Privacy Policy

Last updated: January 2, 2026

Toki ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Chrome extension.

Information We Collect

When you use Toki, we collect the following information:

• Selected Text: When you right-click and choose to create a calendar event, the text you have selected is sent to our servers and third-party AI services for processing. This text is used solely to extract event details (date, time, location, description). See "Third-Party Services" section for details on how this data is handled.
• Google Calendar Access: We use Google OAuth to authenticate you with Google Calendar. We only request the calendar.events scope, which allows us to create, read, update, and delete calendar events. We do not access calendar settings, sharing permissions, or other calendars beyond what's necessary for event creation.
• Browser Timezone: We collect your browser's timezone information to correctly interpret and schedule events in your local time.
• Browser Local Storage: We store the following data locally in your browser:
  • Event cache (up to 20 recently processed events, expires after 1 hour)
  • Authentication status
  • Pending event details during processing
  This data never leaves your device and is automatically cleared when you uninstall the extension.

How We Use Your Information

• To process selected text and extract event details using AI
• To create calendar events in your Google Calendar on your behalf
• To improve and optimize the extension's functionality
• To provide customer support when requested

Data Storage and Security

Our Servers:

We do not permanently store the text you select or the events you create on our servers. Selected text is processed in real-time and discarded immediately after event details are extracted.

Third-Party Services:

Your selected text is sent to third-party services (OpenAI and LangSmith) with automatic privacy protections. See "Third-Party Services" section for retention policies.

Browser Storage:

Your Google authentication tokens are stored securely in your browser's local storage and are never transmitted to our servers or any third-party service. Event cache data is stored locally for up to 1 hour to improve performance, then automatically deleted.

Third-Party Services

We use the following third-party services to provide our functionality:

Google Calendar API

We use Google Calendar API to create events in your calendar. We only request the calendar.events permission scope, which allows us to create, read, update, and delete events. We do not access your calendar settings, sharing permissions, or other Google account data.

OpenAI

We use OpenAI's GPT-3.5-turbo model to process your selected text and extract event details (date, time, location, title, description). Your selected text is sent to OpenAI's API for processing.

OpenAI's Data Handling:

• API data is NOT used to train OpenAI's models
• Data is retained for 30 days for abuse and misuse monitoring, then deleted
• See OpenAI's privacy policy: https://openai.com/policies/privacy-policy

LangSmith (by LangChain)

We use LangSmith for quality monitoring and improving the accuracy of our AI event extraction.

What data is sent to LangSmith:

• User Input (Anonymized): Your selected text is automatically anonymized before being sent. We redact personally identifiable information (PII) including:
  • Email addresses → [EMAIL_REDACTED]
  • Phone numbers → [PHONE_REDACTED]
  • Names → [NAME_REDACTED]
  • Street addresses → [ADDRESS_REDACTED]
  • Credit card numbers → [CARD_REDACTED]
  • Social Security Numbers → [SSN_REDACTED]
• AI-Extracted Event Details (Not Anonymized): Event information extracted by our AI (titles, dates, times, locations, descriptions) is sent without anonymization to help us:
  • Monitor extraction accuracy
  • Identify and fix errors
  • Improve the product experience

Data Retention: LangSmith retains trace data for 14-30 days depending on the plan tier, then it is automatically deleted.

Purpose: This data is used solely for quality assurance, debugging, and improving the accuracy of our event extraction AI. It is never sold or used for marketing purposes.

Quality Monitoring and Improvement

To ensure our AI provides accurate event extraction, we collect and analyze:

What We Monitor:

• AI-extracted event details (titles, dates, times, locations, descriptions)
• Extraction success/failure rates
• Processing time and performance metrics

What We Don't Monitor:

• Your raw selected text (it's anonymized before logging)
• Your Google Calendar contents
• Your browsing history

Retention Period: Quality monitoring data is retained for 14-30 days, then automatically deleted.

Your Rights

You have the right to:

• Revoke the extension's access to your Google Calendar at any time through your Google Account settings
• Uninstall the extension to stop all data collection
• Request deletion of your quality monitoring data by contacting us (this will not affect your ability to use the extension)
• Request information about what data we have collected

Children's Privacy

Our extension is not intended for children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us via the developer information mentioned in the Chrome extension page.