Toki refers to the Toki service owned and operated by Orion Arm Pte. Ltd. or our affiliated companies (referred to as 'we' hereafter). We respect your privacy and are committed to safeguarding the security of any information we obtain from you or about you. This Privacy Policy outlines our practices regarding the collection of personal information about you when you use our website, applications, and services (collectively referred to as the "Services") in accordance with the Singapore Personal Data Protection Act (“PDPA”) and the European Union General Data Protection Regulation (“GDPR”). Each of GDPR and PDPA has been deemed to have extra-territorial scope, so GDPR also applies to non-EU/ EEA data controllers which offer their services to data subjects within the EU or the EEA, and PDPA to non-Singaporean data controllers offering services within Singapore.
Personal information we collect
We collect personal information relating to you (“Personal Information”) as follows:
Personal Information You Provide: We collect Personal Information if you create an account to use our Services or communicate with us as follows:
Account Information: When you create an account with us, we will collect information associated with your account, may including your name, contact information, account credentials (collectively, “Account Information”).
User Content: When you use our Services, we collect Personal Information that is included in the input, file uploads, or feedback that you provide to our Services (“Content”).
Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send (“Communication Information”).
Personal Information We Receive Automatically From Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions (“Technical Information”):
Log Data: Information that your browser automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our website.
Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
Device Information: Includes the name of the device, operating system, device identifiers, language and timezone settings, and browser you are using. Information collected may depend on the type of device you use and its settings.
Cookies: We use cookies to operate and administer our Services, and improve your experience. A “cookie” is a piece of information sent to your browser by a website you visit. You can set your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it. However, refusing a cookie may in some cases preclude you from using, or negatively affect the display or function of, a website or certain areas or features of a website. For more details on cookies, please visit All About Cookies.
Analytics: We may use a variety of online analytics products that use cookies to help us analyze how users use our Services and enhance your experience when you use the Services.
Personal Information We Receive From Third Parties: When you use a third party account to register or log in to our Services (Google, Apple, etc.), we may have access to certain information (“Third Parties Information”) as follows:
Profile Information: We will receive profile information from your third-party provider, may including your name, email address, profile picture as well as other information you choose to make public on third parties.
Usage Data: We may automatically collect information about your use of the Services in connection with your third-party account, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, language preferences. We use this data to improve our services, offer tailored recommendations, and enhance your overall user experience
How we use personal information
We may use Personal Information for the following purposes:
To provide, administer, maintain and/or analyze the Services;
To improve our Services and conduct research;
To communicate with you;
To develop new programs and services;
To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our IT systems, architecture, and networks;
To carry out business transfers; and
To comply with legal obligations and legal process (including regulatory bodies) and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
Aggregated or De-Identified Information. We may aggregate or de-identify Personal Information so that it may no longer be used to identify you and use such information to analyse the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with third parties, publish such aggregated information or make such aggregated information generally available. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to reidentify the information, unless required by law.
To enhance your experience. As noted above, we may use Content you provide us to improve our Services, products, marketing and your experience. We may use information received from Google APIs to show you relevant information from your emails and calendars. Toki’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Disclosure of personal information
In certain circumstances we may provide your Personal Information to third parties without further notice to you, unless required by the law:
Vendors and Other Third-Party Service Providers: We may share your data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: calendar management, payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Services, which will enable them to collect data on our behalf about how you interact with our Services over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, pages or features, and better understand online activity. Unless described in this notice, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Information and other information may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
Legal Requirements: We may share your Personal Information, including information about your interaction with our Services, with government authorities, industry peers, or other third parties (i) if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, or users, or the public, or (vi) to protect against legal liability.
Affiliates: We may disclose Personal Information to our affiliates, meaning an entity that controls, is controlled by, or is under common control with Toki. Our affiliates may use the Personal Information we share in a manner consistent with this Privacy Policy.
Reliance on the Legitimate Interests Exception
(a) Adhering to the guidelines outlined in the PDPA and GDPR, Toki reserves the right to gather, utilise, or reveal your personal information in specific cases without explicit consent, based on the legitimate interests of either Toki or another party. This entails a meticulous assessment by Toki to ascertain that any potential adverse impacts on individuals are thoroughly considered against the prevailing legitimate interests.
(b) In alignment with the legitimate interests' exception, your personal data may be utilised for the following objectives:
i. Identification and mitigation of fraudulent activities;
ii. Detection and prevention of service misuse;
iii. Implementation of network analysis to deter fraud and financial misconduct, as well as to conduct credit assessments;
iv. Acquisition and utilization of personal data on company-provided devices to forestall data breaches;
v. Ensuring service provision to customers;
vi. Meeting legal requirements, such as anti-money laundering and anti-terrorism measures;
vii. Understanding and enhancing customer experiences;
viii. Recruiting and retaining suitable staff; and
ix. Safeguarding systems, premises, and preventing cyber threats.
The aforementioned purposes retain their applicability even in scenarios where your association with us, such as contractual agreements, has ceased or undergone alterations, for a reasonable duration thereafter.
Your rights
Depending on location, individuals in the EEA, the UK, Singapore and across the globe may have certain statutory rights in relation to their Personal Information. For example, you may have the right to:
Access and rectify your Personal Information —
Delete your Personal Information from our records when —
Transfer your Personal Information to a third party (right to data portability).
Restrict how we process your Personal Information.
Withdraw your consent—
Object to how we process your Personal Information.
Lodge a complaint with your local data protection authority. You can exercise some of these rights through your Toki account. If you are unable to exercise your rights through your account, please send your request to . In order to protect your Personal Information from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information and proof of residency for verification. If we cannot verify your identity, we will not be able to honour your request.
Protection of Personal Data
We employ various measures to protect your personal data from unauthorised access or misuse. These include limited data collection, password protection, encryption, antivirus software, regular updates, secure disposal of storage media, web security protocols, and additional authentication methods like one-time passwords or multi-factor authentication. While we continuously review and enhance our security measures, please note that no method of data transmission or storage is entirely foolproof.
We do not use your Personal Information or user data for AI training.
International transfers of data
Your personal data is stored and processed on servers located in the United States, specifically in the Commonwealth of Virginia.
As a result, your data may be transferred to and processed in the United States and other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence.
We take appropriate measures to ensure that any international transfer of personal data is conducted in compliance with applicable data protection laws, including the Singapore Personal Data Protection Act (PDPA) and, where applicable, the General Data Protection Regulation (GDPR). Such measures may include contractual safeguards, data protection agreements with service providers, and the implementation of appropriate technical and organizational security controls.
We take reasonable steps to ensure that your personal data remains protected and is handled in accordance with this Privacy Policy.
Children
The Services are intended for a general user. If a minor is to use our Services and provides Personal Information, the minor must do so with the consent of his/her guardian. You represent and warrant that you have the right capacity and legal capacity required for using our Services. If you are a minor, you represent and warrant that you are using our Services with the consent of your guardian. We have voluntarily imposed age restrictions on certain Services in cases where we are unable to confirm that you are of a certain age. We understand the special necessity to protect the Personal Information collected from minors in the U.S., Europe, or Thailand (under the age of 13 in the U.S., under the age of 16 in Europe, and under the age of 11 in Thailand) using our Services, and we do not knowingly collect any Personal Information from minors.
If, however, you believe that we have collected Personal Information from minors of the aforementioned countries or regions, then please email us at dpo@orionarm.ai. If we learn that we have inadvertently collected Personal Information from minors of the aforementioned countries or regions, we will deactivate the relevant account(s) and will take reasonable measures to promptly delete such Personal Information from our records.
Links to other websites
The Service may contain links to other websites not operated or controlled by Toki, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.
Security and Retention
We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Information both online and offline from loss, misuse, and unauthorised access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites.
We’ll retain your Personal Information for only as long as we need in order to provide our Service to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Information will depend on a number of factors, such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, our purpose for processing the information, and any legal requirements.
Changes to privacy policy
We may update this Policy from time to time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law. If you do not agree to any of the changes and you no longer wish to use our Services, you may choose to close your Account. Continuing to use our Services after a notice of changes has been notified to you or published on our Services constitutes your acceptance of the changes and consent to the modified version of this Policy. We will seek your consent when required under Applicable Laws.
Contact Us
If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at dpo@orionarm.ai.
EU & UK Representatives
Our EU Representative: Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is: Instant EU GDPR Representative Ltd. Adam Brogden contact@gdprlocal.com Tel +35315549700 INSTANT EU GDPR REPRESENTATIVE LTD Office 2, 12A Lower Main Street, Lucan Co. Dublin K78 X5P8 Ireland
Our UK Representative: Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd. Adam Brogden contact@gdprlocal.com Tel +44 1772 217800 1st Floor Front Suite 27-29 North Street, Brighton England
Acknowledgement and consent
By visiting our website, accessing or using any of our products, services, information, content, features or premises, you acknowledge that you have read and understood this Privacy Policy and you accept the practices and terms as set out in this Privacy Policy.
For the purpose of complying with applicable data protection laws, the PDPA and GDPR, you also provide your consent for us to collect, use, disclose, share and otherwise process your personal data in accordance with this Privacy Policy.