Privacy Policy
TokiAI Router Privacy Policy (General Version)
Privacy Policy
TokiAI Router Privacy Policy (General Version)
TokiAI Router (hereinafter referred to as the "Platform" or "we") values the protection of your personal information. This policy will help you understand how we collect, use, store, share, and protect your personal information when you use our services, as well as the rights you have. Please read this policy carefully before using the Platform's services. Once you start using our services, you signify your agreement to our handling of your personal information in accordance with this policy. If you have any questions, please contact us via the information provided at the end of this policy.
I. Scope of Application
This privacy policy applies to all services provided by the Platform through official websites, mobile applications, API interfaces, and other channels. This policy does not apply to services independently provided by third parties (e.g., third-party websites accessed via links within the Platform); such services are governed by the third parties' own privacy policies. Business data you upload to the Platform (e.g., datasets, model files) are managed by you; the Platform only provides technical storage and processing in accordance with your instructions and will not use such data beyond the scope of services.
In this policy, "personal information" means information that can identify you; "sensitive personal information" means information that, if leaked, may endanger your personal or property safety, such as biometric information, financial account information, etc. "Anonymization" means information that cannot identify you and cannot be restored after processing. "Cookie" is a small text file stored in your browser, used to record login status and preference settings.
II. What Information We Collect
2.1 Registration Information
When you register a Platform account, we need to collect:
(1) Mobile phone number: used for registration verification, login, password recovery, and security alerts. We verify number ownership via SMS verification codes.
(2) Email address: used to receive billing, service notifications, and security alerts; it can also serve as an auxiliary verification method.
(3) Username and password: the username is for community display; the password is stored in encrypted form, and we do not store it in plain text. It is recommended that you set a strong password containing letters, numbers, and symbols.
(4) Avatar and personal bio: you may voluntarily upload these for personalized display; they are optional information.
2.2 Real-Name Authentication Information
When using paid features, real-name authentication is required by laws and regulations:
Individual users need to provide their real name and ID document information; corporate users need to provide business licenses, legal person information, and corporate bank account information. Some high-risk operations (e.g., large recharges, changing linked phone numbers) may require facial recognition verification. Facial information is used only for real-time identity verification; after verification, we do not store the original facial image, only the verification result record.
Real-name authentication information is considered sensitive personal information, and we will protect it using encryption storage and strict access controls.
2.3 Payment and Invoice Information
When you recharge, we collect: recharge amount, payment method, payment transaction ID, and status. When you apply for an invoice, we collect: invoice type, invoice header, taxpayer identification number, and shipping information. Bank account information is considered sensitive and is used only for payment settlement, transmitted and stored via encrypted channels. We also record your Token recharge records, consumption details, and bills for your inquiry and reconciliation.
2.4 Service Usage Information
While you use our services, we automatically collect the following information:
(1) Device and network information: IP address, device model, operating system, browser version, screen resolution, network operator, etc. This information is de-identified and used for security protection and functional adaptation.
(2) Operation logs: access time, pages viewed, click records, search keywords, dwell time, error logs, etc., used for troubleshooting and optimizing user experience.
(3) API call records: call time, API name, response status, Token consumption, task status, etc., used for billing and system monitoring.
(4) Model interaction content: prompts you submit, uploaded files, generated responses, conversation history. We collect this information primarily to provide services (e.g., maintaining multi‑turn conversations), conduct content safety reviews, and, after de‑identification, improve model quality.
(5) Token data: recharge time, amount, exchanged quantity, consumption scenarios, and balance, used for billing management and insufficient balance alerts.
2.5 Third-Party Login Information
If you choose to log in via third-party accounts such as WeChat, Alipay, or GitHub, with your authorization, we will obtain from the third party your unique identifier, nickname, avatar, and email address (if you agree to provide it). We only obtain the minimum information necessary for login and do not obtain your password, friend list, or chat history. Third parties are independently responsible for their own information handling.
2.6 Customer Service Communication Records
When you contact customer service, we may keep your inquiry content, complaint description, attachments, and call recordings (with your consent) to resolve your issues, improve service quality, and handle potential disputes.
III. How We Use Information
3.1 Providing Core Services
We use your information primarily to provide you with Platform services:
(1) Identity verification: using your phone number, email, and password to complete registration, login, password recovery, etc.; using real-name information to complete identity verification and ensure transaction security.
(2) AI services: using the prompts and files you submit to call AI models, generate and return results; storing conversation history to maintain multi‑turn conversation coherence.
(3) Knowledge base services: using documents you upload to build indexes, perform retrieval, and return results.
(4) API services: verifying your API call permissions, logging call records, and metering Token consumption.
(5) Compute scheduling: allocating computing resources based on your task configuration and monitoring task execution status.
3.2 Billing and Settlement
We use payment information and Token records to complete payment processing for recharge transactions, generate bills, issue invoices, perform financial reconciliation, and tax reporting. When your balance is insufficient, the system will send an insufficient balance alert.
3.3 Security Assurance
We use device and network information for security protection: detecting abnormal logins (e.g., logins from unusual locations, frequent failed attempts) and triggering secondary verification; monitoring high‑frequency API calls and malicious traffic to block attacks; analyzing transaction patterns to identify fraud risks; reviewing model interaction content to block illegal or inappropriate information; identifying risky behaviors such as batch registration and device farms.
3.4 Service Optimization
We use operation logs and feedback information to troubleshoot technical issues and optimize functional design. After removing personally identifiable information, we may use your interaction data to train and optimize AI models, improving model accuracy, safety, and user experience. We also conduct A/B testing to test the effectiveness of new features.
Additionally, based on your usage habits and technical preferences, we may recommend relevant models, tutorials, or events. If you do not wish to receive personalized recommendations, you can disable this feature in your account settings.
3.5 Service Notifications
We will use your registered phone number or email address to send you:
(1) Service notifications: login alerts, password change alerts, task completion notifications, insufficient balance alerts, system maintenance announcements, agreement update notifications. These notifications are necessary for account security and contract performance and cannot be unsubscribed from, but you may choose the delivery channel (e.g., receive only by email, not by SMS).
(2) Promotional information: promotional events, technical contests, new feature introductions, etc. Such information is based on your consent, and you can unsubscribe at any time via the email unsubscribe link, SMS reply command, or preference management in account settings.
3.6 Legal and Regulatory Compliance
When required by laws and regulations or by legally binding requests from judicial or administrative authorities, we may need to provide your relevant information. Examples include cooperating with public security investigations, responding to regulatory inspections by cyberspace authorities, fulfilling cybersecurity level protection obligations, and handling user complaints and disputes. To the extent permitted by law, we will notify you before disclosure whenever possible.
IV. Cookies and Similar Technologies
4.1 Purpose of Use
The Platform uses cookies, local storage, and similar technologies primarily to: maintain your login status, avoiding frequent re‑logins; remember your interface preferences (e.g., language, theme mode); store security tokens to prevent malicious attacks; record anonymized access data to help us analyze page load speeds and feature usage; enable conveniences such as file upload progress persistence and form draft saving.
4.2 How to Manage
You can clear, disable, or restrict cookies in your browser settings. After clearing, you may need to log in again and reset your preferences. Disabling cookies may cause some features to malfunction, such as maintaining login status. Some browsers support a "Do Not Track" feature; when enabled, we will reduce behavioral tracking. On mobile devices, you can manage application access to device identifiers through system settings.
V. Information Sharing and Disclosure
5.1 Basic Principles
We do not sell your personal information. Only in the following circumstances will we share or disclose your information to third parties, and we will require the receiving parties to comply with protection measures no less stringent than those in this policy.
5.2 With Your Consent
With your explicit consent, we may share necessary information with partners. For example, if you participate in an event jointly organized by the Platform and a third party, we may inform you of the sharing scope on the event page and, after obtaining your consent, provide your contact information to the partner.
5.3 Service‑Necessary Partners
To enable service functions, we may share de‑identified or encrypted information with the following types of partners:
(1) Identity verification service providers: for completing real‑name authentication checks;
(2) Payment service providers: for processing recharge transactions (payment account information is collected directly by the payment service provider; the Platform does not store your payment password or bank card number);
(3) Cloud infrastructure service providers: for server hosting and data storage;
(4) SMS and email service providers: for sending verification codes and notifications;
(5) Customer service and technical support service providers: for providing customer support services;
(6) Security service providers: for protecting against network attacks and enhancing system security.
We share only the minimum information necessary to achieve the specific function.
5.4 Legal and Regulatory Requirements
Under mandatory requirements of laws, regulations, judicial authorities, or administrative authorities, we may need to disclose your information. Examples include cooperating with public security investigations, court proceedings, and regulatory inspections by cyberspace authorities. We will review the legality of the request, provide only information within the necessary scope, and notify you before disclosure whenever possible (except where prohibited by law).
5.5 Merger and Acquisition
If the Platform undergoes a merger, acquisition, or asset transfer, your personal information may be transferred as part of the business assets. We will require the new holder to continue to comply with this privacy policy. If the new holder intends to change the information handling methods, we will seek your consent again.
5.6 Public Disclosure
Except as required by laws and regulations or with your consent, we will not publicly disclose your personal information. Content you post in public areas such as the Platform's community or forums may be visible to other users. If you win a Platform contest, we may display your username and avatar with your consent.
VI. Information Storage and Protection
6.1 Storage Location
Your personal information is stored on servers within mainland China, complying with national data localization requirements. Our data centers are located in Beijing, Shanghai, Shenzhen, etc., all of which have obtained national cybersecurity level protection certification.
In principle, we will not transfer your personal information outside of China. If business needs truly require such transfer, we will conduct a security assessment in advance, ensure that the recipient's data protection level complies with Chinese legal requirements, and inform you of the overseas recipient's details and obtain your separate consent (unless otherwise provided by laws and regulations).
6.2 Retention Period
We retain your information only for as long as necessary to fulfill the purposes of this policy:
(1) Registration information: retained for at least six months after account deletion;
(2) Real‑name authentication information: retained for at least three years after account deletion;
(3) Payment and invoice information: retained for at least five years after transaction completion;
(4) Operation logs and API records: retained for at least six months from the date of creation;
(5) Model interaction content: retained for at least ninety days from the date of creation; you may request deletion of specific records at any time;
(6) Customer service records: retained for at least one year after the communication ends.
After the retention period expires, we will delete or anonymize your information. During the retention period, if you request early deletion, we will process it within fifteen working days after verifying your identity, except where laws and regulations require continued retention.
6.3 Security Measures
We adopt the following measures to protect your information security:
(1) Transmission encryption: using HTTPS encryption protocol to secure data transmission;
(2) Storage encryption: encrypting sensitive information (e.g., ID documents, payment information, passwords) using strong encryption algorithms;
(3) Access control: granting access to user information only to employees with a legitimate need, and logging all access activities;
(4) Security auditing: conducting regular security tests and vulnerability fixes, deploying firewalls and intrusion detection systems;
(5) Incident response: establishing security incident emergency plans; in the event of a data breach, we will take immediate remedial measures and notify affected users and competent authorities within seventy‑two hours.
VII. Your Rights
7.1 Access and Correction
You have the right to access and correct the personal information we hold about you. Basic information (e.g., username, avatar, contact information) can be modified in "Account Settings." Real‑name authentication information, payment records, etc., require a request through customer service; after verifying your identity, we will respond within fifteen working days, with possible extension to thirty days for complex cases.
7.2 Billing Inquiry
You can view Token recharge records, consumption details, monthly bills, and invoice records in the "Finance Center." If you dispute a bill, you may contact customer service for verification within thirty days after the bill is generated; we will respond within fifteen working days. If a system error is confirmed, we will make up the difference or issue a refund.
7.3 Deletion of Information
You may request deletion of your personal information in the following circumstances: we have collected or used information illegally; we have violated agreements in processing information; you have withdrawn consent and there is no other legal basis; we have ceased services and the retention period has expired.
You can submit a deletion request in the "Privacy Center" or contact us via customer service. After verifying your identity, we will process it within fifteen working days. However, information required to be retained by laws and regulations (e.g., anti‑money laundering records, tax records), information related to incomplete transactions or ongoing litigation, and data that has been incorporated into model parameters and cannot be separately extracted may not be immediately deletable; we will explain the reason.
7.4 Withdrawal of Consent
You may withdraw previously granted consent at any time: disable "Personalized Recommendations" in "Account Settings" – we will stop delivering personalized content; unsubscribe from marketing information via email unsubscribe link or SMS reply command; unlink third‑party accounts in "Account Linking"; disable the "Allow use of my data to improve the model" option. Withdrawal of consent does not affect processing completed before withdrawal. Withdrawal may affect some services; we will inform you before withdrawal.
7.5 Account Deletion
You may apply for account deletion at any time. Before deletion, please ensure: there are no pending transactions or tasks; no outstanding fees; no unresolved disputes. After deletion, all your data will be permanently deleted and cannot be recovered, and your Token balance will be reset to zero without refund. You can submit a deletion request in "Account Security"; after verifying your identity and confirming no outstanding matters, we will complete deletion within fifteen working days.
VIII. Protection of Minors
8.1 Service Orientation
The Platform primarily provides AI technology services to adults. Because the services involve paid features, API calls, data uploads, and other complex functions, and some generated content may not be suitable for minors, we recommend that minors use the service only with their guardian's full knowledge, consent, and ongoing supervision.
8.2 Guardian Responsibility
If you are a guardian of a minor, please fully understand the Platform's functions and risks, guide and supervise the minor's use, manage the account and payments, and prevent accidental losses. If you discover that a minor has used the service without consent or that the Platform has provided inappropriate content, you have the right to request that we restrict services and delete relevant information.
8.3 Protection of Children's Information
For children under the age of fourteen, we take stricter protection measures: in principle, we do not actively collect children's information; if collection is necessary, we collect only the minimum necessary information and verify guardian identity and obtain guardian consent; children's information is stored in a higher‑security environment with restricted employee access; requests from guardians to access, correct, or delete children's information will be responded to within seven working days.
IX. Policy Updates
9.1 Update Mechanism
We may update this privacy policy in response to changes in laws and regulations or business developments. The updated policy will be announced on the Platform for a period of no less than seven days. For material changes (e.g., changes to processing purposes, material changes to sharing partners, changes to user rights, high‑risk security assessments, changes to the operating entity), the announcement period will be extended to fifteen days, and we will also provide prominent notice such as pop‑ups.
9.2 Effectiveness
The updated policy becomes effective after the announcement period ends. Your continued use of the services indicates acceptance of the update. If you do not agree, you may stop using the services and delete your account before the update becomes effective. After a material change, we may ask you to reconfirm your consent upon your first login. We recommend that you periodically review policy updates.
X. Dispute Resolution
10.1 Dispute Resolution
Disputes arising from this privacy policy shall be settled through friendly negotiations; if negotiations fail, either party may bring a lawsuit to the competent court of the location of the Platform's operator. This policy is governed by the laws of the mainland region of the People's Republic of China.
XI. Miscellaneous
11.1 Relationship with the Terms of Service
This privacy policy is an integral part of the TokiAI Router Terms of Service. In the event of any conflict between this policy and the Terms of Service, this policy shall prevail. Matters not addressed in this policy shall be governed by the relevant provisions of the Terms of Service.
11.2 Severability
If any provision of this policy is held invalid, the remaining provisions shall remain in full force and effect. The invalid provision will be modified to the extent necessary to make it effective.