Tohi
PricingSign Up

Privacy Policy

Last updated: November 2, 2025

1. Introduction

Welcome to Tohi ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial wellness and health tracking platform, including our website and mobile applications (collectively, the "Service").

We are committed to protecting your privacy and ensuring the security of your personal and financial information. This policy is designed to help you understand what information we collect, how we use it, and what choices you have.

2. Information We Collect

2.1 Personal Information

  • Email address and contact information
  • Account credentials and authentication data
  • Profile information and preferences
  • Communication history with our support team

2.2 Financial Information

  • Bank account information (through secure third-party integrations like Plaid)
  • Transaction data and spending patterns
  • Budget goals and financial preferences
  • Investment and portfolio information

2.3 Health and Wellness Data

  • Nutrition and dietary information
  • Sleep patterns and health metrics
  • Activity and fitness data
  • Health goals and preferences

2.4 Technical Information

  • Device information and unique identifiers
  • IP address and location data (if enabled)
  • Usage analytics and app performance data
  • Cookies and similar tracking technologies

3. How We Use Your Information

  • Provide and maintain our financial wellness and health tracking services
  • Generate personalized insights and recommendations
  • Process transactions and maintain account security
  • Improve our services through analytics and machine learning
  • Communicate with you about your account and service updates
  • Provide customer support and respond to inquiries
  • Comply with legal obligations and prevent fraud

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers, including:

  • Plaid for secure bank account connectivity
  • Cloud infrastructure providers for data storage and processing
  • Analytics providers to improve our services
  • Customer support platforms

4.2 Legal Requirements

We may disclose your information when required by law, court order, or to protect our rights and safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Bank-level encryption for all data transmission and storage
  • Multi-factor authentication and secure access controls
  • Regular security audits and penetration testing
  • Compliance with SOC 2 Type II and other security frameworks
  • Data minimization and anonymization where possible

6. Your Rights and Choices

6.1 GDPR Rights (EU Residents)

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

6.2 CCPA Rights (California Residents)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising privacy rights

6.3 Account Controls

  • Update your profile and preferences in your account settings
  • Export your data at any time
  • Delete your account and associated data
  • Manage communication preferences

7. Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations. Specific retention periods include:

  • Account information: Until account deletion plus 30 days
  • Financial data: 7 years as required by financial regulations
  • Health data: Until account deletion or as required by law
  • Analytics data: Anonymized after 2 years

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for certain countries
  • Certification schemes and codes of conduct

9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.

11. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@tohi.app
Address: [Company Address]
Phone: [Phone Number]

12. Compliance Certifications

Tohi is committed to maintaining the highest standards of data protection and privacy:

  • GDPR Compliant: Full compliance with European data protection regulations
  • CCPA Compliant: California Consumer Privacy Act compliance
  • SOC 2 Type II: Security and availability controls certified
  • PCI DSS: Payment card industry data security standards
  • HIPAA Ready: Health information privacy and security measures
← Back to Home