Privacy Policy

Last updated: May 10, 2026

TokenSea ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

1.1 Information You Provide

Account Information: Username, email address, display name, and password (hashed) when you register.
API Usage Data: Model requests, prompts, and responses processed through our API relay.
Payment Information: Billing and quota top-up records (we do not store full payment card details).
Communications: Messages you send through our contact form or support channels.

1.2 Automatically Collected Information

Usage Analytics: Request counts, token consumption, latency metrics, and error rates.
Technical Data: IP address, browser type, operating system, and access times.
Log Data: Server logs containing request timestamps, endpoints accessed, and response status codes.

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our API gateway and platform services
Process API requests, calculate billing, and manage quota
Authenticate users and prevent unauthorized access
Monitor service health, detect abuse, and ensure platform security
Communicate with you about your account, service updates, and support inquiries
Comply with legal obligations

3. Data Storage and Security

Your data is stored on secure servers with the following protections:

All data is encrypted in transit using TLS 1.3
Passwords are hashed using bcrypt with 12 salt rounds — we never store plaintext passwords
API keys are stored as SHA-256 hashes — the full key is shown only once at creation
Database access is restricted to authorized personnel with audit logging
JWT tokens have a 7-day expiry and are validated on every request

4. Data Retention

Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
Request logs: Retained for 90 days for billing and debugging, then automatically purged.
API prompts and responses: Not stored after request completion. We do not train models on your data.
Audit logs: Retained for 1 year for security and compliance purposes.

5. Data Sharing

We do not sell your personal information. We may share data with:

Upstream AI providers: Your API prompts are forwarded to providers (e.g., Anthropic, OpenAI) to fulfill requests, subject to their respective privacy policies.
Service providers: Cloud infrastructure providers who process data on our behalf under strict contractual obligations.
Legal requirements: When required by law, regulation, or legal process.

6. Your Rights

You have the right to:

Access your personal data held by us
Request correction of inaccurate data
Request deletion of your account and associated data
Export your data in a machine-readable format
Object to processing of your data for specific purposes

To exercise these rights, contact us at privacy@tokensea.ai.

7. Cookies

TokenSea uses minimal cookies for authentication (JWT token storage) and does not use tracking cookies or third-party analytics that profile users across sites.

8. International Transfers

Your data may be processed in jurisdictions outside your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

9. Children's Privacy

TokenSea is not intended for use by individuals under the age of 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform. Continued use after changes constitutes acceptance.

11. Contact Us

For privacy-related inquiries, contact our Data Protection Officer at privacy@tokensea.ai.