Toyoai
Sign in

Trust & Security

This page is maintained by Sojitoyo Services to answer common security and privacy questions about ToyoAI. It is app-owned content, not an independent certification or audit.

Authentication & Access

  • Sign-in is handled by our managed authentication provider with email/password and Google sign-in.
  • Sessions use secure, httpOnly token storage managed by the auth provider.
  • Administrative access to the application is limited to Sojitoyo Services staff.

Platform & Hosting

  • ToyoAI runs on the Lovable platform with a managed Postgres database and edge runtime.
  • Data is transmitted over HTTPS/TLS in transit.
  • Database access is protected by row-level security policies that scope records to their owner.

Platform capabilities are provided by Lovable; describing them here is not a Lovable certification of this app.

Data We Collect

See our Privacy Policy for the full description of data collection, use, and retention.

Subprocessors & Integrations

  • Lovable Cloud — application hosting, database, authentication, storage.
  • Paystack — payment processing. Card data is handled by Paystack and never stored by us.

Retention & Deletion

You can request deletion of your account and associated data by contacting us at the address below. Some records may be retained where required by law or for fraud prevention.

Reporting a Security Issue

If you believe you've found a security vulnerability, please email info@sojitoyo.com.ng. Please do not publicly disclose the issue until we've had a reasonable opportunity to investigate and remediate.

Shared Responsibility

Sojitoyo Services maintains the application configuration and content of this page. The underlying platform features (hosting, database, auth infrastructure) are operated by Lovable. Customers are responsible for safeguarding their own account credentials and reviewing AI-generated outputs before use.