Privacy Policy
Tokenia ("we", "us", "our") operates tokenia.live. This Privacy Policy describes exactly what happens to your data when you use our token counting and cost estimation service. We've written it to be specific and honest, not boilerplate.
1. What We Collect and Why
| Data | How | Retained? |
|---|---|---|
| Text you submit for analysis | Sent via HTTPS POST to our server for tokenization | No — discarded after the response. Never written to disk or database. |
| Files you upload | Transmitted over HTTPS; parsed server-side (PDF/DOCX in memory) | No — file buffer discarded immediately after text extraction. |
| Server access logs | Standard HTTP logging (IP, method, path, status, bytes) | Yes — rotated every 30 days. Does not include request body. |
| First-party analytics | Event name, page URL, language, country (no text content) | Yes — rotated every 30 days. Session is a one-way hash of IP + UA + date. |
| Newsletter email (optional) | You enter it voluntarily in the footer form | Yes — stored in Resend Audiences until you unsubscribe. |
| Account email + history (optional) | Only if you create a free account | Yes — stored in Supabase. Delete via account settings or email us. |
2. Your Text is Never Stored
When you paste text or upload a file, it travels over HTTPS to our server, is processed by the tokenizer in memory, and the result is returned to your browser. No part of your text is written to a database, log file, or any persistent storage. The server logs record only the HTTP method, path, status code, and byte count — not the content of your request.
This applies to all inputs: prompts, documents, code, and any other text you analyze.
3. First-Party Analytics
We use our own lightweight analytics (no Google Analytics, no Meta Pixel, no third-party trackers). When you interact with the tool, we record events like page_view or analyze_click along with: the page URL (without query parameters), your browser language, your country (from Cloudflare headers), and a 16-character session hash derived from a one-way hash of your IP + User-Agent + date. This hash cannot be reversed. We use it only to count unique sessions, not to track individuals across days.
4. Cookies and Local Storage
- We do not set any cookies.
- We use
localStorageto remember your language preference (tokenia_lang) and any settings you configure. This data never leaves your browser. - No advertising cookies. No cross-site tracking.
5. Third-Party Services
- Railway — hosting provider. Your IP may appear in their infrastructure logs per standard operation. Railway Privacy Policy.
- Supabase — used only if you create an account. Stores email and analysis history. Supabase Privacy Policy.
- Resend — used to send transactional emails (account confirmation, password reset) and the optional newsletter. Resend Privacy Policy.
- Google Fonts — the Inter typeface is loaded from Google's CDN. A request is made to Google's servers on page load. Google Privacy Policy.
6. Security
All connections use HTTPS/TLS. Security headers are enforced on every response: HSTS (1 year, includeSubDomains), Content-Security-Policy, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. See our Security page for the full technical breakdown.
7. Your Rights
- Delete your account: Email info@tokenia.live — we'll delete your Supabase account and all stored history within 7 days.
- Unsubscribe from newsletter: Every email includes an unsubscribe link. You can also email us.
- Access your data: Email us and we'll provide a copy of everything we have associated with your account.
- Regarding your text inputs: We don't store them, so there is nothing to retrieve or delete.
8. Data Transfers
Our server runs in the US (Railway, AWS us-east-1). If you access Tokenia from outside the US, your text is transmitted to US servers for processing and then discarded. No text is retained after the response.
9. Children
Tokenia is not directed at children under 13. We do not knowingly collect personal data from children.
10. Changes to This Policy
We will post any material changes to this page and update the "Last updated" date. The current version is always at tokenia.live/privacy.
11. Contact
Questions about this policy? Email info@tokenia.live. For security vulnerabilities, use subject line "Security Disclosure".
This policy reflects how Tokenia actually works as verified in our source code. It has not been reviewed by legal counsel — if you have compliance-specific requirements, please contact us before relying on it.