Privacy Policy
Last updated: April 7, 2026
This Privacy Policy describes how AIOKA ("we," "us," or "our") collects, uses, and shares your personal information when you use our website at aioka.io, our API services, and related tools (collectively, the "Services").
By using our Services, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of our Services.
1. Information We Collect
1.1 Information You Provide Directly
When you register for an API key or contact us, we collect:
- Name — provided during API key registration
- Email address — provided during API key registration and used for account communications
We do not collect phone numbers, mailing addresses, payment information, passwords, social security numbers, or any other sensitive personal information.
1.2 Information Collected Automatically
When you visit our website, we automatically collect certain information through Vercel Analytics, our privacy-friendly analytics service:
- Log and usage data — pages visited, time of visit, referring URL, browser type and version
- Location data — approximate geographic location derived from your IP address (country/region level only)
Important: We do NOT use cookies, web beacons, pixel tags, or any other persistent tracking technologies. Vercel Analytics is a privacy-friendly service that does not use cookies and does not track users across websites or sessions.
1.3 Information We Do NOT Collect
We want to be transparent about what we do not collect:
- No payment or financial information (we do not process payments currently)
- No biometric data
- No social media account data
- No device identifiers or hardware information
- No professional or employment data
- No education records
- No audio, visual, or sensory data
- No user-generated content (our platform does not support content uploads)
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Deliver and facilitate our API services (generate and manage API keys) | Performance of a contract |
| Respond to your inquiries and provide support | Performance of a contract |
| Send administrative information (service updates, security alerts) | Performance of a contract |
| Identify usage trends to improve our services | Legitimate interest |
| Protect our services from abuse, fraud, and security threats | Legitimate interest |
We do NOT use your personal information for advertising, marketing communications, profiling, automated decision-making, or selling to third parties.
4. Third-Party Services
We use the following third-party services to operate AIOKA. Each provider has its own privacy policy and data processing agreements:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Vercel | Website hosting and analytics | Page views, visitor location (country), browser type | United States |
| Anthropic | AI platform (Claude) for market analysis | Market data only — no personal user data | United States |
| Railway | Backend hosting and compute | API request logs (IP anonymized) | United States |
| Neon | PostgreSQL database hosting | Name and email (for API key accounts) | United States |
| Cloudflare | DNS management and email routing | Domain-level traffic data | Global (US-based company) |
All third-party providers have data processing agreements in place and comply with applicable data protection regulations.
5. AI-Based Services
AIOKA uses artificial intelligence to provide market data analysis and trading signal generation. Our AI services are powered by Anthropic's Claude platform.
- What the AI processes: Market data, price feeds, technical indicators, and on-chain analytics. The AI does NOT process any personal user information.
- How AI outputs are used: AI-generated verdicts and signals are provided through our API for informational purposes only. They do not constitute financial advice.
- Opting out: If you wish to opt out of any processing of personal information related to our AI-based services, contact us at info@aioka.io.
7. Data Retention
We retain your personal information for as long as you maintain an active account with us (i.e., hold a valid API key). When you request account deletion, we will delete your personal information within 30 days, except where we are legally required to retain it.
Anonymized analytics data (page views, visitor counts) does not contain personal information and may be retained indefinitely for service improvement purposes.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encrypted database storage (Neon PostgreSQL with encryption at rest)
- HTTPS/TLS encryption for all data in transit
- API key authentication for all protected endpoints
- Rate limiting to prevent abuse
- Cloudflare DNS protection
- Regular security audits and automated testing (1,284+ automated tests)
While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information.
9. International Data Transfers
AIOKA is operated from the Czech Republic (European Union). However, our third-party service providers are located in the United States. When your personal information is transferred outside the EU/UK, we ensure adequate protection through the European Commission's Standard Contractual Clauses (SCCs), as incorporated into our service providers' data processing agreements.
10. Your Rights Under GDPR (EU/UK/EEA)
If you are located in the European Union, United Kingdom, Iceland, Liechtenstein, Norway, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to restriction — request that we limit processing of your data
- Right to data portability — request your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — withdraw previously given consent at any time
- Right to lodge a complaint — file a complaint with your local data protection authority
To exercise any of these rights, contact us at info@aioka.io. We will respond within 30 days.
Legal Bases for Processing
Under the GDPR, we rely on the following legal bases to process your personal information:
- Consent — where you have given us explicit consent
- Performance of a contract — to provide our API services to you
- Legitimate interests — to improve our services and protect against abuse, where these interests are not overridden by your rights
- Legal obligation — where we are required by law to process your data
- Vital interests — in rare cases to protect someone's life
11. Your Rights Under CCPA/CPRA (California)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following rights:
- Right to know — what personal information we collect, use, and disclose
- Right to delete — request deletion of your personal information
- Right to opt-out of sale/sharing — we do NOT sell or share your personal information
- Right to non-discrimination — you will not be penalized for exercising your rights
- Right to correct — request correction of inaccurate personal information
- Right to limit use of sensitive information — we do not collect sensitive personal information
Categories of Personal Information Collected (Last 12 Months)
| Category | Collected | Disclosed | Sold |
|---|---|---|---|
| Identifiers (name, email) | Yes | No | No |
| Internet activity (page views) | Yes | No | No |
| Geolocation (country level) | Yes | No | No |
| Biometric data | No | No | No |
| Sensory data | No | No | No |
| Professional/employment data | No | No | No |
| Education data | No | No | No |
| Consumer profiles/inferences | No | No | No |
To exercise your rights, contact us at info@aioka.io. We will verify your identity and respond within 45 days.
This privacy policy also covers all other enacted US state privacy laws including those in Colorado (CPA), Connecticut (CTDPA), Delaware (DPDPA), Florida (FDBR), Indiana (ICDPA), Iowa (ICDPA), Kentucky (KCDPA), Maryland (MODPA), Minnesota (MCDPA), Montana (MCDPA), Nebraska (NDPA), New Hampshire (NHPA), New Jersey (NJDPA), Oregon (OCPA), Rhode Island (RIDTPPA), Tennessee (TIPA), Texas (TDPSA), Utah (UCPA), and Virginia (VCDPA).
12. Your Rights Under PIPEDA (Canada)
If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25 grant you the right to access, correct, and request deletion of your personal information. To exercise these rights, contact us at info@aioka.io.
13. Children's Privacy
AIOKA is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a minor, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at info@aioka.io.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.
For significant changes that affect your rights, we will make reasonable efforts to notify you via the email address associated with your API key.
15. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
We aim to respond to all privacy-related inquiries within 30 days.
© 2026 AIOKA. All rights reserved.
Back to Home