Privacy Policy

1. Overview

Gaokey is a non-custodial EOA (externally owned account) mobile wallet. Toii Social LLC (“we,” “us,” or “Company”) does not collect, store, transmit, back up, or recover your private keys or recovery phrase at any time. Users create or import a 12 or 24-word BIP-39 recovery phrase, which is encrypted and stored exclusively on the user’s device. Face ID, Touch ID, or PIN unlocks the local vault on that device only — biometrics are not the key, and biometric data never leaves the device.

This is not a policy choice — it is an architectural one. Gaokey is designed so that recovery phrases and signing keys never leave your device. Every signature is performed locally after explicit user approval.

The Company does not act as a fiduciary, custodian, exchange, broker-dealer, or financial advisor to any user. The Company does not provide fiat on/off ramps, investment advice, or wallet recovery services. The Company does not own, control, or operate any blockchain network. Users interact with blockchain networks directly and independently.

2. Legal Classification

Gaokey is a non-custodial software application. The Company does not:

• Act as a financial institution, bank, depository, or exchange
• Provide custodial wallet or asset management services
• Operate as a money transmitter or money services business (MSB) under FinCEN regulations
• Hold, control, or intermediate user funds at any time
• Execute transactions on behalf of users
• Provide fiat on-ramp or off-ramp services
• Recover wallets, recovery phrases, or private keys

Users interact directly with blockchain networks. Nothing in this Policy constitutes financial, investment, tax, or legal advice.

3. Information We Collect

3.1 Information We DO Collect

We collect only the minimum data necessary to maintain app stability:

• Anonymized crash logs — generated when the app encounters an unexpected error. These logs do not contain personal identifiers, wallet data, or transaction information.
• App performance metrics — response times, screen load performance, and error rates, collected in aggregate and anonymized.
• Device environment data — operating system version and device type, used solely to reproduce and fix bugs.

3.2 Information We DO NOT Collect

Gaokey and Toii Social LLC do not collect, store, transmit, back up, or recover:

• Private keys, recovery phrases, seed phrases, or mnemonic phrases
• Wallet addresses or balances
• Transaction history or on-chain activity
• Biometric data (Face ID / Touch ID / fingerprint templates) — biometric data stays on your device
• Device PIN or local vault unlock secrets
• Real name, email address, or phone number
• Government-issued identification
• Location data

We do not collect or store IP addresses in a manner that can identify individual users.

4. How We Use Information

Anonymized crash and performance data is used exclusively to identify and fix software defects, improve application stability, and prioritize engineering resources. We do not use any collected data for advertising, user profiling, behavioral tracking, or monetization. We do not sell, license, rent, or share your data with third parties for commercial purposes.

Do Not Track: Gaokey does not respond to Do Not Track (DNT) signals because we do not track users.

5. Blockchain Disclosures

• Transactions may be irreversible. Once broadcast to a blockchain network, transactions cannot generally be reversed, cancelled, or modified by the Company or any party.
• Transactions are publicly visible. Blockchain transactions are recorded on public ledgers and may be viewed by anyone.
• We have no recovery capability. Toii Social LLC cannot recover lost private keys, restore deleted wallets, recover recovery phrases, or reverse unauthorized or mistaken transactions. Users are solely responsible for safeguarding their recovery phrase and for every transaction they approve.
• Local signing only. Every signature is performed locally on your device after your explicit approval.
• Pre-mainnet software. An independent external security audit is planned prior to mainnet release. Do not use with material funds until audit completion.

6. Data Storage and Security

Your recovery phrase and private keys are encrypted and stored in a local vault on your device, protected by your device’s hardware-backed secure storage:

• iOS: Secure Enclave and Keychain
• Android: Android Keystore System

Face ID, Touch ID, or your device PIN unlocks the local vault on this device only. Biometric templates remain on your device and are never transmitted to the Company. Biometrics are not the key — they only authorize the local app to read the encrypted vault.

IronClaw Security Standard: Gaokey is built to the IronClaw Security Standard. OTA updates are disabled — all app updates are delivered exclusively through the Apple App Store and Google Play Store. No credentials are stored on external servers. All cryptographic signing occurs locally on-device after explicit user approval.

7. Third-Party Services

Gaokey uses a limited number of third-party services for build infrastructure and distribution. These services do not receive wallet data, private keys, seed phrases, or any cryptographic material.

We do not integrate advertising SDKs, social media trackers, or analytics platforms that collect personally identifiable information.

8. International Users

Gaokey is operated by Toii Social LLC, headquartered in the United States. If you access Gaokey from outside the United States, you acknowledge that any limited data we collect may be processed in the United States.

9. Children’s Privacy

Gaokey is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at privacy@gao.global and we will promptly delete such information. This policy is consistent with COPPA.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights:

• Right to Know — Request information about personal information we have collected about you.
• Right to Delete — Request deletion of personal information we have collected.
• Right to Correct — Request correction of inaccurate personal information.
• Right to Opt-Out — We do not sell or share personal information. There is nothing to opt out of.
• Right to Non-Discrimination — We will not discriminate against you for exercising any privacy rights.

To exercise your rights, contact privacy@gao.global. We will respond within 45 days as required by law.

11. No Warranty

Gaokey is provided “as is” and “as available” without warranties of any kind. The Company disclaims all liability for loss of funds, loss of access to wallets, unauthorized transactions, software defects, or network downtime. Use of the application is at your own risk.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, TOII SOCIAL LLC AND ITS OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO YOUR USE OF THE APP. IN NO EVENT SHALL THE COMPANY’S TOTAL LIABILITY EXCEED ONE HUNDRED U.S. DOLLARS ($100.00).

13. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions.

14. Data Retention

Anonymized crash logs and performance metrics are retained for a maximum of 90 days, after which they are permanently deleted. Because this data is anonymized, it cannot be attributed to or retrieved on behalf of any specific user.

15. Changes to This Policy

We will provide at least 30 days’ notice before any material changes, delivered via in-app notification or an update to this page with a revised Effective Date. Your continued use of Gaokey after the effective date constitutes acceptance of the changes.

16. Contact

Toii Social LLC — A Delaware Limited Liability Company
Support: support@gao.global
Privacy inquiries: privacy@gao.global
Legal inquiries: legal@gao.global
Security disclosures: security@gao.global — Subject: [SECURITY]