Privacy Policy for Tokenthon

Effective Date: 3 November 2025

Tokenthon ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API and website (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect several types of information based on your interaction with our Service:

Personal Identification Data:

From Google Oauth:

When you sign up, we collect your name, email, email_verified status, and image (profile picture) from your Google account.

From Stripe:

When you subscribe, we receive a stripe_customer_id and confirmation of your subscription. We do not collect or store your full credit card number or payment details; this is handled entirely by Stripe.

Technical & Session Data:

Session Information:

session_id, expiresAt, token (to keep you logged in).

Device & Connection Data:

ipAddress and userAgent (your browser/device type).

Account Data:

provider_id (e.g., "google"), access_token, id_token (used solely for authenticating you and managing your session).

Service & Usage Data:

API Usage Logs:

We log your API requests to manage rate limits, bill you correctly, and monitor for abuse.

User Account Data:

We store your role (e.g., "free," "paid"), banned status, and any banReason.

API Input & Output Data (Prompts & Responses):

We collect the inputs (prompts) you send to our API and the outputs (AI generations) you receive.

Caching: This data is temporarily cached on our servers for a period of 5 to 60 minutes for operational purposes (e.g., debugging, service delivery).

2. How We Use Your Information

We use the information we collect for the following purposes:

To Provide and Maintain the Service: To authenticate you, manage your account, process your subscriptions, and deliver API responses.

To Improve and Analyze the Service: To monitor usage, analyze trends, and improve our Service's performance and features.

To Enforce Our Terms: To monitor for prohibited conduct (like API key sharing), manage account bans, and protect the security and integrity of our Service.

To Communicate With You: To send you service-related announcements, billing invoices, and respond to your support or appeal requests via your registered email.

3. How We Share Your Information

We do not sell your personal data. We only share your information in the following limited circumstances:

With Third-Party AI Providers (e.g., OpenAI):

This is essential to the Service. To generate AI Output, we must send your API Inputs (prompts) to our third-party partners (like OpenAI).

This data is subject to the privacy policies and data handling practices of those providers. We are not responsible for how they use your data.

With Our Payment Processor (Stripe): We share information necessary to create your customer profile and process your payments.

For Legal Compliance: We may disclose your information if required by law, subpoena, or other legal process in response to a valid request by public authorities (e.g., a court or government agency), especially under Singaporean law.

To Enforce Our Rights: To protect and defend the rights, property, or safety of Tokenthon, its partners, its users, or the public.

4. Cookies

Yes, we use cookies and similar tracking technologies (e.g., for session management) to operate and maintain our website and Service. You can instruct your browser to refuse all cookies, but this may prevent you from using some portions of our Service.

5. Data Security

We implement reasonable security measures to protect your information. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

6. Data Retention

Account Data: We retain your personal data (name, email, etc.) for as long as your account is active.

API Inputs/Outputs: We temporarily cache this data for 5 to 60 minutes, after which it is intended to be deleted from our active logs.

Usage Logs: We may retain anonymized or aggregated usage logs for longer periods for analytics and service improvement.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal data. You may contact us at tokenthon@gmail.com to request access to or correction of the personal data we hold about you.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Effective Date."

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at: tokenthon@gmail.com