Privacy Policy

Tokori is built local-first. The desktop app works without an account at all. If you sign in to the cloud, we store the minimum we need to run your account: your email (or OAuth provider ID), your sync data, and your billing relationship with Stripe. We do not sell data, we do not run third-party trackers on this site, and we do not train AI models on your content.

Tokori is operated from Germany. The legal contact, address, and responsible party are listed on our Imprint. For privacy questions, email privacy at tokori.ai.

Account data

• Email address (for magic-link sign-in and account recovery).
• OAuth provider account ID + email when you sign in with Google or Discord. We do not receive or store your provider password.
• A display name you choose. Anonymous (no-email) cloud accounts are identified only by a device-bound recovery key.

Learning data

• Vocabulary cards, study sessions, and review history that you create in the app. Stored so we can sync across your devices.
• Content packs you install (the pack contents themselves are public; we record which packs you have so we know what to re-deliver on a new device).
• Chat and tutoring prompts you send to AI features, plus the model's replies, kept on your account so you can review them.

Billing data

If you buy AI tokens or a Pro subscription, Stripe handles payment. We receive a Stripe customer ID, the items purchased, and the subscription status — we never see your card number. Stripe's own privacy terms apply to data they collect.

Technical logs

Our servers keep short-lived request logs (IP, user agent, route, status) for security, abuse prevention, and debugging. These rotate within 30 days. We do not run analytics cookies, behavioral trackers, or ad pixels on this site.

• To create and authenticate your account.
• To sync your learning data between your devices.
• To run the AI features you invoke. Prompts are sent to the relevant model provider (OpenAI, Anthropic, Google) to generate a response and returned to you. Providers may briefly process prompts to deliver the response.
• To process payments and deliver the credit you purchased.
• To send transactional email (magic-link codes, receipts, security notices). We do not send marketing email unless you opt in.
• To investigate abuse, fraud, or attacks against the service.

We do not use your learning data, chats, or any content you store to train AI models.

We rely on a small number of vendors to run the service. Each processes only what their function requires.

• Stripe — payments.
• Resend / Postmark — transactional email (sign-in codes, receipts).
• OpenAI, Anthropic, Google — AI model inference for the features you invoke.
• Cloudflare — CDN, DNS, and edge security.
• Database + object storage host — managed Postgres and storage in the EU.

Where a vendor is outside the EU, the transfer is covered by the EU Standard Contractual Clauses.

• Account + learning data: kept while your account exists. Delete your account and we remove it within 30 days, except where retention is required by law (e.g. tax records for invoices).
• Server logs: 30 days, then deleted.
• Magic-link codes: 10 minutes, then expired and removed.
• Billing records: kept for the period required by German accounting law (typically 10 years for invoices).

Under the GDPR you can ask us to:

• Confirm what data we hold about you and give you a copy.
• Correct anything that's wrong.
• Delete your account and the data tied to it.
• Export your learning data in a portable format.
• Restrict or object to specific processing, or withdraw consent where processing is based on it.
• Lodge a complaint with a supervisory authority — for Germany, the data-protection authority of your federal state.

Email privacy at tokori.ai and we'll respond within 30 days.

We use a single signed session cookie to keep you logged in. We do not run analytics, advertising, or third-party tracking cookies. The desktop and mobile apps use device-local storage (not cookies) for the same purpose.

Tokori is not directed at children under 16. If you believe a child has created an account, email us and we will remove it.

We'll update this page when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes are announced by email to active accounts.