GaokeyGaokeyPrivacy Policy

Privacy Policy

Effective Date: March 31, 2026 · Toii Social LLC · privacy@gao.global

1. Overview

Gaokey is a non-custodial, device-native sovereign identity wallet. Toii Social LLC (“we,” “us,” or “Company”) does not hold, store, access, or transmit your private keys, seed phrases, wallet addresses, or cryptographic credentials at any time. All cryptographic material is generated and stored exclusively on your device.

This is not a policy choice — it is an architectural one. Gaokey is designed so that sensitive cryptographic data never leaves your device.

The Company does not act as a fiduciary, custodian, or financial advisor to any user. The Company does not own, control, or operate any blockchain network. Users interact with blockchain networks directly and independently.

2. Legal Classification

Gaokey is a non-custodial software application. The Company does not:

  • Act as a financial institution, bank, or depository
  • Provide custodial wallet or asset management services
  • Operate as a money transmitter or money services business (MSB) under FinCEN regulations
  • Hold, control, or intermediate user funds at any time
  • Execute transactions on behalf of users

Users interact directly with blockchain networks. Nothing in this Policy constitutes financial, investment, or legal advice.

3. Information We Collect

3.1 Information We DO Collect

We collect only the minimum data necessary to maintain app stability:

  • Anonymized crash logs — generated when the app encounters an unexpected error. These logs do not contain personal identifiers, wallet data, or transaction information.
  • App performance metrics — response times, screen load performance, and error rates, collected in aggregate and anonymized.
  • Device environment data — operating system version and device type, used solely to reproduce and fix bugs.

3.2 Information We DO NOT Collect

We do not collect, access, or store:

  • Private keys, seed phrases, or mnemonic phrases
  • Wallet addresses or balances
  • Transaction history or on-chain activity
  • Biometric data (Face ID, Touch ID results)
  • Real name, email address, or phone number
  • Government-issued identification
  • Location data

We do not collect or store IP addresses in a manner that can identify individual users.

4. How We Use Information

Anonymized crash and performance data is used exclusively to identify and fix software defects, improve application stability, and prioritize engineering resources. We do not use any collected data for advertising, user profiling, behavioral tracking, or monetization. We do not sell, license, rent, or share your data with third parties for commercial purposes.

Do Not Track: Gaokey does not respond to Do Not Track (DNT) signals because we do not track users.

5. Blockchain Disclosures

  • Transactions are irreversible. Once broadcast to a blockchain network, transactions cannot be reversed, cancelled, or modified by the Company or any party.
  • Transactions are publicly visible. Blockchain transactions are recorded on public ledgers and may be viewed by anyone.
  • We have no recovery capability. Toii Social LLC cannot recover lost private keys, restore deleted wallets, or reverse unauthorized transactions.
  • Pre-mainnet software. An independent external security audit is planned prior to mainnet release. Do not use with real funds until audit completion.

6. Data Storage and Security

All cryptographic keys and credentials are stored in your device’s hardware-backed secure storage:

  • iOS: Secure Enclave and Keychain
  • Android: Android Keystore System

These systems are designed so that private key material cannot be extracted by any application, including Gaokey.

IronClaw Security Standard: Gaokey is built to the IronClaw Security Standard. OTA updates are disabled — all app updates are delivered exclusively through the Apple App Store and Google Play Store. No credentials are stored on external servers. All cryptographic signing occurs locally on-device.

7. Third-Party Services

Gaokey uses a limited number of third-party services for build infrastructure and distribution. These services do not receive wallet data, private keys, seed phrases, or any cryptographic material.

ServicePurpose
Expo (EAS)Build and distribution infrastructure
Apple App StoreiOS distribution
Google PlayAndroid distribution

We do not integrate advertising SDKs, social media trackers, or analytics platforms that collect personally identifiable information.

8. International Users

Gaokey is operated by Toii Social LLC, headquartered in the United States. If you access Gaokey from outside the United States, you acknowledge that any limited data we collect may be processed in the United States.

9. Children’s Privacy

Gaokey is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at privacy@gao.global and we will promptly delete such information. This policy is consistent with COPPA.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights:

  • Right to Know — Request information about personal information we have collected about you.
  • Right to Delete — Request deletion of personal information we have collected.
  • Right to Correct — Request correction of inaccurate personal information.
  • Right to Opt-Out — We do not sell or share personal information. There is nothing to opt out of.
  • Right to Non-Discrimination — We will not discriminate against you for exercising any privacy rights.

To exercise your rights, contact privacy@gao.global. We will respond within 45 days as required by law.

11. No Warranty

Gaokey is provided “as is” and “as available” without warranties of any kind. The Company disclaims all liability for loss of funds, loss of access to wallets, unauthorized transactions, software defects, or network downtime. Use of the application is at your own risk.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, TOII SOCIAL LLC AND ITS OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO YOUR USE OF THE APP. IN NO EVENT SHALL THE COMPANY’S TOTAL LIABILITY EXCEED ONE HUNDRED U.S. DOLLARS ($100.00).

13. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions.

14. Data Retention

Anonymized crash logs and performance metrics are retained for a maximum of 90 days, after which they are permanently deleted. Because this data is anonymized, it cannot be attributed to or retrieved on behalf of any specific user.

15. Changes to This Policy

We will provide at least 30 days’ notice before any material changes, delivered via in-app notification or an update to this page with a revised Effective Date. Your continued use of Gaokey after the effective date constitutes acceptance of the changes.

16. Contact

Toii Social LLC — A Delaware Limited Liability Company
Privacy inquiries: privacy@gao.global
Legal inquiries: legal@gao.global
Security disclosures: legal@gao.global — Subject: [SECURITY]