Security

TOKUGO | The Spatial Commerce Layer.


Last updated: 16 June 2026

This Security Policy explains how TokuGo AI Ltd approaches the security of www.tokugo.ai, our website, digital services, demos, pilots, partner systems, and future platform features.

TOKUGO is building the Spatial Commerce Layer — transforming cities into immersive discovery, shopping, and rewards experiences powered by Spatial AI, Augmented Reality, Location Intelligence, and real-time commerce technology.

Security is important to TOKUGO because our platform may involve location-based experiences, brand and retailer data, AI-powered personalisation, AR features, rewards, wallet functionality, marketplace features, and future spatial commerce infrastructure.

This Security Policy should be read together with our:

  • Privacy Policy

  • Cookie Policy

  • Terms & Conditions

1. Who we are

This website is operated by:

  • Company name: TokuGo AI Ltd

  • Trading name: TOKUGO

  • Company number: 16526298

  • Registered office: 71–75 Shelton Street, Covent Garden, London, UK, WC2H 9JQ

  • Email: play@tokugo.ai

  • Website: www.tokugo.ai

For security-related questions, please contact us at:

  • Email: play@tokugo.ai

2. Our security commitment

TOKUGO is committed to protecting our website, users, partners, retailers, brands, investors, systems, data, and digital services.

We aim to apply appropriate technical and organisational measures to protect against:

  • Unauthorised access

  • Data loss

  • Data misuse

  • Data alteration

  • Data disclosure

  • Fraud

  • Abuse

  • Malicious activity

  • Platform disruption

  • Security vulnerabilities

  • Misuse of location-based or AR features

  • Misuse of reward, wallet, or marketplace features

No website, app, system, or digital platform can be guaranteed to be completely secure, but we take reasonable steps to reduce risks and improve protection as TOKUGO develops.

3. Website security

We aim to protect www.tokugo.ai through appropriate security measures, which may include:

  • Secure hosting

  • HTTPS encryption

  • Secure website configuration

  • Security monitoring

  • Access controls

  • Software updates

  • Spam protection

  • Malware protection

  • Backup processes

  • Form protection

  • Restricted admin access

  • Password protection

  • Review of third-party tools and plugins

We may update, modify, restrict, suspend, or remove website features where necessary to protect the security of the website or its users.

4. Data protection and privacy security

TOKUGO handles personal data in accordance with our Privacy Policy.

We aim to protect personal data through measures such as:

  • Access controls

  • Limited access on a need-to-know basis

  • Secure cloud services

  • Password protection

  • Encryption where appropriate

  • Data minimisation

  • Secure storage

  • Supplier due diligence

  • Confidentiality obligations

  • Monitoring for misuse or unauthorised access

  • Review of data retention practices

Where TOKUGO works with third-party providers, we aim to use providers that apply appropriate security and privacy standards.

5. Account and access security

If TOKUGO provides access to an account, dashboard, portal, demo, pilot, beta product, restricted area, or partner system, users are responsible for keeping their access details secure.

You must:

  • Use strong passwords

  • Keep login details confidential

  • Not share access without permission

  • Not allow unauthorised people to use your account

  • Notify TOKUGO if you suspect unauthorised access

  • Log out when using shared or public devices

  • Keep your devices, browsers, and software updated

TOKUGO may suspend or restrict access if we believe there is a security risk, misuse, breach of terms, unauthorised access, or suspicious activity.

6. Partner, retailer, and brand data security

TOKUGO may receive business, retailer, venue, product, offer, campaign, creative, or location data from partners.

This may include:

  • Store information

  • Location information

  • Product catalogues

  • Offer details

  • Pricing information

  • Brand assets

  • Logos

  • Campaign materials

  • Creative content

  • Pilot information

  • Analytics and performance data

Partners are responsible for ensuring that any information they provide to TOKUGO is accurate, lawful, authorised, and free from harmful code.

TOKUGO aims to protect partner data through appropriate access controls, storage practices, and operational safeguards.

7. Location, AR, and spatial security

TOKUGO’s platform may involve location-based experiences, map interfaces, AR previews, geofencing, spatial engagement, and real-world discovery.

We aim to design these features with safety and security in mind.

Users must use TOKUGO responsibly and remain aware of their surroundings.

You must not use TOKUGO:

  • While driving

  • While cycling

  • While crossing roads

  • While operating machinery

  • In restricted or dangerous areas

  • In a way that causes trespass

  • In a way that creates risk to yourself or others

  • In a way that violates laws, venue rules, or partner terms

TOKUGO may restrict, remove, or disable location-based or AR experiences where we believe there is a safety, legal, security, technical, or operational risk.

8. AI and recommendation security

TOKUGO may use AI, automation, recommendation systems, location intelligence, and analytics to support personalised discovery, offers, rewards, campaign insights, and spatial commerce experiences.

We aim to apply responsible safeguards around AI-powered features, including:

  • Monitoring for misuse

  • Reducing inaccurate or harmful outputs where possible

  • Limiting unnecessary data use

  • Reviewing high-risk use cases

  • Applying access controls

  • Protecting user and partner data

  • Avoiding unnecessary exposure of sensitive information

  • Improving systems over time

AI-generated recommendations, insights, or outputs may not always be accurate, complete, current, or suitable for every user or business.

Users and partners remain responsible for reviewing and approving any AI-generated recommendation, offer, campaign, or business decision before relying on it.

9. Rewards, wallet, TOKUCoins, and marketplace security

TOKUGO may introduce or test reward systems, TOKUCoins, wallet features, vouchers, digital assets, deal ownership, or marketplace functionality.

Where these features are available, TOKUGO may apply security measures such as:

  • Fraud monitoring

  • Abuse detection

  • Transaction checks

  • Account controls

  • Wallet access safeguards

  • Redemption limits

  • Marketplace moderation

  • Suspicious activity review

  • Temporary suspension of risky activity

Users are responsible for keeping their devices, accounts, passwords, wallets, private keys, and recovery information secure.

TOKUGO is not responsible for losses caused by users sharing login details, losing wallet access, using insecure devices, or failing to protect private keys or recovery phrases.

If blockchain or digital wallet features are introduced, additional terms, risk warnings, and security requirements may apply.

10. Third-party services and integrations

TOKUGO may use or connect with third-party services, platforms, APIs, tools, and providers.

These may include:

  • Hosting providers

  • Cloud infrastructure providers

  • Analytics tools

  • AI service providers

  • Map and location providers

  • AR technology providers

  • CRM and email tools

  • Payment providers

  • Wallet or blockchain providers

  • Video platforms

  • Social media platforms

  • Security providers

  • Form and booking tools

Third-party providers are responsible for their own security practices.

TOKUGO aims to choose suitable providers, but we cannot guarantee the security, availability, or performance of third-party services.

11. Security monitoring and misuse prevention

TOKUGO may monitor website, platform, demo, pilot, and account activity to help protect our systems and users.

This may include monitoring for:

  • Unauthorised access

  • Suspicious login attempts

  • Fraud

  • Spam

  • Malicious code

  • Bot activity

  • System abuse

  • Data scraping

  • Misuse of rewards or offers

  • Marketplace abuse

  • Security vulnerabilities

  • Breach of our Terms & Conditions

Where necessary, TOKUGO may investigate, restrict, suspend, block, or remove access to protect the website, platform, users, partners, or business.

12. Vulnerability reporting

If you believe you have found a security vulnerability in TOKUGO’s website, platform, demo, pilot, or systems, please report it responsibly.

Please contact us at:

  • Email: play@tokugo.ai

  • Subject line: Security Vulnerability Report

Please include:

  • A clear description of the issue

  • The affected page, feature, system, or URL

  • Steps to reproduce the issue

  • Screenshots or supporting details, if helpful

  • Your contact details

You must not:

  • Exploit the vulnerability

  • Access, copy, modify, delete, or disclose data

  • Disrupt TOKUGO systems

  • Harm users, partners, or third parties

  • Use automated attacks, brute force, denial-of-service, or social engineering

  • Publicly disclose the issue before TOKUGO has had a reasonable opportunity to review it

We appreciate responsible reporting and will review reports in good faith.

13. What users and partners should do

To help keep TOKUGO secure, users and partners should:

  • Use strong passwords

  • Keep account details confidential

  • Use secure devices and updated software

  • Avoid using public or shared devices for restricted access

  • Log out after using shared devices

  • Report suspicious activity

  • Check that submitted files are safe and lawful

  • Not upload malware, harmful code, or unauthorised material

  • Not attempt to bypass security controls

  • Not misuse rewards, offers, location features, AR features, wallet features, or marketplace features

14. Incident response

If TOKUGO becomes aware of a security incident, we will assess the issue and take appropriate steps depending on the nature and severity of the incident.

These steps may include:

  • Investigating the issue

  • Securing affected systems

  • Restricting access where needed

  • Notifying affected users or partners where appropriate

  • Notifying regulators where legally required

  • Working with service providers

  • Improving safeguards to reduce future risk

15. Updates to this Security Policy

TOKUGO may update this Security Policy from time to time.

We may update it to reflect:

  • Changes to our website

  • Changes to our platform

  • Changes to our security practices

  • Changes to our service providers

  • New product features

  • New partner systems

  • New wallet, rewards, or marketplace features

  • Legal, regulatory, or operational changes

The updated version will be posted on this page with a new “Last updated” date.

16. Contact us

For security-related questions, please contact:

  • Company: TokuGo AI Ltd

  • Trading name: TOKUGO

  • Company number: 16526298

  • Registered office: 71–75 Shelton Street, Covent Garden, London, UK, WC2H 9JQ

  • Email: play@tokugo.ai

  • Website: www.tokugo.ai

‹ Cookie policy