Privacy Policy

1. Introduction

TokenTra, Inc. ("TokenTra," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at tokentra.io, use our AI cost intelligence platform, integrate our SDK, or interact with our services in any way.

This Privacy Policy applies to all users of our Service, including visitors to our website, registered users, and organizations that integrate our platform. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

We encourage you to read this Privacy Policy carefully and contact us if you have any questions. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

We collect information in several ways: directly from you when you provide it, automatically when you use our Service, and from third-party sources when you connect external accounts.

2.1 Account Information

When you create an account or register for our Service, we collect:

2.2 AI Provider Usage Data

To provide our AI cost tracking and optimization services, we collect usage metadata from your connected AI providers:

• • Token counts: Input tokens, output tokens, cached tokens
• • Model information: Model names, versions, and configurations used
• • Timestamps: When API calls were made
• • Cost data: Calculated costs based on provider pricing
• • Attribution tags: Team, project, feature, and user IDs you assign
• • Request metadata: Request IDs, latency, success/failure status

2.3 Technical and Usage Data

We automatically collect certain technical information when you access our Service:

• • IP address and approximate geographic location
• • Browser type, version, and language preferences
• • Operating system and device information
• • Pages visited, features used, and time spent on pages
• • Referring URLs and exit pages
• • Error logs and performance metrics
• • Clickstream data and interaction patterns

2.4 Payment Information

When you subscribe to a paid plan, payment information is collected and processed by our payment processor, Stripe, Inc. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. We only receive and store:

• • Last four digits of your card number
• • Card brand (Visa, Mastercard, etc.)
• • Card expiration date
• • Billing address
• • Transaction history and invoices

3. How We Use Your Information

We use the information we collect for various purposes, all aimed at providing, maintaining, and improving our Service:

3.1 Service Delivery

• • Provide, operate, and maintain our AI cost intelligence platform
• • Process and display your AI usage data and cost analytics
• • Generate reports, forecasts, and optimization recommendations
• • Send alerts and notifications based on your configured preferences
• • Process payments and manage your subscription

3.2 Communication

• • Send transactional emails (account verification, password resets, invoices)
• • Send service-related announcements and updates
• • Respond to your inquiries and provide customer support
• • Send marketing communications (with your consent)

3.3 Improvement and Development

• • Analyze usage patterns to improve our platform
• • Develop new features and services
• • Conduct research and analytics
• • Test and troubleshoot new products and features

3.4 Security and Compliance

• • Detect, prevent, and address fraud and abuse
• • Monitor and enforce our Terms of Service
• • Comply with legal obligations and respond to lawful requests
• • Protect the rights, property, and safety of TokenTra and our users

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

5. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

All service providers are bound by data processing agreements that require them to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We will notify you of such requests unless prohibited by law.

5.3 Business Transfers

If TokenTra is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6. Data Security

We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

6.1 Technical Safeguards

6.2 Organizational Safeguards

• • Regular security training for all employees
• • Background checks for employees with data access
• • Confidentiality agreements with all staff
• • Annual penetration testing by third parties
• • Regular security audits and assessments

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring these rights regardless of where you are located.

8.1 Rights for All Users

• ✓ Access: Request a copy of the personal data we hold about you
• ✓ Correction: Request correction of inaccurate or incomplete data
• ✓ Deletion: Request deletion of your personal data
• ✓ Export: Receive your data in a portable, machine-readable format
• ✓ Opt-out: Unsubscribe from marketing communications at any time

8.2 Additional Rights (EEA, UK, Switzerland)

• ✓ Restriction: Request restriction of processing in certain circumstances
• ✓ Objection: Object to processing based on legitimate interests
• ✓ Withdraw Consent: Withdraw consent at any time where processing is based on consent
• ✓ Complaint: Lodge a complaint with your local data protection authority

8.3 California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• ✓ Right to know what personal information is collected, used, and shared
• ✓ Right to delete personal information
• ✓ Right to opt-out of the sale or sharing of personal information (we do not sell your data)
• ✓ Right to non-discrimination for exercising privacy rights
• ✓ Right to correct inaccurate personal information
• ✓ Right to limit use of sensitive personal information

8.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@tokentra.io. We will respond to your request within 30 days (or sooner if required by law). We may need to verify your identity before processing your request.

9. International Data Transfers

TokenTra is based in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

When we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we use appropriate safeguards including:

• • Standard Contractual Clauses approved by the European Commission
• • Data Processing Agreements with all service providers
• • Additional technical and organizational measures as needed

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your interactions with our Service. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

11. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@tokentra.io. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• • Update the "Last updated" date at the top of this policy
• • Notify you by email at least 30 days before changes take effect
• • Post a prominent notice on our website

Your continued use of our Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.