Privacy Policy

Last modified: April 25, 2023

Our security measures

We at Tokibot respect your data privacy and are strongly committed to keeping secure any data we are provided. Below are several best practices we have implemented to protect your data. This policy explains how we handle your personal data and the measures we take to protect it.

1. Personal Information You Provide

We collect personal information that you voluntarily provide to us when you use our services or communicate with us.

Account Information

When you create an account, we collect information such as your name, contact details, account credentials, and transaction history. This helps us manage your account and provide our services effectively.

User Content

When you use our services, especially our AI data scientist features, we collect the personal information included in the input, file uploads, or feedback you provide. This “Content” is necessary for us to deliver accurate and relevant analysis.

Communication Information

If you communicate with us via email, chat, or other methods, we collect your name, contact information, and the contents of your messages to assist you better.

Personal Information We Collect Automatically

When you visit or use our services, we automatically receive certain information about your device and usage.

Log Data

Our servers automatically record information like your IP address, browser type, date and time of your request, and how you interact with our services. This helps us monitor security and improve our services.

Usage Data

We collect information about how you use our services, such as the content you view, features you use, actions you take, and your time zone and country. This data helps us understand user preferences and enhance your experience.

Device Information

We receive information about the device you use to access our services, including the device name, operating system, device identifiers, and browser type.

Cookies

Our vendors use cookies to store information and improve your experience. Cookies are small data files stored on your device. You can adjust your browser settings to manage cookies. For more details, please visit

Analytics

We use analytics tools, like Facebook Pixel and PostHog, to understand how users interact with our services. This helps us measure the effectiveness of our advertising and make informed decisions to improve our services.

How We Use Your Information

We use your personal information for various purposes, including:

  • Providing Services: To operate, maintain, and provide you with our services, including our AI data scientist features.
  • Improving Services: To understand how users interact with our services and make improvements.
  • Communication: To respond to your inquiries, provide support, and share updates.
  • Security: To monitor and protect the security of our services, including storing IP addresses to prevent misuse by spam or threat agents.
  • Compliance: To comply with legal obligations and enforce our agreements.

Data Storage and Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

  • Conversations and Prompts: Stored as long as the conversation exists and is not deleted by you. You have full control over deleting your conversations.
  • Temporary File Storage: Files you upload are stored temporarily—for one hour for free users and up to seven days for paid users.
  • Payment Information: We do not store sensitive payment information; our payment provider, Stripe, handles this securely.

Sharing Your Information

We do not sell your personal information. We may share your information with:

  • Service Providers: Trusted third-party vendors who assist us in operating our services, such as payment processing through Stripe.
  • Legal Requirements: When required by law or to protect our rights and safety.

Your Choices and Rights

You have control over your personal information and can:

  • Access and Update: Access and update your account information at any time.
  • Delete Conversations: Delete your conversations and prompts when you choose.
  • Manage Cookies: Adjust your browser settings to manage cookies.
  • Opt-Out: Opt-out of certain data collection and use, such as analytics tracking.

Security Measures

We implement various security measures to protect your personal information, including:

  • Access Control: Strictly controlling and monitoring employee access to user data.
  • Audit Logging: Implementing automated audit logs to track data queries.
  • Employee Training: Requiring annual privacy training for all employees.

2. Privacy Officer Oversight

Our designated Privacy Officer oversees all aspects of privacy compliance. They maintain our policies and processes and conduct annual privacy assessments with our engineering staff to identify and mitigate potential security vulnerabilities.

3. Internal Audits

We perform regular audits of our data handling practices, including protocols from our Data Management and Retention Policy. These audits assess compliance with privacy laws and internal policies and are part of our annual SOC 2 compliance evaluation.

4. Data Inventory Management

We maintain and regularly update a detailed data inventory that documents all stored data, its purpose, necessity, and storage location.

5. Access Control and Monitoring

We respect your privacy and ensure that you have control over your data:

  • User Access: You can view and manage your own conversations within your account.
  • Limited Employee Access: Authorized employees will only access your conversations to resolve incidents, assess system performance, resolve bugs or when required by applicable law.

6. Employee Training and Awareness

All employees are required to complete an annual privacy awareness training program provided by a certified third-party security vendor. We track completion rates as a key performance indicator (KPI).

7. Data Minimization and Retention

  • We store only data that is essential for providing our services and ensuring security.
  • Data retention periods are clearly defined, with options for users to control deletion of their data.
  • Upon request, we perform thorough data cleaning, including removal from external vendor storage.

8. Vendor Management

  • We exclusively use vendors that are security and compliance certified.
  • All vendors undergo a validation process before engagement.
  • We maintain a comprehensive tracker of all vendors, detailing their purpose, data storage practices, and risk levels.

9. Privacy by Design

We integrate privacy considerations into the design and development of all new business processes, products, and services. Data Protection Impact Assessments are conducted as part of our regular development lifecycle.

10. Incident Response

We have comprehensive policies in place for handling privacy incidents, documented in our security and compliance management platform.

11. Governance Reviews

Our privacy governance policies are reviewed annually or when significant regulatory changes occur to ensure continued compliance.

12. Key Performance Indicators (KPIs)

We monitor the effectiveness of our data governance through KPIs such as:

  • Data breach occurrences
  • Employee training compliance rates
  • Results of internal and external audits
  • Number and nature of data subject requests
  • Vendor compliance rates

13. Reporting

The Privacy Officer presents regular reports on data governance and privacy compliance to senior management, highlighting areas of risk, compliance gaps, and initiatives for improvement.

14. Continuous Improvement

We conduct periodic reviews and leverage insights from audits and annual training to continuously enhance our privacy practices.

15. Regulatory Compliance

This privacy policy is regularly reviewed and updated to ensure ongoing compliance with international, national, and industry-specific privacy regulations.

  • Secure access controls. Files are stored temporarily to user specific temporary workspaces which are deleted after an hour of inactivity.
  • Containerized Sandbox execution. Even our Python code execution environments are sandboxed by user.
  • Default encryption at rest. All data sources that are connected to Julius are protected by encryption at the storage layer using the Advanced Encryption Standard (AES) algorithm, AES-256.
  • Complete control. Whenever you delete a data source, all traces of the data are completely erased from our servers.

OpenAI’s API data policy

Our main service provider, OpenAI, mirrors our dedication to data security. OpenAI employs best-in-class technical protections and maintains robust encryption for data security in transit. Below, you’ll find more about how OpenAI’s security measures work to protect your information.

  • OpenAI will not use data submitted via their API to train or improve their models.
  • Any data sent through to OpenAI via their API will be retained for abuse and misuse monitoring purposes for a maximum of 30 days, after which it will be deleted (unless otherwise required by law).
  • The OpenAI API is SOC 2 Type 2 compliant and has been audited by an independent third-party auditor against the 2017 Trust Services Criteria for Security.

For more information on OpenAI’s API data privacy and security measures, you can read their API data usage policies. If you are interested in data privacy information regarding the data sent to ChatGPT through our plugin, you can view OpenAI’s privacy policy for its consumer applications here.

Anthropic’s API data policy

Anthropic is another service vendor of ours. Similar to OpenAI, Anthropic also does not use data sent to their API to train their model. If you are interested in diving into Anthropic’s privacy policy further, you can read it in full here.

Gemini’s API data policy

Google retains Gemini Apps activity data for up to 18 months by default. While Google uses data to improve their services, they state that they do not directly train on individual prompts. However, human reviewers may read and process prompts and outputs for quality improvement. For Google Cloud users (which we are), prompts and tuning data are not used to train or enhance foundation models. For more detailed information, you can refer to:
– Gemini Apps Privacy Hub
– Gemini API Additional Terms
– Generative AI and Data Governance

Cohere’s API data policy

As commercial customers, we have opted out of having their API data used for training and improving Cohere’s models. When opted out, data is not used for model training or enhancing Cohere’s offerings. For highly sensitive scenarios, Cohere may grant a zero data retention opt-out upon review. All their services are hosted on Google Cloud Platform in the United States. For more detailed information, you can refer to:
– Cohere Privacy Policy
– Cohere Data Usage Policy

Our terms of service

At Tokibot, we value your trust, and we deeply understand the importance of protecting your data privacy and security. Our terms are designed to help you understand our processes, the care we invest in your data, and how we create a safe and secure service. You can view our TOS here.

Contact Us

If you have any questions about this Privacy Policy, please contact our Privacy Department at [email protected].

By using our services, you agree to the terms outlined in this Privacy Policy.