F&Q

Neither. toani is the secure execution infrastructure that lets your Agent do what only you would dare to do — handling real credentials, staying within your policy, and establishing verifiable sessions on your behalf. Wallet signatures are made by the user's own wallet; KYC verification is handled by privacy-preserving technology (zero-knowledge verification provided by zkMe). toani ensures every Agent action stays within authorized scope, remains auditable, and is cryptographically verifiable.

No. toani Vault is a zero-trust credential execution environment for AI Agents. The key difference: decryption and credential use happen entirely inside an Intel SGX TEE enclave, so the Agent never sees plaintext credentials, and every access produces a tamper-proof audit record. Password managers let humans see passwords; toani Vault ensures Agents can use passwords without ever seeing them.

No. The L0 root key is sealed inside the SGX chip's hardware Sealing Key — it cannot be derived without the original hardware. Even if an attacker obtains the full database dump, they cannot decrypt any credential outside the enclave.

No. SGX is specifically designed to resist privileged adversaries, including the host OS, hypervisor, and cloud operators. Plaintext credentials only exist inside the EPC (Enclave Page Cache) and are inaccessible to the host OS.

Through Intel DCAP remote attestation, any caller can request toani to provide the enclave Quote, read MRENCLAVE (code measurement) from it, and compare with the officially published hash to independently verify the running code matches the public version.

All three products share the same three core security commitments: 1. Plaintext credentials are never visible to untrusted software 2. All key operations produce tamper-proof audit records 3. Execution can be independently verified The trust boundaries differ by design: • Vault: Single Intel SGX enclave — ideal for a small number of high-sensitivity credentials and high-value operations. • Control: Dual-hardware isolation (SGX + SEV-SNP + gVisor) — emphasizes "policy cannot be bypassed" and "execution is provable". • Facilitate: No TEE — uses AP2 / EIP cryptographic signature chains and KYT to enforce transaction compliance and budget boundaries. Does not hold traditional credentials.

toani achieves KYC compliance through zkMe's privacy verification capability — users' original KYC documents do not need to be uploaded to servers; only verifiable proofs are generated. toani Facilitate's KYT also uses the same real-time scanning mode. For specific compliance certifications (SOC 2 / ISO, etc.) status, please refer to the Architecture Overview or contact the business team.

The core approach is "data minimization + privacy-preserving verification": the user's sensitive data (KYC documents, credential plaintext) never leaves the user's device or the TEE boundary. Only verifiable assertions (e.g., "KYC passed", "not on sanctions list") are exposed externally. Detailed GDPR data processing information can be found in the DPA (Data Processing Agreement).

Two primary models: 1. Compute Fees: Based on TEE execution time and credential operations. Common pricing includes tiered pricing by call volume, weighted billing by resource consumption, or package billing aggregated by user/tenant. 2. Protocol Network Fees: For scenarios where toani infrastructure routes large-scale economic activities (e.g., DeFi/TradFi transactions, Agentic Commerce payments), we charge a very small percentage fee on economic activity secured through the network. Contact the sales team for specific pricing.

toani integrates with major frameworks via SDK / REST API / MCP Server, including (but not limited to): • LangChain • AutoGen • Custom orchestrators • Direct MCP integration with Claude / ChatGPT You can wrap toani's SDK as one or more "tools" in your Agent framework.

No. toani is offered as a managed service (SaaS). The underlying SGX / SEV-SNP hardware is operated by toani's infrastructure. Developers only need to call the SDK / API — no need to procure or maintain TEE hardware.