Policies may be available for the products offered by zkMe Technology Limited.

Privacy is one of our core values. zkMe Technology Limited (“we”, “us”, “our” or “toani”) respects your privacy. The Website collects and uses Personal Data as needed in order for us to provide you with top-notch websites, services, and support (collectively, our “Services”).

Our Services are specifically designed to minimize the amount of data that is collected about you (“you”, or “User”) and to remove the need for any central data storage or data sharing requirement. In order to interact with you and improve the Services, we do collect some information. Your personal data includes information such as:

  • Name
  • Address
  • Phone number
  • Email address
  • Other data (such as IP Address, interaction time, etc.) that could indirectly identify you

Our Privacy Policy will explain to you what data we collect, and how we use your personal data. It also describes how you can access, update, or otherwise take control of the personal data that we have collected from you. We, zkMe Technology Limited, take our responsibilities with regard to the requirements of CCPA and the EU GDPR very seriously.

1. Definitions

  • CCPA — the California Consumer Privacy Act of 2018, Civil Code sections 1798.100.
  • EU GDPR — the General Data Protection Regulation 2016/679 (GDPR) is a regulation in European Union (EU) law on data protection and privacy.
  • Consent — any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they signify agreement to the processing of their Personal Data.
  • Data Processor — zkMe Technology Limited where it processes personal data.
  • Data Subject — any Visitor whose Personal Data zkMe Technology Limited may process.
  • Personal Data — any information relating to an identified or identifiable Data Subject.
  • Personal Data Processing — any operation performed on Personal Data, whether or not by automated means.
  • AI Agent — any autonomous or semi-autonomous software program (including large language models, automated bots, and AI assistants) that interacts with our Services on behalf of a User.
  • TEE (Trusted Execution Environment) — a hardware-isolated secure enclave (e.g., Intel SGX) that processes sensitive data in an environment inaccessible to the host operating system, toani staff, or any third party.
  • Visitor — any individual using the Website and connected Services.
  • Website https://toani.ai

2. What Data Is Collected?

Your Personal Data is collected from you when:

  • You visit our Website;
  • You request assistance from our support team by filling out a contact form;
  • You complete surveys, subscribe to newsletters, or request other information from us;
  • You use our Services, including the toani Vault, toani Control, or toani Facilitate APIs and SDKs.

In order to deliver the best Services to you, we may collect the following information:

  • Visitor Personal Data — may be collected upon your explicit Consent when you interact with the Website (e.g., by filling out contact forms). The information collected may include your full name, email address, job description, and contact phone number. Additionally, technical data such as IP address, domain name, browser type, and general geographic location may be collected.
  • Service Usage Data — is automatically collected when you interact with our Services. This information may include data about your interactions with features, content, and links, time of interaction, browser configuration, operating system, and IP address. While none of this data will directly identify you, some can be used to approximate your location.
  • API Usage Data — when you use toani APIs (Vault, Control, Facilitate), we collect API request metadata including timestamps, endpoints called, and response codes for service quality and security monitoring purposes. We do not access or store the contents of credentials managed through toani Vault.
  • AI Agent Interaction Data — when AI Agents access our Services via APIs, SDKs, or MCP Server, we collect metadata about the agent’s requests (such as agent identifiers, permission scopes requested, and action types). Credentials and secrets handled by the AI Agent are processed exclusively within the TEE and are never exposed to toani’s application layer, logs, or staff.

We do not process any Special Categories of Personal Data.

3. How We Use Data

We strongly believe in minimizing the data we collect. We will only use your data when we have been given permission to do so, when it is needed to deliver the Services, or for legal compliance or other lawful purposes. These usages include:

  • Improve and optimize the performance of our Services
  • Identify and investigate security risks, errors, and needed enhancements
  • Detect and prevent fraud and abuse of our Services
  • Collect statistics about the use of our Services
  • Analyze how you use our Services and which are most relevant to you

Most of the data that we collect is statistical data about how people use our Services and is not linked to any Personal Data.

Sharing with Third-Party Processors. We may share your personal data with affiliated companies within our corporate family and with trusted third-party processors for tasks such as delivering communications, analyzing service usage, and managing customer relationships. These third parties are prohibited from using your data for any other purpose.

Website Analytics. We use various third-party web analytics tools to collect information on how you interact with our website. This data does not include personal data such as names, addresses, or email addresses.

We process Personal Data under §28 of the EU GDPR. We ensure that no Personal Data is used for any purposes incompatible with the aforementioned ones. We do not sell Personal Data and strictly comply with restrictions under CCPA and the EU GDPR.

No AI Model Training on Your Data. toani does not use your Personal Data, credentials, API keys, or any content processed through our Services to train, fine-tune, or improve artificial intelligence or machine learning models. Your data is used solely to deliver and operate the Services as described in this Policy.

TEE Data Isolation. Credentials and secrets stored via toani Vault are processed exclusively within Intel SGX Trusted Execution Environments. This data never leaves the hardware enclave in plaintext and is inaccessible to toani’s own servers, employees, or any third-party processor. Only the authorized AI Agent or User who deposited the credential can trigger its use, subject to policies configured via toani Control.

Automated Processing Transparency. Our Services enable AI Agents to perform automated actions (e.g., signing transactions, invoking third-party APIs) on your behalf within the TEE. These automated processes are governed by the access policies you configure. No automated profiling or decision-making as defined under Article 22 of the EU GDPR is performed by toani on your Personal Data.

4. How We Secure and Retain Data

We adhere to the principles of personal data protection as envisaged in CCPA and the EU GDPR. In accordance with these principles, Personal Data is:

  • Processed fairly and lawfully and in a transparent manner
  • Processed for specified, explicit and legitimate purposes only
  • Adequate, relevant and limited to what is necessary
  • Kept accurate and up to date
  • Retained for no longer than is necessary for the purposes
  • Processed in a manner that ensures appropriate security
  • Not transferred outside the EEA without adequate protection

toani employs hardware-level security measures, including Intel SGX Trusted Execution Environments (TEE), to ensure that sensitive credential data processed through our Vault service is isolated and protected at the hardware level. Encrypted credentials are sealed to the enclave and can only be decrypted inside the TEE — not by toani’s infrastructure, cloud provider, or any external party.

When AI Agents interact with credentials through toani Facilitate, all operations (signing, API calls, authentication) are executed within the TEE. The resulting outputs (e.g., a signed transaction) are returned to the Agent, but the underlying secret material never leaves the enclave.

5. Your Data Subject Rights

You may contact our Data Protection Officer (DPO) for any reason through our contact form or via the following email address: [email protected].

As the Data Controller, we respect and guarantee the following rights of each Data Subject:

  • Right to obtain confirmation as to whether personal data are being processed (§15 GDPR)
  • Right to rectification (§16 GDPR)
  • Right to erase Personal Data (§17 GDPR)
  • Right to restrict personal data processing (§18 GDPR)
  • Right to be informed (§19 GDPR)
  • Right to data portability (§20 GDPR)
  • Right to object (§21 GDPR)
  • Right not to be subject solely to automated processing (§22 GDPR)
  • Right to lodge a complaint (§77 GDPR)

Any request to delete personal data is fulfilled within 30 days, subject to our legal and contractual record-keeping requirements.

6. Changes to This Privacy Policy

This Privacy Policy is constantly reviewed and amended in order to provide appropriate compliance with CCPA and the EU GDPR. We will notify you of any material changes by posting the updated policy on this page.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at: [email protected]

Privacy Policy | toani