Privacy Policy — Tokyo Brain

TL;DR: Your data is yours. We collect only what's needed to run the service. We never use your data for AI training, and we never sell it to anyone.

1. Who We Are

Tokyo Brain is operated by Nexus AI (operated by Chang Family AI). This policy describes how we collect, use, and protect your information when you use the Tokyo Brain API and related services.

2. What Data We Collect

We collect only the minimum data necessary to provide the service:

Account Information: Email address provided during signup
API Keys: Generated authentication credentials for API access
Memory Data: Any data you store through the Tokyo Brain API (memories, embeddings, metadata)
Usage Logs: API request timestamps, endpoints called, and response codes (for operational monitoring)

3. How We Use Your Data

Your data is used solely to provide and operate the Tokyo Brain service. Specifically:

To authenticate your API requests
To store and retrieve your memory data as requested
To monitor service health and debug issues
To communicate important service updates

🔒 We never use your stored memories or data to train AI models.
🔒 We never sell, rent, or share your data with third parties for their own purposes.

4. Data Storage & Security

Region: All data is stored in AWS Tokyo region (ap-northeast-1)
Encryption at Rest: AES-256-GCM with envelope encryption
Encryption in Transit: TLS 1.3 for all API communications
Access Control: Per-tenant namespace isolation with strict access boundaries

For more details, see our Security & Compliance page.

5. Data Retention

Your data is retained for as long as your account is active:

Memory Data: Kept until you explicitly delete it via the /forget API endpoint or terminate your account
Account Data: Retained until account termination, then deleted within 30 days
Usage Logs: Retained for 90 days for operational purposes, then automatically purged

6. Your Rights

GDPR Rights (EU/EEA Users)

Under GDPR Articles 15–17, you have the right to:

Access: Request a copy of all data we hold about you
Export: Receive your data in a portable, machine-readable format
Delete: Request complete deletion of your data and account

CCPA Rights (California Residents)

Under the California Consumer Privacy Act, you have the right to:

Know what personal information we collect and how it's used
Request deletion of your personal information
Opt out of the sale of personal information (we don't sell your data, so this is already satisfied)
Non-discrimination for exercising your rights

To exercise any of these rights, contact us at privacy@tokyobrain.ai. We will respond within 30 days.

7. Cookies

We use minimal, session-only cookies strictly for authentication and session management. We do not use:

Tracking cookies
Third-party advertising cookies
Analytics cookies

8. Third-Party Services

We use the following third-party services to operate Tokyo Brain:

Cloudflare: CDN and DNS services (their privacy policy)
Amazon Web Services (AWS): Cloud hosting infrastructure (their privacy policy)

We do not use any analytics trackers, advertising networks, or data brokers.

9. Children's Privacy

Tokyo Brain is a developer API not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this policy from time to time. For material changes, we will notify you via the email address associated with your account at least 14 days before the changes take effect.

11. Contact Us

For privacy-related inquiries:

📧 privacy@tokyobrain.ai