Privacy

Privacy Policy

Last updated: 2026-07-07

Who we are

Tokenality.AI is operated by ServiceVision, a United States company. This Privacy Policy explains how we handle data when you use the Tokenality marketing site (tokenality.ai) and the Tokenality gateway product (app.tokenality.ai). For data we process on your behalf as a customer, you are the controller and we are the processor.

Information on the marketing site

We collect minimal analytics on this marketing site — page views, referrer, and aggregated geography. We do not sell this data. If you request access or a demo, we collect the contact details you submit and use them only to respond, schedule, and follow up.

Information processed by the gateway

When the Tokenality gateway proxies LLM API calls on your behalf, it processes the prompt content, the model response, and metadata (model, token counts, cost, project, person, timestamp). This data is stored in your organization's tenant and is accessible only to authenticated users in your organization.

PII detected in prompts is handled according to the policy you configure per project — block, obfuscate, or log. Obfuscation uses reversible tokens stored only in your tenant.

Provider API keys

If you store your own provider API keys (BYOK), they are encrypted at rest with AES-256-GCM under a key we hold in our infrastructure, and the key material is bound to your organization so it cannot be reused across tenants. Provider keys are never returned to the browser and never written to logs.

Audit logs & retention

Audit-log entries are append-only at the SQL layer — application code cannot modify or delete them. You can export your audit log at any time as CSV or JSON. Usage and audit records are retained for the life of your account unless you request deletion; on account termination we delete or return your data within 30 days, except where retention is required by law.

Security

Data is encrypted in transit (TLS) and provider keys are encrypted at rest. Access to tenant data is gated by authentication and per-organization isolation. We follow least-privilege database roles and maintain a tamper-evident audit trail. We are building toward SOC 2 / ISO 27001 / ISO 42001 / NIST AI RMF evidence; current posture is available to design partners on request.

Sub-processors

We use the following sub-processors to operate the service: Neon (database hosting), Render (gateway and dashboard hosting), Vercel (marketing site hosting), Clerk (authentication and identity), and Resend (transactional email). LLM providers you route to (e.g. Anthropic, OpenAI, Google) process the prompts you send them under their own terms. A current sub-processor list is available on request; we will give notice before adding a new sub-processor that handles customer data.

International transfers

Our infrastructure is hosted in the United States. If you access the service from outside the US, your data is transferred to and processed in the US. We rely on appropriate safeguards for such transfers where required.

Your rights

You can request access to, correction of, or deletion of your personal data by emailing [email protected]. We will respond within 30 days. Depending on your location, you may have additional rights under GDPR or US state privacy laws.

Changes to this policy

We may update this policy as the product evolves. We will post the new version here with an updated date and, for material changes affecting customer data, notify account owners by email.

Contact

Questions? Email [email protected].