TokenSense
Start Free Trial

Privacy Policy

Effective date: April 20, 2026

1. Introduction

TokenSense (“we,” “us,” or “our”) operates the TokenSense platform at tokensense.io. This Privacy Policy explains how we collect, use, store, and share information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your email address, password (hashed — we never store plaintext passwords), and optional profile details such as your name. If you subscribe to a paid plan, payment is processed by Stripe — we do not store your credit card numbers or bank details on our servers.

Workspace and Usage Data

We collect information about your workspace configuration, including workspace name, team members, projects, budget settings, and alert preferences. We also collect metadata about API requests proxied through the Service, including:

  • AI provider and model used
  • Token counts (input and output)
  • Request latency and timestamps
  • Cost calculations
  • HTTP status codes
  • Project and workflow attribution

By default, we do not log the content of your prompts or AI completions. If you opt into full-body logging in your workspace settings, that content is stored encrypted and accessible only to your workspace members.

Provider API Keys

You provide your own API keys for third-party AI providers. These keys are encrypted at rest using AES-256 encryption and are used solely to route your requests to the respective providers.

Automatically Collected Information

When you visit our website or use the dashboard, we may collect standard log information such as IP address, browser type, referring URL, and pages visited. We use this information for security, analytics, and improving the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and send billing-related communications
  • Track and display your AI usage costs and analytics
  • Enforce budgets, quotas, and rate limits you configure
  • Send important service notifications (security alerts, quota warnings, etc.)
  • Respond to support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Generate aggregated, anonymized analytics to improve the Service

4. How We Share Your Information

We do not sell your personal information. We share information only in these circumstances:

  • AI Providers:Your API requests are forwarded to the AI providers you configure (e.g., OpenAI, Anthropic, Google). The content of those requests is governed by each provider’s privacy policy.
  • Stripe: Payment information is processed by Stripe, governed by Stripe’s Privacy Policy.
  • Supabase: Our database infrastructure is hosted on Supabase. Account data and usage logs are stored in Supabase-managed PostgreSQL databases.
  • Railway:Our application servers are hosted on Railway’s infrastructure.
  • Legal Compliance: We may disclose information if required by law, regulation, or valid legal process.

5. Data Security

We take reasonable measures to protect your information, including:

  • Encryption of provider API keys at rest (AES-256)
  • HTTPS encryption for all data in transit
  • Row-level security in our database to isolate workspace data
  • Supabase Auth with secure session management
  • Role-based access control within workspaces

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your account information for as long as your account is active. Usage logs (request metadata) are retained for the duration of your subscription to support historical analytics. If you close your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing of your data
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. We may use basic analytics to understand how the Service is used, but we do not sell data to advertisers or share it with ad networks.

9. Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect information from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice within the Service at least 14 days before the changes take effect. The “Effective date” at the top of this page indicates when the policy was last revised.

12. Contact

If you have questions about this Privacy Policy or your data, contact us at [email protected].