← Back to home

Privacy Policy

Last updated:

At Tokkin we respect your privacy. This policy explains what data we collect, how we use it, and what rights you have over it. Tokkin is a tool used by private lenders in Latin America to manage their own loans and send WhatsApp reminders to their borrowers.

1. Who is responsible for your data

The data controller is the Tokkin team. You can reach us at [email protected] for any privacy matter.

2. What data we collect

We distinguish between two kinds of people:

a) App users (lenders)

  • Full name, email, phone and country at sign-up
  • Authentication credentials (managed via Firebase)
  • Information about their loans and borrowers they enter themselves
  • Technical data: app version, device model, language
  • Push notification token (optional)

b) User contacts (borrowers)

Lenders enter their borrowers into Tokkin to manage them. This data is processed on behalf of the lender and may include:

  • Name and WhatsApp number
  • Address (if the lender captures it)
  • Notes and loan payment history

Tokkin does not sell or share this data with third parties for advertising purposes.

3. How we use it

  • To provide the service: loan dashboard, installment calculation, history.
  • To send WhatsApp reminders to borrowers on behalf of the lender, using the official Meta Cloud API.
  • To send push notifications to lenders about due dates.
  • To improve the product (aggregated, anonymous metrics).
  • To comply with legal obligations.

4. WhatsApp and Meta

Messages to borrowers are sent through the official WhatsApp Business API (Meta Cloud API), always using pre-approved templates. Recipients see the message coming from the lender's verified number, not Tokkin's. Meta also processes this data under its own terms.

5. Legal basis

  • Contract performance: to provide the service to the user.
  • Legitimate interest: to send contractual reminders to borrowers, given a prior loan relationship exists.
  • Consent: for marketing communications (always opt-in).

6. Storage and security

Data is stored on servers in Europe (Hetzner) and encrypted in transit (TLS) and at rest. Authentication credentials are never stored in plain text.

7. Retention

We keep data while the account is active. If you delete your account, we erase identifiable data within 30 days, except records we must retain for legal or accounting obligations.

8. Your rights (GDPR, LGPD, and local equivalents)

You have the right to:

  • Access your personal data
  • Rectify it if incorrect
  • Request its deletion
  • Object to or restrict processing
  • Port your data
  • Withdraw consent at any time

To exercise any of these rights, email [email protected]. If you are a borrower receiving messages and want to stop, you can also use our form at /en/remove-me.

9. Minors

Tokkin is not intended for people under 18.

10. Changes to this policy

If we make material changes we will notify you by email or inside the app at least 15 days in advance.

11. Contact

For any question about this policy write to [email protected].