TokonLab

Last updated: March 1, 2026

Privacy Policy

TokonLab, Inc. ("TokonLab," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our API services and website.

Information We Collect

We collect the following types of information:

  • Account information — email address, name, and authentication credentials when you create an account.
  • API usage data — request counts, token usage, model selections, latency metrics, and error rates. This data is used for billing and service improvement.
  • Payment information — processed securely through Stripe. We do not store full card numbers or CVV codes.
  • Log data — IP addresses, browser type, and timestamps for security and debugging purposes.

What We Do Not Collect

We do not store, log, or train on the content of your API requests or responses. Your prompts and completions are not retained after the request is fulfilled. We do not use your data to train AI models.

How We Use Your Information

  • To provide, operate, and improve our services
  • To process payments and manage your account
  • To send service-related communications (billing, security alerts)
  • To detect and prevent fraud and abuse
  • To comply with legal obligations

Data Sharing

We do not sell your personal information. We share data only with:

  • AI model providers — your API requests are forwarded to the selected provider to generate responses. Providers receive only the request content, not your account information.
  • Payment processors — Stripe processes payments on our behalf.
  • Infrastructure providers — cloud hosting and CDN services necessary to operate our platform.
  • Legal requirements — when required by law or to protect our rights.

Data Retention

Account information is retained for the duration of your account. API usage metadata (token counts, timestamps) is retained for 90 days for billing reconciliation, then aggregated and anonymized. Request and response content is never stored.

Security

All data in transit is encrypted using TLS 1.3. API keys are stored as salted hashes. We conduct regular security audits and maintain SOC 2 Type II compliance.

Your Rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data. To exercise these rights, contact us at [email protected].

GDPR and CCPA

For users in the European Economic Area, TokonLab acts as a data controller for account information and a data processor for API traffic. For California residents, we comply with CCPA requirements and do not sell personal information.

Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions, contact us at [email protected] or write to TokonLab, Inc., San Francisco, CA, United States.