Privacy Policy
Version: 1.1.0 · Effective: May 7, 2026
Token360, Inc., a Nevada corporation (“Token360,” “we,” “us,” or “our”) operates Token360, a hosted software platform that provides access to third-party and proprietary AI models through a unified, OpenAI-compatible API and web console (collectively, the “Services”). Our primary website is https://www.token360.ai (the “Site”), including its subdomains.
Summary. This policy explains what personal and usage data we collect, why we collect it, how long we keep it, who we share it with, and what choices you have. Capitalized terms used here and not defined below have the meanings given in our Terms of Service.
Please read this Privacy Policy carefully. By creating an account or using the Services, you acknowledge that you have read and understood this Privacy Policy.
1. Scope
This Privacy Policy applies to:
- Visitors to the Site and users of the Token360 console;
- Developers and organizations that call our APIs using API keys or OAuth-linked accounts; and
- Individuals who contact us for support or commercial inquiries.
It does not describe the privacy practices of third-party AI model providers, cloud vendors, or payment processors—those parties have their own policies.
2. Information We Collect
2.1 Information you provide
| Category | Examples |
|---|---|
| Account & profile | Email address, display name, authentication provider (e.g. Google, GitHub), organization or team identifiers where applicable. |
| Billing | Payment method metadata processed by our payment partners (we do not store full card numbers on Token360 servers). Billing address and invoices where required for tax or compliance. |
| Support & inquiries | Content of emails, tickets, or forms you send to us, including attachments you choose to provide. |
2.2 Information generated through use of the Services
| Category | Examples |
|---|---|
| API & console usage | API keys (hashed identifiers), model identifiers, timestamps, token or unit counts, latency, error codes, request/response sizes, and aggregated quality metrics. |
| User content (“Customer Data”) | Inputs you send to models (e.g. prompts, files, parameters) and outputs returned to you. What we retain and for how long depends on product settings, your configuration, and Section 6. |
| Security & abuse signals | IP address, user agent, coarse geolocation derived from IP, fraud-prevention signals, and audit logs relating to account access. |
2.3 Cookies and similar technologies
We use cookies and similar technologies on the Site to:
- keep you signed in and secure your session;
- remember preferences (such as language); and
- measure traffic and product usage (where enabled).
You can control cookies through your browser settings. Some features may not work if you disable essential cookies.
2.4 Information from third parties
We may receive limited information from authentication providers (e.g. Google) and payment processors to operate accounts and billing. We may also receive security or compliance information from infrastructure partners.
3. How We Use Information
We use information to:
- Provide and operate the Services — route requests, meter usage, apply rate limits, and show history in your dashboard.
- Billing and accounting — calculate fees, issue invoices, process payments, and detect billing anomalies.
- Security and integrity — detect, prevent, and respond to fraud, abuse, and unauthorized access.
- Support — respond to your requests and improve documentation.
- Compliance — meet legal, tax, and regulatory obligations.
- Improvement — analyze aggregated or de-identified usage to improve reliability, routing, and product experience. We do not use your prompts or outputs to train our own models unless we clearly disclose a separate opt-in program with additional terms.
Where we rely on consent (e.g. certain marketing emails or non-essential analytics), you may withdraw consent without affecting the lawfulness of processing that occurred before withdrawal.
4. How We Share Information
We do not sell your personal information. We disclose information only as follows:
| Recipient | Purpose |
|---|---|
| Model & infrastructure providers | To execute your API requests and return outputs. Providers may process Customer Data under their own terms and privacy policies. |
| Payment processors | To charge your payment method and meet card-network rules (e.g. Stripe). |
| Professional advisers | Lawyers, auditors, or insurers where required. |
| Authorities | When required by law, court order, or to protect the rights, safety, and security of Token360, our users, or the public. |
| Business transfers | In connection with a merger, acquisition, or asset sale, subject to appropriate confidentiality safeguards. |
5. International Transfers
Token360 operates globally. Your information may be processed in the United States (including Nevada) and other countries where we or our subprocessors maintain facilities. Where required by applicable law, we implement appropriate safeguards (such as standard contractual clauses) for cross-border transfers.
6. Retention
We retain information only as long as necessary for the purposes described in this policy, unless a longer period is required by law.
| Data type | Typical retention |
|---|---|
| Account profile & credentials | For the life of the account and a short period thereafter for recovery, fraud prevention, and legal compliance. |
| Billing & tax records | As required by applicable accounting and tax laws. |
| Usage & security logs | For a limited period sufficient for operations, troubleshooting, and dispute resolution (often rolling retention). |
| Customer Data (inputs/outputs) | Per product behavior and your settings; many generated artifacts are short-lived (e.g. deleted automatically after a limited window). Download anything you must keep before any stated deletion window expires. |
Aggregated or de-identified information may be retained longer where it no longer identifies you.
7. Security
We implement administrative, technical, and organizational measures designed to protect information—including encryption in transit (TLS), access controls, and monitoring. No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access the personal information we hold about you;
- Correct inaccurate information;
- Delete certain information, subject to legal exceptions;
- Object to or restrict certain processing;
- Port your information in a machine-readable format, where applicable; and
- Withdraw consent where processing is consent-based.
To exercise these rights, contact us at support@token360.ai. We may need to verify your identity before fulfilling requests.
9. Children’s Privacy
The Services are not directed to children under 13 (or the age required by your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated version on the Site and revise the “Last updated” date below. If changes are material, we will provide additional notice as required by law (for example, a banner in the console or email to your registered address).
11. Contact Us
Token360, Inc.
Email: support@token360.ai
For privacy-specific requests, please include “Privacy Request” in the subject line and describe your request with sufficient detail for us to evaluate it.