Security & Privacy

🔒

HTTPS — Text Never Stored

Your text is sent over HTTPS for server-side tokenization, then immediately discarded. Never written to disk or database.

🛡️

Zero Data Retention

We don't store, log, or retain your prompts. Processed in memory per request, discarded on response.

🚫

No Third-Party Scripts

No Google Analytics, no Facebook Pixel, no HubSpot. Zero third-party tracking scripts.

🔐

TLS 1.3 Encryption

All connections secured via HTTPS with TLS 1.3. Industry-standard encryption.

How Token Counting Works

When you paste text into Tokenia, your browser sends it to our server over an encrypted HTTPS connection. The server runs official tokenizers — tiktoken for OpenAI models, Claude's algorithm for Anthropic, etc. — and returns the token counts. Your text is processed in memory and immediately discarded. It is never written to a database, file, or log.

An instant client-side estimate appears while you type (pure JavaScript, no network call). The exact server-side count replaces it within milliseconds. Our access logs (morgan) record only HTTP method, path, status code, and response size — never the request body or your text.

What Data We Collect

Nothing about your prompts. Here's what we do and don't collect:

✅ We DO collect: Standard web server access logs (IP addresses, page URLs, HTTP status, timestamps) for infrastructure monitoring. Rotated after 30 days.
✅ We DO collect: First-party event analytics (e.g. "analyze_click", page URL, language, country). Never the content of your text.
❌ We DON'T collect: Any text you analyze, any files you upload, or the token counts you calculate.
❌ We DON'T use: Google Analytics, Facebook Pixel, or any third-party ad/tracking scripts.
✅ Optional: If you create a free account (to save history), we store your email and analysis history. You can delete your account and all data at any time.

File Upload Security

When you upload a file (PDF, DOCX, TXT, etc.), it is transmitted over HTTPS to our server. PDF and DOCX parsing runs server-side using pdf-parse and mammoth respectively. Files are handled in memory only (never written to disk) and discarded immediately after the extracted text is returned. No file content is stored.

Infrastructure & Architecture

Tokenia is hosted on Railway with automatic TLS certificate management. Our infrastructure stack:

Runtime: Node.js / Express (server-side routing only)
Database: Supabase (PostgreSQL) — used only for optional user accounts and saved history
CDN: Railway's global edge network
Encryption: HTTPS/TLS 1.3 on all connections
Auth: Supabase Auth with JWT tokens (optional — the tool works without an account)

Privacy Practices

Tokenia does not collect personal data from unauthenticated users beyond standard server logs. For users who create accounts, we support the right to access, right to deletion, and data portability — email us at info@tokenia.live.

We do not sell, share, or license any user data to third parties.

Reporting Security Issues

If you discover a security vulnerability in Tokenia, please report it responsibly. Contact us at info@tokenia.live with subject line "Security Disclosure". We will respond within 48 hours and work to fix confirmed vulnerabilities promptly.

We appreciate security researchers and will credit you in our changelog (with your permission) for responsible disclosures.

Contact

Questions about privacy or security? Email us at info@tokenia.live.

Last updated: June 2026 · Made in El Salvador 🇸🇻