Jul 16, 2024

Security

TokuGo AI Ltd.
Company Number: 16526298
Address: 71–75 Shelton Street, Covent Garden, London, UK, WC2H 9JQ


Effective Date: 18/06/2025
Last Reviewed: 26/08/25

1. Purpose and Scope

This Security Policy establishes the framework for safeguarding the confidentiality, integrity, and availability of data, systems, and services operated by TokuGo AI Ltd.

It applies to:

  • All employees, contractors, and third-party partners.

  • All systems, APIs, infrastructure, and data associated with the TokuGoᴬᴵ platform (including AI, AR, and Web3 components).

  • All user data, business data, and transaction records processed under UK GDPR, the Data Protection Act 2018, and EU GDPR.

2. Regulatory Compliance

TokuGo AI Ltd. is committed to full compliance with applicable UK and EU regulations, including:

  • UK GDPR and EU GDPR – lawful, fair, and transparent processing of personal data.

  • Data Protection Act 2018 (UK) – compliance with data subject rights, retention, and security.

  • PCI DSS – for handling payment transactions securely.

  • EIDAS Regulation (EU) – ensuring secure and trusted electronic transactions.

  • FCA Guidance (UK) – where applicable to tokenised assets and digital payments.

3. Security Principles

Our security framework is based on the following principles:

  1. Zero Trust Architecture – all users, devices, and systems are authenticated and continuously verified.

  2. Data Minimisation – collect only what is strictly necessary for business and legal purposes.

  3. End-to-End Encryption – encryption in transit (TLS 1.3+) and encryption at rest (AES-256).

  4. Privacy by Design & Default – data protection integrated into every stage of product development.

  5. Least Privilege Access – access rights limited to role requirements.

  6. Continuous Monitoring & Incident Response – active monitoring with rapid response procedures.

4. Technical Controls

4.1. Infrastructure & Cloud Security

  • Hosting infrastructure operates on ISO 27001-certified cloud providers (AWS/Azure/GCP).

  • All services use multi-factor authentication (MFA) for admin and developer accounts.

  • Regular penetration testing and vulnerability scanning are conducted.

  • Automated logging and monitoring across all cloud services.

4.2. Application & API Security

  • Secure development lifecycle (SDLC) with code reviews, static/dynamic testing, and dependency scanning.

  • All APIs use OAuth 2.0 / JWT tokens with strict access scopes.

  • Rate limiting, anomaly detection, and DDoS protection enabled.

  • AR/Spatial features (8th Wall, Google ARCore/Maps APIs) use secure API keys with rotation policies.

  • AI services (OpenAI/Quantum AI stack) accessed via encrypted API calls, never exposing raw keys.

4.3. Web3 & Blockchain Security

  • TokuCoins smart contracts undergo independent security audits prior to deployment.

  • Multi-signature wallets required for treasury and large transactions.

  • Use of cold storage for reserve assets.

  • Anti-money laundering (AML) and know-your-customer (KYC) compliance applied where required.

4.4. Data Security & Privacy

  • Personal data encrypted at rest (AES-256).

  • Data retention aligned with GDPR principles.

  • User rights: access, portability, rectification, and erasure are supported via automated workflows.

  • Payment data handled only by PCI DSS Level 1-certified processors; no card details stored by TokuGo AI Ltd.

5. Organisational Controls

  • Information Security Officer (ISO): appointed to oversee compliance and implementation.

  • Access Control Policy: role-based access enforced, reviewed quarterly.

  • Employee Security Training: mandatory induction and annual refresher training.

  • Third-Party Risk Management: vendors must comply with ISO 27001 or equivalent.

  • Incident Response Plan: including breach notification procedures within 72 hours (GDPR requirement).

6. Monitoring and Review

  • Continuous monitoring using SIEM (Security Information & Event Management) tools.

  • Quarterly internal audits of security practices.

  • Annual independent security audits, including blockchain smart contract review.

  • Policy is reviewed annually or when regulations/technologies evolve.

7. Enforcement

Non-compliance with this policy may result in disciplinary action, contract termination, or legal escalation. All staff, partners, and third-party vendors are required to adhere to these standards.

8. Contact Information

For questions regarding this Security Policy, please contact:

TokuGo AI Ltd.
Company Number: 16526298
Address: 71–75 Shelton Street, Covent Garden, London, UK, WC2H 9JQ


‹ Cookie policy