Security and encryption
Stored provider credentials use AES-256-GCM. Read the implementation scope, key lifecycle, and honest threat model.
Read security design →Reviewed July 18, 2026
Stored provider credentials use AES-256-GCM. Read the implementation scope, key lifecycle, and honest threat model.
Read security design →The Privacy Policy names hosting, database, payment, email, and monitoring services and the data categories shared.
View subprocessors →Retention depends on data type and legal obligations. Account deletion does not override records that must be retained for disputes, tax, fraud, or accounting.
Read retention terms →The public status page reports the checks implemented by TryTokka. It is not a contractual uptime SLA.
Open service status →Security researchers can use the RFC 9116 security.txt contact and policy links. Do not include active credentials or personal data in a report.
Open security.txt →TryTokka distinguishes list-rate estimates, synced provider usage, and finalized billing records. Provider invoices remain the settlement source.
Read the accuracy framework →TryTokka names its founder and support channel. No customer count, funding, award, or team-size claim is implied.
Meet the founder →Read current subscription, refund-window, cancellation, and payment-provider terms before purchasing.
Read Terms of Service →Claims are checked against the linked primary sources. Provider prices and product features can change; verify the source before making a purchasing or production decision. Last checked 2026-07-18.
Found an outdated statement? Email legal@trytokka.com.
For product, privacy, or billing questions, use Support. For a suspected vulnerability, follow security.txt so the report reaches the documented contact.