AI TokenScope

Last updated: May 14, 2026

Privacy Policy

AI TokenScope ("we", "us") respects your privacy. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

Account data: Name, work email, company name, billing information.

Usage data: Claude API request metadata — model used, token counts, cost, timestamp, relevance score, classification, project, and cost center. Prompt text is stored only if your tenant has Privacy Mode disabled (the default). When Privacy Mode is enabled, only a SHA-256 hash of each prompt is retained.

Technical data: IP addresses, user agent strings, and request latency for security and reliability monitoring.

Anthropic API keys: Encrypted with AES-256-GCM. Never logged or transmitted to any party other than Anthropic.

2. How We Use Your Data

  • To provide the proxy, classification, and governance features of the Service
  • To calculate token costs and enforce budget limits
  • To generate the dashboards, reports, and audit logs you see in the product
  • To send billing receipts, usage alerts, and operational notifications
  • To improve the Service — aggregate, de-identified analytics only
  • To comply with legal obligations

3. Data Retention

Audit records (prompt requests) are retained for the period specified in your plan (30 days Free, 90 days Startup, 1 year Team, 2 years Business). You can configure a shorter retention period in Settings. Account data is retained until account deletion, then purged within 30 days.

4. Data Sharing

We do not sell your data. We share data only with:

  • Anthropic — to forward your API requests (your prompts are sent to them as-is)
  • Paddle — our payment processor and merchant of record, for billing
  • Azure — our cloud infrastructure provider (data stored in US East by default)
  • Law enforcement when legally required

5. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Anthropic API keys are encrypted with AES-256-GCM with keys stored in Azure Key Vault (HSM-backed). We conduct regular security reviews and maintain an incident response process.

6. Your Rights (GDPR / CCPA)

Depending on your location, you have the right to:

  • Access a copy of your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your audit logs in JSON or CSV format
  • Object to or restrict certain processing
  • Data portability

To exercise these rights, email privacy@aitokenscope.com. We respond within 30 days.

7. Cookies

We use only essential cookies for session management. We do not use advertising or tracking cookies. No third-party analytics scripts are loaded on the dashboard.

8. International Transfers

Data is processed in the United States (Azure US East). Enterprise customers can request EU or APAC data residency. Transfers from the EU are covered by Standard Contractual Clauses.

9. Children

The Service is not directed at children under 18. We do not knowingly collect data from minors.

10. Changes

We will notify you of material changes to this policy by email at least 14 days before they take effect.

11. Contact

Data controller: AI TokenScope. Contact our Data Protection Officer at privacy@aitokenscope.com.