Privacy Policy

TokenCap ("we", "us", or "our") operates the TokenCap platform at https://tokencap.io. We provide spend-cap enforcement and monitoring services for AI agents and LLM API calls.

For the purposes of UK and EU data protection law, TokenCap is the data controller for personal data collected through the Service.

If you have any questions about this policy or how we handle your data, contact us at privacy@tokencap.io.

Account data

When you create an account we collect your name, email address, and a hashed password. If you are invited to join an organisation, we collect your email address from the invitation.

Billing data

Payment details (card number, billing address) are collected and stored by Stripe, our payment processor. We store only a Stripe customer ID and the last 4 digits of your card for display purposes. We never store full card details.

Usage and event data

When you use the Service, we record metadata about LLM API calls routed through or reported to TokenCap. This includes: agent identifiers, model names, token counts, estimated cost in USD, whether a call was allowed or blocked, cap breach reasons, and timestamps.

We do not store prompts, messages, or LLM responses. Only the metadata above is retained.

Provider API keys (proxy mode)

If you use proxy mode, you may store LLM provider API keys (e.g. OpenAI, Anthropic) in the Service. These keys are encrypted at rest using AES-256-GCM. They are never returned via the API after initial storage and are used solely to forward requests to the provider on your behalf.

Technical and log data

We collect standard server log data including IP addresses, browser type, pages visited, and timestamps. This data is used for security monitoring, debugging, and Service improvement.

Cookies

We use session cookies to keep you logged in to the dashboard. We do not use third-party tracking cookies or advertising cookies. You can disable cookies in your browser settings, but the dashboard will not function without session cookies.

We use the data we collect to:

• provide and operate the Service, including enforcing spend caps and recording usage events;
• process payments and manage your subscription;
• send transactional emails (account creation, password reset, billing receipts, invite emails);
• send service notifications (cap breach alerts, approaching threshold alerts) where configured;
• respond to support requests and enquiries;
• monitor for and investigate security incidents or abuse;
• comply with legal obligations; and
• improve the Service based on aggregated, anonymised usage patterns.

We do not use your data for advertising, profiling, or sale to third parties.

If you are located in the UK or European Economic Area, we process your personal data on the following legal bases:

• Contract performance — processing necessary to provide the Service you have signed up for (account data, usage data, billing data).
• Legitimate interests — security monitoring, fraud prevention, service improvement, and sending relevant service communications.
• Legal obligation — retaining billing records as required by law.
• Consent — where we ask for your consent before sending non-transactional communications (e.g. product updates or newsletters).

We share personal data with the following categories of third parties only where necessary to operate the Service:

• Stripe — payment processing. Stripe's privacy policy applies to payment data.
• Resend — transactional email delivery (account emails, invite emails, alert emails).
• Railway — cloud infrastructure hosting the API and database.
• Vercel — cloud infrastructure hosting the dashboard.

We do not sell, rent, or share your personal data with any other third parties for marketing or commercial purposes.

We may disclose data if required by law, court order, or to protect the rights, property, or safety of TokenCap, our users, or the public.

In the event of a merger, acquisition, or sale of the business, customer data may be transferred to the acquiring entity. You will be notified in advance.

We retain data for the following periods:

• Account data — for as long as your account is active, plus 30 days after deletion to allow for recovery in case of accidental deletion.
• Usage event data — retained according to your plan (7 days for Free, 30 days for Starter, 90 days for Growth, unlimited for Enterprise). On account deletion, event data is permanently deleted within 30 days.
• Billing records — retained for 7 years as required by UK financial regulations.
• Server logs — retained for 90 days for security and debugging purposes.
• Provider API keys — deleted immediately on your request or on account deletion.

Under UK GDPR and applicable data protection law, you have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate or incomplete data.
• Deletion — request deletion of your personal data (subject to legal retention obligations).
• Portability — request your data in a machine-readable format.
• Restriction — request that we restrict processing of your data in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@tokencap.io. We will respond within 30 days. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been mishandled.

We take the security of your data seriously and implement the following measures:

• All data in transit is encrypted using TLS 1.2 or higher.
• Provider API keys are encrypted at rest using AES-256-GCM.
• User passwords are hashed using a strong one-way algorithm and never stored in plain text.
• TokenCap API keys are stored as SHA-256 hashes — the plain-text key is shown once and never stored.
• Database access is restricted to application services only — no public access.
• Two-factor authentication (TOTP) is available for all accounts.

No system is completely secure. In the event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by law within 72 hours of becoming aware.

Our infrastructure is hosted in the EU and UK via Railway and Vercel. Some of our third-party processors (Stripe, Resend) may process data in the United States. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions.

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@tokencap.io and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice in the dashboard at least 14 days before changes take effect. The effective date at the top of this page will always reflect the current version.

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

For any privacy-related questions or requests:

TokenCap
Email: privacy@tokencap.io
Website: https://tokencap.io
ICO Registration: [Add ICO registration number once registered — required before processing personal data from UK/EU users]