Privacy Policy

Your privacy matters. Here's how Toya handles your data.

Introduction

Effective Date: February 2026

Keberos, Inc ("Keberos," "we," "us," or "our") operates the Toya mobile application and the website located at usetoya.com (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using Toya, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Collection And Use Of Personal Information

We collect personal information that you voluntarily provide to us when you register for an account, link your financial accounts, or otherwise contact us. This information may include:

  • Your name and email address when you create an account.
  • Financial account data (such as account balances, APRs, credit limits, and payment schedules) when you link your credit cards and loans through our secure banking partner, Plaid.
  • Device information, IP address, and usage data collected automatically when you interact with our Service.

We use read-only access to your financial accounts through Plaid. Toya cannot move your money, make payments, or initiate transactions on your behalf.

Processing Purposes

We process your personal information for the following purposes, based on lawful grounds including your consent and the performance of our contract with you:

  • To provide our Service: Generate personalized debt payoff plans, track your balances, and deliver AI-driven financial insights.
  • To communicate with you: Send payment reminders, account updates, and respond to your inquiries.
  • To improve our Service: Analyze usage patterns and feedback to enhance the Toya experience.
  • To ensure security: Detect and prevent fraudulent activity and protect our users.
  • To comply with legal obligations: Meet applicable laws, regulations, and legal processes.

Categories Of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information:

  • Identifiers: Name, email address, phone number, and account credentials.
  • Financial Information: Credit card and loan account details including balances, APRs, credit limits, and payment due dates (accessed via Plaid).
  • Internet or Network Activity: Browsing history on our Service, device information, IP address, and interaction data.
  • Geolocation Data: Approximate location based on IP address.
  • Inferences: Information derived from the above categories to create a profile about you reflecting your financial preferences and behaviors.

Disclosures And Transfers Of Personal Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

  • With your consent: When you have given us explicit permission to share your information.
  • Service providers: With trusted third-party vendors who assist in operating our Service (e.g., Plaid for financial data aggregation, cloud hosting providers, analytics services). These providers are contractually obligated to protect your information.
  • Legal requirements: When required by law, regulation, legal process, or governmental request.
  • Protection of rights: To protect the rights, property, or safety of Keberos, our users, or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets (see "Business Transfers" section below).

California Residents' Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information.
  • Right to Delete: You may request that we delete the personal information we have collected about you, subject to certain exceptions.
  • Right to Opt-Out: You may opt out of the sale of your personal information. Note: Keberos does not sell personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, please contact us at support@usetoya.com. We will verify your identity before processing your request and respond within 45 days.

General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA) or United Kingdom, you have additional rights under the GDPR, including:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure: You may request the deletion of your personal data under certain conditions.
  • Right to Restriction: You may request that we restrict the processing of your personal data.
  • Right to Data Portability: You may request your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: You may object to the processing of your personal data based on legitimate interests.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. When data is no longer needed, it is securely deleted or anonymized.

If your personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Confidentiality And Security

We take the security of your personal information seriously and implement industry-standard measures to protect it:

  • All data is encrypted in transit using TLS 1.2+ and at rest using 256-bit AES encryption.
  • We use read-only access to your financial accounts, meaning Toya can never move your money or make transactions on your behalf.
  • Access to personal information is restricted to authorized personnel on a need-to-know basis.
  • We conduct regular security assessments and vulnerability testing.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us at support@usetoya.com. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers.

Cookie Policy

We use cookies and similar tracking technologies to enhance your experience on our Service. Cookies are small data files stored on your device that help us remember your preferences, understand how you use our Service, and improve our offerings.

We use the following types of cookies:

  • Essential Cookies: Necessary for the Service to function properly, such as session management and authentication.
  • Analytics Cookies: Help us understand how users interact with our Service so we can improve it.
  • Preference Cookies: Remember your settings and preferences for a better experience.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Service. For more information about cookies, visit www.allaboutcookies.org.

Third-Party Websites

Our Service may contain links to third-party websites or services that are not owned or controlled by Keberos. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party websites you visit.

Business Transfers

If Keberos is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you before your personal information is transferred and becomes subject to a different privacy policy. Any successor entity will be required to honor the commitments made in this Privacy Policy.

Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Keberos, Inc

131 Continental Dr Suite 305, Newark, DE 19713

Email: support@usetoya.com

Last updated: February 2026