Privacy Policy
UFT Holdings LLC · Effective: May 28, 2026 · Last updated: June 8, 2026
UFT Holdings LLC ("we," "us," "Company") operates TonkOS (tonkos.io). This Privacy Policy explains what information we collect, how we use it, and your rights. We believe in being direct — no legal runaround.
What We Collect
From business clients (you):
- Name, email, phone, and business information provided during onboarding
- Payment information (processed by Stripe — we never store raw card data)
- Knowledge base content, documents, and FAQs you upload to train your Branch
- Usage data: API calls, message counts, response times
From your end users (your customers who chat with your Branch):
- Conversation messages sent to and from your Branch
- Session tokens (anonymous identifiers, not personal accounts)
- Basic request metadata (timestamps, branch ID)
Automatically collected:
- Server logs (IP addresses, browser type, pages visited)
- Error logs for debugging purposes
How We Use It
- To train, deploy, and operate your custom AI Branch
- To send account-related emails (API keys, invoices, onboarding updates)
- To monitor platform health and investigate abuse
- To improve platform reliability and performance
- We do not use your data for advertising
- We do not sell your data or your customers' data to any third party
Your Customers' Data
Does my customers' conversation data get used to train other AI models?
No. Conversation data from your Branch is used only to operate your Branch in real time. It is not used to train other clients' models, not shared with other clients or third parties, and deleted after 90 days.
- Used only to operate your Branch in real time
- Stored securely on our infrastructure
- Not used to train other clients' models
- Not shared with other clients or third parties
- Retained for up to 90 days for debugging purposes, then deleted
Data Storage and Security
For Widget and Private AI rental clients, all data is stored on our secured infrastructure:
- Encrypted in transit via HTTPS/TLS
- API keys are hashed — we cannot recover them if lost
- Administrative access is access-controlled and monitored
- We conduct periodic security reviews
Secure AI and Private AI on-premise clients: After project completion and handoff, no client data, model weights, training data, or conversation data is retained on TonkOS infrastructure. Everything is delivered to you and removed from our systems. Your data lives entirely on your hardware from that point forward. We have no ongoing access to your model or your users' data after handoff.
We are a small operation. We do not have SOC 2 certification. If your use case requires enterprise-grade compliance certifications, contact us at tank@tonkos.io to discuss options.
Third-Party Services
| Service | Purpose |
|---|
| Stripe | Payment processing |
| Resend | Transactional email delivery |
| DigitalOcean | Server infrastructure (Widget and rental plans only) |
| Cloudflare | DNS, SSL, DDoS protection |
Data Retention
- Active client data: retained for duration of subscription
- Conversation logs: retained up to 90 days, then deleted
- Billing records: retained 7 years (legal requirement)
- Upon account termination: all data deleted within 30 days unless legally required to retain
- Secure AI / on-premise buyout clients: no data retained on our systems after project handoff
Your Rights
You have the right to request a copy of the data we hold about you, request correction of inaccurate data, request deletion of your data (subject to legal retention requirements), and opt out of any non-essential communications. To exercise any of these rights, email tank@tonkos.io.
Children's Privacy
TonkOS is a B2B service intended for businesses and adults 18+. We do not knowingly collect data from children under 13.
Changes to This Policy
We will notify active clients via email before making material changes to this policy. The date at the top of this document reflects when it was last updated.
Contact
UFT Holdings LLC
Riverview, FL
tank@tonkos.io · tonkos.io