Privacy Policy
Last updated: April 21, 2026
The Token Research Company (“The Token Company,” “we,” “us”) operates the token compression API and dashboard at thetokencompany.com. This policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
Account data: Email address, name, and authentication credentials (managed by Clerk).
API request data: Input text, compressed output text, token counts, compression metrics, timestamps, and IP addresses for each API call.
Billing data: Payment information (processed by Stripe — we do not store card numbers), transaction history, and account balance.
Usage data: API key metadata, request counts, and compression statistics displayed in your dashboard.
2. How We Use Your Data
- To provide and operate the compression API service
- To display usage statistics in your dashboard
- To process billing and payments
- To send transactional emails (welcome, billing confirmations)
- To monitor and improve service performance
We do not sell your data.
3. Data Residency
During signup, you choose a data region: United States (us-west-2, Oregon) or European Union (eu-north-1, Stockholm, Sweden).
All API request data — inputs, outputs, logs, token counts, and usage metrics — is stored exclusively in your selected region. No API request data crosses region boundaries.
Authentication data is managed by Clerk, which processes EU user data in GDPR-compliant European facilities.
4. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| AWS | Infrastructure | API request data (in your selected region) |
| Clerk | Authentication | Email, name, session data |
| Stripe | Payments | Billing and payment information |
| Vercel | Hosting | Request routing data |
| SendGrid | Emails | Email address, name |
| RB2B | Visitor identification | Browsing activity, IP address, email (via third-party matching) |
5. Visitor Identification & Advertising
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout. You also have the option to opt out of the collection of your personal data in compliance with GDPR by visiting https://www.rb2b.com/rb2b-gdpr-opt-out.
6. Data Retention
API request logs are retained indefinitely unless you request deletion. Account and billing data is retained for as long as your account is active and as required by law.
7. Your Rights
You have the right to:
- Access your personal data
- Delete your data (right to erasure)
- Export your data (right to portability)
- Correct inaccurate data
- Object to processing of your data
To exercise any of these rights, contact us at team@thetokencompany.com. We will respond within 30 days.
8. GDPR (EU Users)
If you selected the EU region, your API data is processed and stored exclusively in the European Union (AWS eu-north-1, Stockholm, Sweden). We process your data under the legal basis of contractual necessity (providing the service you signed up for). Analytics and other tracking is disabled for EU users.
9. Security
All data is encrypted in transit (TLS) and at rest (AES-256). API keys are hashed before storage. Database access is restricted to authorized services via security groups and IAM policies.
10. Age Requirement
Our service is intended for business and professional use. You must be at least 18 years old to create an account.
11. Changes
We may update this policy from time to time. Material changes will be communicated via email or a notice on the dashboard.
Contact
The Token Research Company
team@thetokencompany.com
thetokencompany.com