Last Updated: May 25, 2026
Welcome to Tokki. We build an AI-native voice commerce platform exclusively designed to integrate with Shopify logistics in the Indian marketplace. We understand that data privacy is critical to your business operations. This Privacy Policy details how we collect, use, process, and protect your data when you engage with our platform, website, or services.
By signing up for our waitlist, accessing our website, or utilizing the Tokki ecosystem, you consent to the practices described in this document.
We only collect the absolute minimum data required to ensure high-performance service delivery and waitlist qualification:
Our mandate is precision commerce. The data we collect is actively deployed for the following operational vectors:
Information collected specifically through the Tokki Waitlist form is exclusively used to qualify, organize, and schedule your merchant rollout. We utilize this to allocate backend bandwidth prior to granting you access to out AI infrastructure. We may email you regarding setup prerequisites and timeline updates.
Because Tokki operates natively inside the Shopify ecosystem, we require specific API permissions to read and map your logistics (e.g., webhook intercepts for cart recovery or order tracking).
We act cleanly as a Data Processor regarding your end-customers' data. We only ping Shopify when processing live customer tracking or cart states, and we never export your foundational customer roster out of your Shopify admin instance.
Our system utilizes Large Language Models (LLMs) and advanced Speech-to-Text (STT)/Text-to-Speech (TTS) nodes to synthesize human-like interactions. While transcripts of customer interactions are temporarily processed to execute the conversation, Tokki expressly guarantees that we do not permit underlying base models (like OpenAI or internal fine-tunes) to train on your direct, unanonymized customer interactions.
We utilize fundamental cookies strictly for session tracking across the application dashboard, preventing CSRF (Cross-Site Request Forgery) attacks, and anonymous edge traffic monitoring to detect and mitigate DDOS anomalies. We do not utilize invasive advertising trackers across our application layer.
We do not sell your personal or merchant data. Period.
We only share localized data with vendor partners specifically provisioned to facilitate our infrastructure:
We maintain active records of your merchant account for the duration of your subscription. Cancelled accounts, or data belonging to users that retract waitlist status, are securely purged aligning strictly with standard database retention cycles. You retain full leverage to require early deletion of your data traces.
Depending on your jurisdiction, you actively maintain the right to:
We deploy industry-standard, reasonable security measures to deflect unauthorized access, tampering, or injections into our databases. However, because no runtime environment connected to public DNS architecture is infallibly secure, we cannot issue an impossible 100% security guarantee. You utilize the platform at your own risk.
Our ecosystem is architected strictly for registered eCommerce merchants and B2B corporate entities. It is explicitly not intended to be subscribed to, or operated by, individuals firmly under the age of 18.
As our AI logic updates and our GTM (Go-to-Market) model scales across international boundaries, we may iteratively modify this policy. Significant alterations involving material changes in data handling will trigger a system-wide email notification to all active accounts.
If you require clarification on any data logic or need to invoke local regulatory rights, please contact our team directly at: