Tokenlx Website Privacy Policy

This Privacy Policy was last updated in May 2026.

This Privacy Policy is effective for all users from May 2026.

We are committed to respecting and protecting personal privacy. This Privacy Policy describes how Vocalm Limited (hereinafter referred to as "we", "us", or "our") collects, uses, discloses, or shares information about end users ("you" or "your") in connection with the Tokenlx website and related services operated by us, including https://www.tokenlx.ai and related services provided by us (hereinafter referred to as "the Platform" or "the Services"), whether you access the Services directly or through a third party.

Please note that, unless otherwise stated, this Privacy Policy does not apply to information collected by third parties, even if those third parties link to this Service. Third parties include, but are not limited to, other companies, third-party websites, and mobile applications.

When you use our Services, in accordance with applicable law, you agree to our collection, use, and disclosure of information as described in this Privacy Policy. We collect, use, and disclose your information based on appropriate legal bases. Please read this Privacy Policy carefully before using our Services or accessing our website. We may revise this Privacy Policy from time to time, and revised versions will be posted on the website. Please check our Privacy Policy regularly to ensure you are aware of the latest version. In addition, pursuant to applicable law, your continued use of our Services after this Privacy Policy becomes effective will be deemed as your acceptance of the latest version of this Privacy Policy.

If you have any questions or concerns about our information processing activities, please contact us at dataprivacy@tokenlx.ai .

1. What Information Do We Collect and How Do We Collect It?

When you use our Services, we will collect, transmit, store, and process relevant information. We use this information to provide you with Services, conduct research and analysis related to Services, provide personalized experiences, track Service usage, provide feedback to partners, display advertisements, promote Services, provide customer support, send you messages, back up systems, enhance the security of Services, and comply with relevant legal obligations. Even if we do not retain such information, it will first enter our servers and be stored for an extended period to meet system processing requirements.

When you use our Services, we may collect the following information about you:

-          Information you actively provide to us. For example: your name and email address provided to create an account or use the Services; your gender, date of birth, occupation, educational background, etc., provided to complete certain Services. Please note that before collecting sensitive personal information such as ID numbers, precise location, facial images, or voiceprints, we will separately notify you and obtain your explicit consent.

-          Information we collect via Cookies. Cookies will collect information about the device and network you use, the date and time of your visit, and similar information. Such information is for internal use only (e.g., optimizing Services), and cannot be traced back to individual users.

-          Information from third-party partners, such as companies that provide services to us and our business partners.

2. How Do We Use Your Personal Information?

We use the personal information you provide to us to deliver Services and for internal operations. For example: to improve the quality of Services, or to help our customers and partners enhance their products or services; to aggregate data for internal and external business purposes; to prevent potential illegal activities; to provide support for user accounts and fulfill customer needs; to comply with government or legal requirements; and for other purposes agreed upon in our terms.

Legal Bases for Our Use of Your Personal Information

We will only collect, use, share, and otherwise process your personal information where there is an appropriate legal basis. Our data processing activities and the legal bases upon which we rely are as follows:

Contact Information:

For example, your name, address, phone number, email address, gender, date of birth, and educational level that you actively provide to us.

Device Information:

IDFA/GAID/AID; device type; user agent; operating system; operating system version; IP address; MSISDN; device identifier IMSI; browser information.

Our Legitimate Interests:

a) Tracking and reducing fraudulent traffic, and verifying the success of advertising campaigns; b) Preventing and monitoring criminal activity. In each case, we have assessed and determined that our legitimate interests do not override the rights and freedoms of the data subjects. Where required by applicable law, we may also use your personal information to comply with legal and regulatory obligations.

3. With Whom Do We Share Information?

We may share your personal information with our business partners, including large model companies, channel partners, suppliers, customers, and service providers.

Unless otherwise provided in this Privacy Policy, we will not disclose personal information to any third party, except in the following circumstances where we deem disclosure necessary: (1) as required by law to comply with court subpoenas, similar legal proceedings, or government requests; (2) to protect or enforce our rights or the rights of third parties; (3) to protect the safety of the public or users; (4) to respond to emergencies. We may also transfer your information in connection with mergers, divisions, or sales of our assets. To ensure support and maintenance of the Services, we also reserve the right to disclose your personal information to service providers or third parties related to business operations when necessary.

"We do not control, and are not responsible for, LLMs' handling of your Inputs or Outputs, including for use in their model training. To understand how your Inputs are used by AI models, check the terms of the providers here (opens in new tab)."

International Transfers of Personal Information

We operate globally. As a result, your personal information may be transferred to and stored in countries and regions other than the People's Republic of China, the European Economic Area ("EEA"), and the United Kingdom ("UK"), such as the United States, Brazil, and Singapore. Data protection standards vary across these countries and regions. We will take reasonable measures to ensure your privacy rights are protected in accordance with applicable law, and that data transfers are limited to countries that are recognized as providing an adequate level of legal protection, or where we are satisfied that other measures are in place to protect your privacy.

To ensure your personal information is protected under applicable law, for data transfers outside of the PRC, EEA, and UK:

•         For data transfers from within the People's Republic of China to outside, we will comply with the requirements of applicable laws and regulations.

•         For data transfers outside the EEA and UK, such transfers will be made pursuant to EU Standard Contractual Clauses, the EU-U.S. Data Privacy Framework, or other recognized legal mechanisms. You may request a copy by contacting dataprivacy@tokenlx.ai .

4. How Do We Protect the Security of Information?

We employ a variety of security measures to protect the personal information we collect, both during transmission and after receipt. For example, we have implemented and maintain appropriate technical and organizational security measures to safeguard information. We use electronic, procedural, and physical security measures to prevent unauthorized or unlawful use or alteration of information, and to prevent accidental loss, damage, or destruction of information. In accordance with the requirements of the EU General Data Protection Regulation ("GDPR"), we have appointed a Data Protection Officer ("DPO"). The DPO is responsible for cooperating with supervisory authorities and overseeing our GDPR compliance. The DPO can be reached at dataprivacy@tokenlx.ai .

5. How Long Do We Retain This Information?

Unless otherwise required by law or regulation, we will retain your information for the duration of your use of our Services and for as long as necessary to fulfill the purposes described in this Privacy Policy. In certain circumstances, we may store your personal information for a longer period so that we have an accurate record of your dealings with us in the event of a complaint or dispute, or where we have reasonable grounds to believe there is a prospect of litigation.

Nonetheless, we will retain and use user information in anonymized and aggregated form, solely for internal analysis, compliance with legal obligations, dispute resolution, and contract fulfillment. We will endeavor to ensure that personal information is not retained for longer than is necessary for the purposes for which it is processed.

6. Your Rights

Users have corresponding rights regarding their personal information.

EU and UK Residents

Under EU and UK law, if you are a resident in the EU or UK, we will only collect and process your information where there is a lawful basis for doing so. Subject to certain exemptions, based on our ongoing data processing activities, you have the following rights over your personal information:

•  Right of Access

You have the right to request that we provide you with a copy of the personal information we hold about you, and to be informed of: (a) the source of your personal information; (b) the purposes, legal basis, and methods of processing; (c) the identity of the data controller; (d) the entities or categories of entities to which your personal information may be transferred.

•  Right to Rectification or Erasure

You have the right to request that we correct inaccurate personal information. We may verify the accuracy of the personal information before making corrections.

You may also request that we erase your personal information in the following circumstances:

•         The information is no longer needed for the purposes for which it was collected;

•         You have withdrawn your consent (where processing is based on your consent);

•         You have exercised your right to object (see below);

•         The data has been unlawfully processed;

•         Erasure is necessary to comply with a legal obligation we are subject to.

We are not required to comply with a request to erase personal information if we process it for the following reasons:

•         To comply with a legal obligation;

•         For the establishment, exercise, or defense of legal claims.

•  Right to Restriction of Processing

You may request that we restrict the processing of your personal information, but only in the following circumstances:

•         The accuracy of the information is contested, pending verification;

•         Processing is unlawful but you do not want the data erased;

•         The information is no longer needed for its original purpose, but we still require it for the establishment, exercise, or defense of legal claims;

•         You have exercised your right to object and verification is pending.

Following a restriction request, we may continue to use your personal information where:

•         We have your consent;

•         It is necessary for the establishment, exercise, or defense of legal claims;

•         It is necessary to protect the rights of another natural or legal person.

•  Right to Data Portability

You may request that we provide your personal information in a structured, commonly used, machine-readable format, or that it be transmitted directly to another data controller, but only where:

•         Processing is based on your consent or a contract with you; and

•         Processing is carried out by automated means.

•  Right to Object

Where we process personal information based on our legitimate interests, you may object to that processing if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we will have the opportunity to demonstrate that we have compelling legitimate interests that override your rights and freedoms.

•  Right to Object to Direct Marketing

You may request that we change the way we contact you, and you may request that we not transfer your personal information to unaffiliated third parties for direct marketing or any other purposes.

•  Right to a Copy of Safeguards for Transfers Outside Your Jurisdiction

You may request a copy of, or reference to, the safeguards under which your personal information is transferred outside the EU or UK. To the extent permitted by law, we may redact data transfer agreements to protect commercial terms.

If you have any questions regarding our compliance with this Privacy Policy and applicable data protection law, or if you wish to exercise your rights, we recommend you first contact our Data Protection Officer at dataprivacy@tokenlx.ai .

Before disclosing the personal information you request, we may, for security purposes, ask you to provide additional information to confirm your identity. We reserve the right to charge a fee where permitted by law, such as where your request has no legal basis or is unreasonable. You may exercise your rights by contacting us, and we will make all reasonable efforts to respond to your requests in a timely manner. Please note that in some cases we may not be able to fully comply with your request, for example, if doing so would affect our confidentiality obligations to others, or if we are legally entitled to process the information differently.

We will investigate and endeavor to resolve complaints and disputes, and will make all reasonable efforts to honor your rights within the timeframes prescribed by data protection law. You have the right to lodge a complaint at any time with the data supervisory authority in your jurisdiction (i.e., your place of habitual residence, place of work, or place of the alleged infringement). We encourage you to try to resolve all issues with us before involving your local supervisory authority.

California Residents

Under the California Consumer Privacy Act of 2026 ("CCPA"), if you are a resident of the State of California in the United States, you have certain rights with respect to our collection, use, and sharing of your personal information.

Under the CCPA, subject to certain exceptions, you have the following rights:

1.  Right to Know. You have the right to know about the categories of personal information a business collects, discloses, or sells, as well as the specific personal information the business holds about you.

2.  Right to Delete. You may request that a business delete your personal information.

3.  Right to Opt Out of Sale. You have the right to opt out of the sale of your personal information by a business.

4.  Right to Non-Discrimination. You have the right not to receive discriminatory treatment from a business for exercising your rights under the CCPA.

You may exercise the above rights by contacting us through the following methods:

•         By sending an email to: dataprivacy@tokenlx.ai

We will not discriminate against you for exercising your rights under the CCPA. You may designate an authorized agent to submit requests on your behalf, provided you ensure the agent has received your authorization. Before responding to your request, we may require you to provide additional information or take other steps we deem appropriate to verify your identity. In addition to the CCPA, under California's Shine the Light law, California residents have the right to request information about personal information we have disclosed to third parties for direct marketing purposes. You may exercise this right by contacting us at dataprivacy@tokenlx.ai .

Residents of Other States (e.g., Virginia, Colorado, Connecticut, Utah, Texas)

Under applicable law, you may have some or all of the following rights:

•         Right to Know: The right to know the categories of personal information we collect, use, and disclose about you.

•         Right of Access: The right to request a copy of the specific personal information we hold about you.

•         Right to Correction: The right to request that inaccuracies in your personal information be corrected.

•         Right to Deletion: The right to request deletion of your personal information, subject to legal exceptions.

•         Right to Opt Out: The right to opt out of the use of your personal information for "targeted advertising"; to opt out of "selling" your personal information to third parties (as defined under applicable law); and to opt out of "profiling" for certain significant decisions.

•         Right to Non-Discrimination: We will not discriminate against you for exercising the above rights.

How to Exercise Your Rights

If you are a resident of any of the above states and wish to exercise your rights, please contact us by:

•         Sending an email to: dataprivacy@tokenlx.ai

We will verify your identity and respond within the timeframes required by applicable law after receiving your request. For security purposes, we may ask you to provide necessary information to confirm your identity. You may also authorize an agent to exercise rights on your behalf, but you must provide appropriate authorization documentation.

Global Privacy Control (GPC) Signals

Our website and Services do not currently support the automatic recognition and response to Global Privacy Control (GPC) signals. We are evaluating the technical implementation options to support this feature in the future.

In the meantime, if you are a resident of an applicable state and wish to exercise your right to opt out of the sale/sharing of your personal information and cross-context behavioral advertising, please submit a direct request to us through one of the following methods, as we cannot automatically process your opt-out request via GPC signals:

•         Send an email to: dataprivacy@tokenlx.ai

As we do not currently support automatic recognition of GPC signals, you will need to submit your opt-out request directly to us through the methods specified above. We will verify your identity and process your request within the timeframes required by applicable law after receiving it.

7. Use of Cookies and Other Tracking Technologies

When you visit our website, we may use cookies or other similar tracking technologies (collectively, "Cookies") to collect certain information about you. Cookies are small text files that are automatically stored by your browser when you visit a website. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies may contain unique identifiers and may reside on your computer or mobile device, in emails we send to you, and on our web pages. Cookies may transmit information about you and your use of the Services, such as browser type, search preferences, IP address, data relating to advertisements that have been displayed to you or that you have interacted with, and the date and time you use the Services. Cookies may be persistent or stored only for the duration of a single session.

We use Cookies in our Services for the following purposes:

Purpose	Description
Process	To make the Services operate in the manner you expect.
Authentication, Security & Compliance	To prevent fraud, protect your data from unauthorized parties, and comply with legal requirements.
Preferences	To remember information about how you prefer the Services to behave and look.
Notifications	To allow or prevent notifications of information or options that we think may improve your experience of using the Services.
Advertising	To make advertising more relevant to users and more valuable to advertisers.
Analytics	To help us understand how visitors use the Services.

If you do not accept these Cookies, you can change your browser settings to delete existing Cookies and to prevent new Cookies from being set. However, please note that if you delete Cookies or do not accept Cookies, you may not be able to use all of the features we offer, store your preferences, and some pages may not display properly. Please note that changing these settings will not prevent certain advertisements from being displayed to you. In some countries, by using the website, you agree to the use of Cookies. Where required by applicable law, we will seek your consent.

8. Children

Please be aware that our Services are intended for adults only. We do not provide Services to minors under the age of eighteen (18). If you are under the age of eighteen, please do not submit any information through this Platform, and please do not submit any information about minors. If we have evidence that you have violated the foregoing, we will delete the relevant personal information in accordance with applicable law.

9. "Do Not Track" Signals

Some browsers include a "Do Not Track" (DNT) feature that can send a signal to the websites you visit indicating that you do not wish to be tracked. However, since there is currently no industry consensus on the interpretation of this signal, our Services do not currently respond to such signals.

10. Third-Party Websites

If we provide links to third-party websites not under our control, this Privacy Policy does not apply to those third-party websites, regardless of whether such websites mention our brand. We recommend that you carefully read the relevant policies of third-party websites. However, we will restrict the types, methods, and purposes of information collection by partners within the agreements we have reached with them.

11. Contact Us

If you have any questions or suggestions regarding this Privacy Policy, please contact us at dataprivacy@tokenlx.ai .