Privacy Policy

1. Introduction

Welcome to Tokia.ai, a service operated by JE Commerce Ventures LLC (“we,” “our,” or “us”). We are committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform that connects TikTok Shop sellers with affiliate marketers (the “Services”).

This Policy applies to all users of Tokia.ai, including sellers, affiliates, and visitors to our website. If you do not agree with our policies and practices described in this Policy, please do not use our Services.

Scope. This Policy covers personal information processed by Tokia.ai in our capacity as a data controller. It does not cover third-party services (such as TikTok, Stripe, or PayPal), which have their own privacy policies.

2. Interpretation and Definitions

2.1 Interpretation

Words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions have the same meaning regardless of whether they appear in singular or in plural.

2.2 Definitions

For the purposes of this Privacy Policy:

• Account means a unique account created for you to access our Services or parts of our Services.
• Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
• Company (referred to as either “the Company,” “We,” “Us,” or “Our” in this Policy) refers to JE Commerce Ventures LLC, 30 N Gould St Ste R, Sheridan, WY 82801, United States, operating the Tokia.ai platform.
• Cookies are small files that are placed on your computer, mobile device, or any other device by a website, containing details of your browsing history on that website among its many uses.
• Device means any device that can access the Services, such as a computer, a cell phone, or a digital tablet.
• Personal Data is any information that relates to an identified or identifiable individual.
• Service Provider means any natural or legal person who processes data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Services, to provide the Services on behalf of the Company, to perform services related to the Services, or to assist the Company in analyzing how the Services are used.
• Services refers to the Tokia.ai platform, website, and related offerings provided by the Company.
• TikTok Data means any data, content, or information accessed by the Company through TikTok’s APIs or platform pursuant to authorization you provide.
• Usage Data refers to data collected automatically, either generated by the use of the Services or from the Services infrastructure itself (for example, the duration of a page visit).
• Web Beacons are small electronic files (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited certain pages or opened an email, and for other related website statistics.
• Website refers to Tokia.ai, accessible from https://tokia.ai.
• You means the individual accessing or using the Services, or the company or other legal entity on behalf of which such individual is accessing or using the Services, as applicable.

3. Information We Collect

We collect information in the following categories:

A. Information You Provide Directly

• Account Information: Name, email address, business name, password (stored as a salted hash), and profile information
• TikTok Shop Information: Shop name, product listings, sales data, and performance metrics when you connect your TikTok Shop account
• Payment Information: Billing address and payment method details (processed securely through our payment providers; we do not store full card numbers)
• Communications: Information you provide when you contact our support team or participate in surveys

B. Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on platform, click patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: We use cookies and similar technologies as described in Section 12
• Log Data: Server logs that record access times, page views, and system activity

C. Information from Third Parties

• TikTok API Data: Public profile information, follower counts, engagement metrics, and shop performance data, accessed only with your explicit authorization through the official TikTok Partner Center OAuth flow
• Analytics Providers: Aggregated information about how you interact with our platform
• Social Media: If you connect social accounts, we may receive basic profile information you have made available

D. Data Minimization Principle

We only collect information that is necessary to provide, maintain, and improve our Services. We do not collect sensitive personal data (such as government ID numbers, health information, or biometric data) unless expressly required and with your explicit consent.

4. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide our affiliate matching and campaign management Services
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Matching Algorithm: To analyze data and match sellers with appropriate affiliates (see Section 13 for details on automated decision-making)
• Communication:To send service updates, respond to inquiries, and — with your consent — marketing communications
• Improvement: To analyze usage patterns and improve our platform features
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service
• Security: To detect and prevent fraud, abuse, and security incidents

4.1 What We Do NOT Do

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal bases:

• Contract: Processing necessary to provide the Services you requested (e.g., account management, TikTok integration)
• Consent: Where you have given explicit consent (e.g., marketing emails, optional cookies, connecting your TikTok account)
• Legitimate Interests:For improving our Services, preventing fraud, and ensuring network security — balanced against your rights and interests
• Legal Obligation: Where processing is required to comply with applicable laws

You have the right to withdraw consent at any time where consent is the legal basis. See Section 11.

6. Information Sharing & Disclosure

We do not sell your personal information. We may share your information only in the limited circumstances described below.

A. With Your Consent

We share information when you explicitly authorize us to do so — for example, when connecting with affiliates through our Platform or integrating third-party services.

B. Service Providers (Sub-Processors)

We work with trusted third-party companies that help us provide our Services. All sub-processors are bound by written contracts requiring them to protect your information and use it only for the purposes we specify. Current categories include:

• Cloud hosting providers (e.g., AWS, Google Cloud) — infrastructure and data storage
• Payment processors(Stripe, PayPal) — handling payment transactions under their own privacy policies
• Email service providers — transactional and marketing email delivery
• Analytics providers— platform performance and usage analytics
• Customer support tools — ticketing and helpdesk systems

A current list of material sub-processors is available on request from privacy@tokia.ai.

C. Business Transfers

If Tokia.ai (or JE Commerce Ventures LLC) is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users and ensure any successor entity honors this Privacy Policy or provides equivalent protection.

D. Legal Requirements

We may disclose information if we have a good-faith belief that such disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or governmental request
• Enforce our Terms of Service, including investigation of potential violations
• Detect, prevent, or address fraud, security, or technical issues
• Protect the rights, property, or safety of Tokia.ai, our users, or the public

E. Aggregated or Anonymized Data

We may share aggregated or anonymized data that cannot reasonably be used to identify you for research, analytics, or business purposes.

7. TikTok Data & API Usage

This section explains how we handle data accessed through TikTok ’s APIs. We take TikTok data handling seriously and comply with the TikTok Developer Terms of Service, TikTok API Terms of Service, TikTok Data Use Policy, and TikTok Shop Partner requirements.

7.1 Authorization

When you connect your TikTok account to Tokia.ai through the official TikTok Partner Center OAuth flow:

• We access only the specific data scopes you authorize
• We do not store your TikTok password — authentication is handled entirely by TikTok
• OAuth access tokens are stored encrypted and refreshed only as long as authorization remains active

7.2 What We Access

Depending on the scopes you authorize, we may access:

• TikTok Shop data (products, orders, shop profile)
• Affiliate program information available to your account
• Creator marketplace data you are authorized to view
• Campaign and messaging data within TikTok’s permitted API scopes
• Performance metrics for affiliates participating in your campaigns

7.3 How We Use TikTok Data

• Purpose Limitation: Solely for providing the specific Services you authorized
• No Sale: TikTok Data is never sold, licensed, or rented
• No Ad Profiling: TikTok Data is not used to build advertising profiles or targeting segments
• No ML Training: TikTok Data is not used to train machine-learning models beyond the matching functionality you enabled
• Rate Limiting & Caching: We implement rate limiting and caching to minimize API calls and comply with TikTok’s rate limits

7.4 Revocation & Deletion

You may revoke our access to your TikTok data at any time by:

• Disconnecting your account within Tokia.ai settings, or
• Revoking the app in your TikTok account settings

Upon revocation, we will cease accessing your TikTok Data immediately and delete cached TikTok Data from our systems within 30 days, subject only to legal retention requirements.

Honoring TikTok User Deletions. If a TikTok user deletes their account or content on TikTok, or if TikTok instructs us to delete specific data, we will promptly delete the corresponding TikTok Data from our systems.

7.5 No Affiliation with TikTok

Tokia.ai is an independent platform. We are not affiliated with, endorsed by, sponsored by, or officially connected to TikTok, ByteDance, or any of their subsidiaries. References to TikTok trademarks are nominative only.

8. Data Retention

We retain your personal information only as long as necessary for the purposes described in this Policy or as required by law. Specific retention periods include:

When retention periods expire, we delete or anonymize the data. Backups containing deleted data are purged on our standard backup rotation (maximum 90 days).

9. Data Security & Breach Notification

9.1 Security Measures

We implement commercially reasonable technical and organizational measures to protect your information, including:

• Encryption: Data encrypted in transit (TLS 1.2 or higher) and at rest (AES-256)
• Access Controls: Role-based access control, multi-factor authentication for administrative access, and principle of least privilege
• Credential Protection: Passwords stored as salted hashes; OAuth tokens encrypted at rest
• Regular Audits: Security assessments, code reviews, and vulnerability testing
• Incident Response: Documented procedures for detecting, investigating, and responding to security incidents
• Employee Training: Regular security and privacy awareness training, with background checks for personnel with access to sensitive data
• Monitoring: Continuous logging and monitoring of access to systems handling personal data

9.2 Breach Notification

In the event of a security incident affecting your personal data or TikTok Data, we will:

• Notify affected users without undue delay, and in any case within 72 hours of becoming aware of the breach where required by applicable law
• Notify TikTok in accordance with the TikTok Developer Terms where TikTok Data is affected
• Notify relevant supervisory authorities as required by GDPR, state breach laws, or other applicable regulations
• Provide information about the nature of the breach, data affected, likely consequences, and mitigation steps

9.3 No System Is Perfectly Secure

While we strive to protect your information using industry-standard practices, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continually work to improve our safeguards.

10. International Data Transfers

Tokia.ai is operated from the United States. If you access our Services from outside the United States, your information will be transferred to, stored in, and processed in the United States or other countries where we or our service providers operate.

Safeguards for International Transfers. For transfers of personal data from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Addendum where applicable
• Supplementary measures such as encryption and access controls

You may request a copy of the relevant safeguards by contacting privacy@tokia.ai.

11. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

A. Access and Portability

You can request a copy of your personal data in a structured, commonly used, machine-readable format.

B. Correction

You can update or correct your information through your account settings or by contacting privacy@tokia.ai.

C. Deletion

You can request deletion of your account and personal data, subject to legal retention requirements (e.g., tax and financial records).

D. Restriction and Objection

You can request that we restrict certain processing or object to processing based on our legitimate interests.

E. Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time. Withdrawal does not affect the lawfulness of prior processing.

F. Opt-Out Choices

• Marketing Emails: Use the unsubscribe link in any marketing email or update preferences in your account settings
• Cookies: Adjust your browser settings to refuse cookies, or use our cookie consent tool
• Analytics: Use browser plugins (e.g., Google Analytics Opt-out) to opt out of analytics tracking

G. GDPR Rights (EEA, UK, Switzerland)

If you are in the European Economic Area, United Kingdom, or Switzerland, you also have:

• Right to lodge a complaint with a supervisory authority
• Right not to be subject to solely automated decision-making with legal or similarly significant effects (see Section 13)

H. US State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or another US state with a comprehensive privacy law, you have rights that may include:

• Right to know what personal information is collected, used, and disclosed
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
• Right to non-discrimination for exercising your rights
• Right to limit use of sensitive personal information (we do not collect sensitive personal information)

California residents: Under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), you have the rights listed above. You may designate an authorized agent to make requests on your behalf.

I. How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@tokia.ai. We will respond within the timeframe required by applicable law (generally 30–45 days). We may need to verify your identity before processing your request.

12. Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies to:

• Maintain your session and authentication status
• Remember your preferences and settings
• Analyze platform usage and performance
• Provide personalized features

12.1 Tracking Technologies We Use

The technologies we use may include:

• Cookies (Browser Cookies). A cookie is a small file placed on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our Services may use cookies.
• Web Beacons. Certain sections of our Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email, and for other related website statistics (such as recording the popularity of a certain section and verifying system and server integrity).

12.2 Types of Cookies We Use

• Essential Cookies: Required for core platform functionality (authentication, security). These are Session and Persistent Cookies administered by us. Cannot be disabled.
• Analytics Cookies: Help us understand how users interact with our Services so we can improve them.
• Preference / Functionality Cookies: Remember your settings and choices (e.g., language, display preferences) to provide a more personal experience.
• Cookies Policy / Notice Acceptance Cookies: Identify whether users have accepted the use of cookies on the Website.
• Marketing Cookies: Used only with your consent for relevant communications.

12.3 Managing Cookies

You can control non-essential cookies through our cookie consent banner or your browser settings. Disabling essential cookies may impair platform functionality.

13. Automated Decision-Making

Our Platform uses an automated matching algorithm that analyzes seller and affiliate data to suggest potential partnerships. We want you to understand how this works.

13.1 How the Matching Algorithm Works

• The algorithm evaluates factors such as product category, audience alignment, historical performance, and engagement metrics
• It generates suggestions and rankings — it does not make final decisions or form binding contracts automatically
• All partnership decisions are made by you (the user) based on the information we provide

13.2 Your Rights Regarding Automated Processing

Because our algorithm produces suggestions rather than final decisions with legal or similarly significant effects, GDPR Article 22’s restrictions on solely-automated decision-making generally do not apply. However, you always have the right to:

• Request human review of any decision influenced by our algorithm
• Contest recommendations or outcomes you believe are inaccurate
• Request information about the logic involved in the matching process

To exercise these rights, contact privacy@tokia.ai.

14. Links to Other Websites

Our Services may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

15. Children’s Privacy

Tokia.ai is intended for business users and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18, and our Services are not available to them.

COPPA Compliance.In accordance with the Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected personal information from a child under 13, we will delete it immediately.

If you believe we may have collected information from a child under 18, please contact privacy@tokia.ai so we can investigate and take appropriate action.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will:

• Post the updated Privacy Policy on this page
• Update the “Last Updated” date at the top of the Policy
• Send an email notification for material changes at least 30 days before they take effect, where practicable
• Obtain fresh consent where required by law for significant changes affecting your rights

Your continued use of the Services after the changes take effect constitutes acceptance of the updated Policy. If you do not agree with the changes, you must stop using the Services and may request deletion of your account.

17. Contact Us