Tokaro — Privacy

1. Introduction

Metis Labs, LLC ("Tokaro," "we," "us," or "our"), with its registered address at 1500 N Grant St, Suite N, Denver, CO 80203, is the "business" for the purposes of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), with respect to the personal information described in this Privacy Notice. This Privacy Notice explains how we collect, use, disclose, and safeguard your information when you use the Tokaro platform and related services (the "Service").

This Privacy Notice describes how we may collect, use, and share your information when you use the Service. It does not rely on your use of the Service as a basis for consent.

Defined Terms

"Engagement Data" means process descriptions, organizational information, business context, prompts, files (including documents uploaded as capture artifacts in CSV, XLSX, PDF, DOCX, and PPTX formats), and other content that you or your Organization submit to the Service during guided conversations, analysis, design, simulation, specification and transformation workflows, together with any outputs generated by the Service in response to such submissions (including AI-generated analysis, process diagrams, designs, simulations, specifications, and deliverables).
"Organization" means the legal entity (such as your employer or another business entity) that has subscribed to the Service and on whose behalf you access and use the Service.

2. Information We Collect

Information You Provide

Account information. Name, email address, password, and Organization details when you register.
Profile information. Role, title, and preferences you configure.
Engagement Data. Process descriptions, organizational information, business context, uploaded documents (such as SOPs, process diagrams, and role-and-responsibility matrices in CSV, XLSX, PDF, DOCX, or PPTX format), and other content you submit during guided conversations, analysis, design, simulation, specification, and transformation workflows. This includes structured evidence extracted from uploaded documents and AI-generated outputs such as process diagrams, designs, simulations, specifications, and deliverables.
Communications. Messages you send to us, feedback, and support requests.
Payment information. Billing details processed through our third-party payment processor. We do not store full payment card numbers.

Information Collected Automatically

Usage data. Features used, pages visited, actions taken, timestamps, and session duration.
Device information. Browser type, operating system, device identifiers, and screen resolution.
Log data. IP address, access times, referring URLs, and error logs.
LLM usage telemetry. We may record metadata about AI model interactions, including the provider used, model version, token counts (input and output), estimated processing cost, and the type of operation performed. This telemetry does not include the content of your Engagement Data and is used for billing, quota enforcement, and Service optimization.
Approximate geolocation. We may derive approximate geographic location (such as country, region, or city) from your IP address. We do not collect precise geolocation data (such as GPS coordinates).
Cookies and similar technologies. Session cookies for authentication and preferences. For more information, see Section 8 (Cookies & Tracking).

Information from Third Parties

Authentication providers. If you sign in via Google or another identity provider, we receive your name, email, and profile picture. We use Firebase Authentication (a Google service) to manage identity and session verification.
Organization administrators. Your Organization administrator may provide your email address when inviting you to join.
Invitation acceptance data. When you accept a workspace or engagement invitation, we record the IP address and user agent associated with your acceptance for security audit purposes.

Inferences

We may derive inferences from your Engagement Data and usage patterns through AI processing, such as workflow optimization recommendations, process analysis outputs, theory-of-constraints analysis, and candidate target-state designs. In addition, the Service generates structured outputs (such as agent specifications, transformation specifications, and deliverables) based on your Engagement Data. These inferences and outputs are generated solely to provide the Service to you and your Organization and are not used for profiling unrelated to the Service.

Sensitive Personal Information

We do not intentionally collect sensitive personal information (as defined under applicable law, including the CPRA). However, if you submit Engagement Data that contains sensitive personal information, we will treat such information in accordance with applicable law. Please avoid including sensitive personal information in your submissions unless necessary for the requested analysis.

3. How We Use Your Information

We may use the information we collect to:

Provide, operate, and maintain the Service.
Process your Engagement Data through AI models to generate analysis, designs, simulations, and specifications.
Authenticate your identity and manage your account.
Enforce usage limits and quotas associated with your subscription.
Send transactional communications, including account verification, password resets, invitation emails, and security alerts.
Provide customer support and respond to inquiries.
Detect, prevent, and address security incidents, fraud, and abuse.
Comply with legal obligations.

In addition, we may monitor and analyze usage trends for the following purposes: (a) debugging and resolving errors; (b) optimizing Service performance and reliability; (c) developing new features and functionality using aggregated or de-identified data; and (d) conducting internal research and analytics.

4. SMS Notifications

If you provide a mobile phone number, we may use it to send Tokaro notifications by SMS, such as account or workflow-related alerts you have asked to receive. We will only send SMS notifications with your prior express consent, as required under the Telephone Consumer Protection Act (TCPA). Message frequency may vary based on your use of Tokaro. Message and data rates may apply.

SMS messages will be sent from +1 (303) 532-0440.

You can opt out of SMS notifications at any time by replying STOP to a Tokaro message or by contacting us at privacy@tokaro.ai or support@tokaro.ai.

We do not sell or share mobile phone numbers with third parties for their marketing purposes. For information about how SMS-related data is treated under the CCPA/CPRA, see Section 13.

5. AI Processing & Data Handling

The Service uses third-party AI model providers to process your Engagement Data and generate outputs. Our primary AI model provider is Anthropic (Claude), with Google (Gemini) available as a fallback provider. Additional providers may be added over time; our current vendor list is below.

Categories of Data Transmitted

When you use AI-powered features, we transmit relevant portions of your Engagement Data — including process descriptions, organizational context, business information, uploaded document content (after parsing), and conversation history — to the applicable AI provider via secure API. We do not transmit your name, email address, or other account identifiers to AI providers unless such information is embedded in your Engagement Data. Where your Organization has configured its own API key for a provider, your Engagement Data is transmitted directly to that provider under your Organization's own account relationship with the provider.

Contractual Safeguards

Our agreements with AI model providers include the following commitments: (a) providers will not use your data to train, retrain, or improve their models; (b) providers will process your data solely to generate the requested output and for limited trust-and-safety purposes (such as abuse monitoring); (c) providers will delete your data from their systems within 30 days of processing, unless a shorter period is contractually specified; and (d) we retain audit rights to verify provider compliance with these commitments.

AI-processed data is not shared across organizations or users. We do not use your Engagement Data to train our own models without your explicit consent.

Intellectual Property

Ownership of Engagement Data and AI-generated outputs is governed by our Terms of Service. Submitting Engagement Data to the Service, including its processing by third-party AI providers, does not transfer any intellectual property rights in your Engagement Data to us or to our AI providers.

Vendor List

The following third-party providers process Engagement Data on our behalf:

Anthropic (Claude) — Primary AI model provider — United States
Google (Gemini) — Fallback AI model provider — United States
Google Cloud Platform — Cloud hosting — United States
Firebase Authentication (Google) — Identity and session management — United States
LangGraph — External runtime platform (when selected by Organization) — United States
CrewAI — External runtime platform (when selected by Organization) — United States

We will provide at least 30 days' advance notice before adding a new AI model provider to this list.

AI Provider Retention

Our AI model providers may retain your Engagement Data for up to 30 days after processing for trust-and-safety purposes (such as abuse monitoring), after which it is permanently deleted from their systems.

External Runtime Platforms

During the Transform stage of an engagement, you may deploy AI agent and workflow definitions to external runtime platforms (such as LangGraph or CrewAI). When you initiate a deployment or invocation, the Service transmits agent specifications, workflow definitions, tool contracts, and invocation payloads to the selected external platform. Run records — including invocation status, timing, and response payloads — are persisted within the Service for audit and operational purposes. External runtime platforms are listed on our vendor list.

You can request information about which AI providers processed your data by contacting us at privacy@tokaro.ai.

We do not sell your personal information. We do not "share" your personal information for cross-context behavioral advertising, as that term is defined under the California Consumer Privacy Act, as amended by the CPRA. We may share your information in the following circumstances:

Within your Organization. Other members of your Organization on Tokaro can see shared Engagement Data, as determined by your Organization's access controls and role-based permissions (owner, admin, member, or viewer). Certain content, such as owner-private discussion threads, is visible only to the engagement creator and workspace owners/administrators.
External collaborators. Your Organization may invite external collaborators (such as subject-matter experts or client representatives) to participate in specific engagements. External collaborators can access Engagement Data within the engagements to which they are explicitly invited, at the role level assigned by your Organization (member or viewer). They cannot access other engagements, workspace settings, or your Organization's member list.
Service providers. Third-party vendors who assist us in operating the Service, including cloud hosting (Google Cloud Platform), AI model providers (Anthropic, Google), authentication services (Firebase Authentication), external runtime platforms (such as LangGraph and CrewAI, when selected by your Organization during the Transform stage), email delivery, payment processing, and analytics providers. These providers are contractually obligated to protect your data and to process it only on our documented instructions.
Legal compliance. When required by law, valid legal process, or governmental request, provided that we will limit disclosure to what is legally required or reasonably necessary to comply with the request.
Safety and rights. To protect the rights, property, or safety of Tokaro, our users, or the public.
Business transfers. In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the successor entity. We will provide notice to you before your personal information is transferred and becomes subject to a different privacy policy, where feasible and required by applicable law.

De-identified or Aggregated Data

We may create and use de-identified or aggregated data derived from your personal information for research, analytics, and Service improvement purposes. De-identified data is processed in accordance with applicable legal standards, including the CCPA/CPRA's requirements for de-identification, and cannot reasonably be used to identify you.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

Account data. Retained until account deletion.
Engagement Data. Retained until the engagement is deleted or your account is terminated. After account termination, data is available for export for 30 days and then permanently deleted.
Organizational termination. When an Organization's subscription is terminated, Organization administrators and individual users will have 30 days to export their data before permanent deletion. Export rights are available to both individual users (for their own data) and Organization administrators (for Organization-level data), subject to the Organization's access controls.
Usage logs. Retained for up to 12 months for security and operational purposes.
Communications and support requests. Retained for up to 24 months after the last communication, or longer if required for ongoing support matters or legal compliance.
Backups. Deleted data may persist in encrypted backups for up to 90 days after deletion. Backup copies are used solely for disaster recovery purposes and are not restored to production systems after individual data deletion requests have been fulfilled.
Third-party AI provider retention. Our AI model providers may retain your Engagement Data for up to 30 days after processing for trust-and-safety purposes (such as abuse monitoring), after which it is permanently deleted from their systems.
Legal holds. Notwithstanding the foregoing retention periods, we may retain personal information for longer periods when required by law, regulation, or legal proceedings, including litigation holds and regulatory investigations.

8. Cookies & Tracking

We use the following types of cookies:

Essential cookies. Required for authentication and core Service functionality. These cannot be disabled.
Analytics cookies. Help us understand how users interact with the Service to improve it. These can be disabled.

Third-Party Analytics

We may use a third-party analytics service to collect and analyze usage data. We do not use advertising cookies, and we do not share cookie data or analytics data with advertising networks. Our analytics tools are not linked to any advertising platforms. You can manage cookie preferences through your browser settings.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption of data in transit using TLS 1.2+ and encryption of data at rest.
Multi-tenant data isolation to help ensure organizations cannot access each other's data.
Regular security assessments and monitoring.
Role-based access controls within the Service.
Secure cloud infrastructure hosted on Google Cloud Platform.

Security Certifications

We maintain security practices consistent with industry standards. Information about our security certifications and compliance frameworks is available upon request.

Incident Response

We may maintain and periodically test an incident response plan designed to detect, respond to, and recover from security incidents.

Breach Notification

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities in accordance with applicable law, including without unreasonable delay as required under applicable U.S. state breach notification laws.

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing known vulnerabilities and continuously improving our security posture.

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access. Request a copy of the personal data we hold about you.
Correction. Request correction of inaccurate or incomplete data.
Deletion. Request deletion of your personal data, subject to legal retention requirements.
Data portability. Request your data in a structured, machine-readable format.
Objection. Object to certain processing of your data.
Restriction. Request restriction of processing in certain circumstances.
Withdraw consent. Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@tokaro.ai.

Response Timeframes

We will respond to your request within the timeframes required by applicable law: within 45 calendar days for requests under the CCPA/CPRA (extendable by an additional 45 days, with notice to you). For requests under other applicable state privacy laws, we will respond within the timeframe required by that law.

Verification

To protect your privacy, we may need to verify your identity before processing your request. Verification may include confirming your email address, providing information that matches our records, or other reasonable verification methods appropriate to the sensitivity of the request.

Right to Appeal

If we deny your request in whole or in part, we will explain the reasons for the denial. You have the right to appeal our decision by contacting us at privacy@tokaro.ai. If you are not satisfied with our response to your appeal, you may contact your applicable state attorney general.

Non-Discrimination

We will not discriminate against you for exercising your privacy rights. We will not deny you the Service, charge you different prices, or provide a different level of quality because you exercised your rights under applicable privacy law.

11. International Data Transfers

The Service is hosted in the United States on Google Cloud Platform, and our AI model providers also process data in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. We adopt appropriate safeguards to ensure your data is protected in accordance with this Privacy Notice and applicable law. If we expand our services to the European Economic Area, United Kingdom, or Switzerland, we will update this section with applicable transfer mechanisms and safeguards.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under the age of 18. In particular, we do not knowingly collect personal information from children under the age of 13, as defined under the Children's Online Privacy Protection Act (COPPA).

Because the Service is designed for enterprise use, access is typically provisioned by Organization administrators and is intended for use by authorized business personnel. If we learn that we have collected personal information from a child under the applicable age threshold, we will take steps to delete such information promptly and, where required by COPPA, will provide notice to and obtain consent from the child's parent or guardian.

13. California Privacy Rights

This Section 13 provides additional disclosures required under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA/CPRA"), and applies to California residents.

Categories of Personal Information We Collect

In the preceding 12 months, we have collected the following categories of personal information:

Category	Examples	Business Purpose	Recipients
Identifiers	Name, email address, IP address	Provide and secure the Service	Service providers, Organization members
Commercial information	Subscription and payment data	Process payments, enforce subscriptions	Payment processor
Internet/electronic activity	Usage data, device info, logs, LLM usage telemetry	Improve Service, security	Analytics providers
Professional/employment information	Role, title, Organization	Provide Service features	Organization members
Inferences	AI-generated analysis and recommendations	Generate outputs	AI model providers

We also collect and process uploaded document content (such as SOPs, process diagrams, and role-and-responsibility matrices) as part of Engagement Data. This content is transmitted to AI model providers for evidence extraction and process analysis.

Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, our business or commercial purposes for collecting or selling it, and the categories of third parties with whom we shared it.

Right to Delete

You have the right to request deletion of your personal information, subject to certain legal exceptions.

Right to Correct

You have the right to request correction of inaccurate personal information that we maintain about you.

Right to Opt Out of Sale or Sharing

We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising. If our practices change, we will provide a 'Do Not Sell or Share My Personal Information' link on our website.

Sensitive Personal Information

We do not intentionally collect sensitive personal information as defined under the CPRA. To the extent we receive sensitive personal information through your Engagement Data, you have the right to limit our use and disclosure of such information to purposes permitted under the CPRA.

Automated Decision-Making

The Service uses AI-powered processing to generate outputs from your Engagement Data. You have the right to opt out of automated decision-making technology, including profiling, to the extent required by applicable law. To exercise this right, contact us at privacy@tokaro.ai.

The Service also uses automated rule-based systems (such as alignment checkpoints, quorum calculations, and stage-gating logic) to determine when engagement stages can advance. These systems apply predetermined rules rather than AI-based profiling and do not produce legal or similarly significant effects on individual users. You may contact us at privacy@tokaro.ai for information about the logic involved in any automated processing that affects you.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. To do so, you must provide us with written authorization or a power of attorney. We may also require the authorized agent to verify their own identity.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California privacy rights, contact us at privacy@tokaro.ai.

14. Additional State Privacy Rights

In addition to the California-specific rights described in Section 13, residents of other U.S. states (including Colorado, Connecticut, Virginia, Texas, Oregon, and other states with comprehensive privacy legislation) may have similar rights, including the right to access, correct, delete, and port their personal data, and the right to opt out of certain processing activities. To exercise any rights under applicable state privacy law, contact us at privacy@tokaro.ai.

15. Changes to This Notice

We may update this Privacy Notice from time to time. We will notify you of material changes by posting the updated Privacy Notice on the Service and updating the 'Last updated' date. For significant changes, we may also notify you by email.

A 'material change' includes, without limitation, any change to the categories of personal information we collect, the purposes for which we process personal information, the categories of third parties with whom we share personal information, or any change that materially affects your rights under this Privacy Notice.

We will provide at least 30 days' advance notice before material changes take effect. Your continued use of the Service after the effective date of a material change constitutes your acknowledgment of the updated Privacy Notice. Where changes require renewed consent under applicable law, we will obtain such consent before implementing the change.

16. Contact Us

If you have questions or concerns about this Privacy Notice or our data practices, please contact us at:

Metis Labs, LLC
1500 N Grant St
Suite N
Denver, CO 80203
Email: privacy@tokaro.ai

How we handle your data.

1. Introduction

Defined Terms

2. Information We Collect

Information You Provide

Information Collected Automatically

Information from Third Parties

Inferences

Sensitive Personal Information

3. How We Use Your Information

4. SMS Notifications

5. AI Processing & Data Handling

Categories of Data Transmitted

Contractual Safeguards

Intellectual Property

Vendor List

AI Provider Retention

External Runtime Platforms

6. How We Share Your Information

De-identified or Aggregated Data

7. Data Retention

8. Cookies & Tracking

Third-Party Analytics

9. Data Security

Security Certifications

Incident Response

Breach Notification

10. Your Rights

Response Timeframes

Verification

Right to Appeal

Non-Discrimination

11. International Data Transfers

12. Children's Privacy

13. California Privacy Rights

Categories of Personal Information We Collect

Right to Know

Right to Delete

Right to Correct

Right to Opt Out of Sale or Sharing

Sensitive Personal Information

Automated Decision-Making

Authorized Agents

Non-Discrimination

14. Additional State Privacy Rights

15. Changes to This Notice

16. Contact Us