Privacy Policy

Effective date: July 1, 2024

Tookyn, Inc. (“Tookyn,” “we,” “us,” or “our”) respects the privacy of the visitors to our website and the customers who rely on Tookyn DNS, Virtual Hosting, and API Gateway services. This Privacy Policy explains how we collect, use, share, and protect personal data when you interact with our site, communicate with our teams, or operate workloads on Tookyn infrastructure.

1. Who we are

Tookyn, Inc. is the controller of personal data described in this policy, except where we act as a processor of Customer Content on behalf of our customers. Our primary business operations are based in the United States, with infrastructure partners located in the regions disclosed to each customer during onboarding.

2. Information we collect

The data we collect depends on how you engage with Tookyn:

• Account and contact information. Names, email addresses, phone numbers, and role information supplied when creating Tookyn accounts or communicating with our sales and support teams.
• Billing details. Company addresses, tax information, and payment authorizations provided to process invoices for Tookyn services.
• Service telemetry. Logs, metrics, DNS query data, API request metadata, and configuration states generated as you use Tookyn DNS, Virtual Hosting, and API Gateway. Telemetry is linked to customer identifiers to deliver and secure the services.
• Support interactions. Information shared when you open tickets, schedule maintenance, or engage with Tookyn engineers. We may capture session recordings or command output with your consent to troubleshoot complex issues.
• Website and communications data. Device information, browser type, referring URLs, and limited cookie data collected to maintain site reliability and measure aggregate engagement with our documentation.

We do not intentionally collect personal data about minors and request that children under 16 do not submit personal information through our services.

3. How we use information

We use personal data to:

• Provide, secure, and support Tookyn products and customer environments.
• Authenticate administrators and manage access to customer accounts.
• Process transactions, manage renewals, and send operational notices.
• Analyze platform performance, capacity, and adoption to improve our offerings.
• Comply with legal obligations, enforce agreements, and prevent fraud or abuse.

When Tookyn processes personal data as a processor on your behalf, we act only under your documented instructions, and our use of the data is limited to providing the contracted services.

4. Sharing and disclosure

Tookyn shares personal data only when necessary to deliver the services or when legally required. We may disclose personal data to:

• Infrastructure providers, such as data center and network partners, who host Tookyn Virtual Hosting nodes and DNS points of presence.
• Service partners supporting SSL certificate issuance, monitoring, or customer billing.
• Professional advisors, auditors, or regulators as required to comply with applicable law.
• Other parties with your consent, for example when coordinating joint incidents with your vendors.

Tookyn does not sell personal data and does not permit subprocessors to use customer information for their own marketing purposes.

5. Data retention

We retain personal data for as long as necessary to deliver the services and meet our legal and contractual obligations. DNS query logs and API request metadata are typically retained for up to 13 months, unless a shorter retention period is requested by the customer or a longer period is required to investigate security events. Backups of Virtual Hosting environments follow the retention settings defined in each customer’s runbook.

6. Security

Tookyn implements administrative, technical, and physical safeguards to protect personal data, including access controls, encryption in transit, segmented network zones, and continuous monitoring. Customers are responsible for configuring their Tookyn instances, credentials, and upstream services in accordance with our security guidelines.

7. International transfers

If personal data is transferred across borders, Tookyn uses approved safeguards such as Standard Contractual Clauses or comparable agreements. We inform customers of the geographic regions in which their workloads are hosted and will not move customer data to new regions without prior notice, unless required by law or to mitigate an urgent operational risk.

8. Your rights and choices

Depending on your location, you may have the right to request access, correction, deletion, or portability of your personal data, or to object to or restrict certain processing. You can submit these requests by contacting Tookyn at product@tookyn.com. Customers managing personal data within Tookyn services are responsible for responding to individual rights requests related to Customer Content.

You may adjust cookie preferences through your browser settings. Essential cookies used to deliver the Tookyn site and administrator console cannot be disabled.

9. Updates to this policy

We may revise this Privacy Policy to reflect new features, regulatory guidance, or industry best practices. We will provide notice of material updates via email or the Tookyn administrator console at least thirty (30) days before the changes take effect, unless immediate updates are required to address legal or security obligations.

10. Contact us

For privacy inquiries, data protection requests, or to obtain a copy of our data processing agreement, please contact Tookyn at product@tookyn.com or support@tookyn.com. We respond to verified requests promptly and will work with you to address compliance requirements for Tookyn DNS, Virtual Hosting, and API Gateway environments.