TokenBay Privacy Policy

This Privacy Policy explains how TOKENBAY PTE. LTD., together with its affiliates where applicable ("TokenBay", "we", "our", or "us"), collects, uses, discloses, transfers, stores, and otherwise processes personal data when you visit https://tokenbay.com/, create or use a TokenBay account, use our AI model API aggregation and routing platform, or otherwise interact with our products and services (collectively, the "Services").

This Privacy Policy does not apply to third-party websites, applications, APIs, AI model providers, payment processors, or other services that we do not control. Those third parties process personal data under their own terms and privacy notices. If you use the Services on behalf of an organization, a separate customer agreement or data processing agreement may also apply and will control in the event of conflict.

1. Scope and Roles

Depending on the context, TokenBay may process personal data as a controller/business for its own purposes, such as account administration, billing, security, compliance, marketing, and operation of the Services. Where TokenBay processes personal data on behalf of an enterprise customer, TokenBay may act as a processor/service provider, and the customer is responsible for providing required notices and obtaining required consents from its own users.

2. Personal Data We Collect

We may collect the following categories of personal data, depending on how you use the Services:

• Account and contact information, such as name, company name, email address,username, account identifiers.
• Commercial and billing information, such as top-up records, invoices, usage history, payment verification information, tax information, and billing contacts. Payment card data may be processed directly by our payment processors.
• Technical and usage information, such as IP address, approximate location inferred from IP address, device and browser information, pages viewed, authentication events, API key usage, request volume, token counts, selected model identifiers, latency, error logs, and other service metrics.
• Support and communications information, such as emails, tickets, chat messages, meeting notes, feedback, and information you provide during onboarding or support.
• Inputs, outputs, and customer content, such as prompts, instructions, files, images, audio, responses, completions, and other content submitted to or returned by the Services ("Customer Content").
• Cookies and similar technology data, as described in Section 9.
• Information from third parties, such as your organization, payment processors, compliance vendors, analytics providers, model providers, integration partners, and public sources.

3. How We Use Personal Data

We use personal data for the following purposes:

• To provide, operate, route, maintain, secure, and improve the Services.
• To create, administer, authenticate, and manage accounts, API keys, subscriptions, prepaid balances, billing, invoices, and usage records.
• To communicate with you about your account, support matters, service updates, incidents, security notices, and administrative messages.
• To provide onboarding, customer service, troubleshooting, technical support, and product improvement.
• To detect, prevent, and investigate fraud, abuse, misuse, unauthorized access, security incidents, sanctions risk, or other harmful activity.
• To conduct compliance checks, export control and sanctions screening, identity or business verification, and other legal or regulatory diligence where applicable.
• To enforce our Terms of Use, customer agreements, platform policies, and legal rights.
• To comply with applicable laws, regulations, legal process, governmental requests, audits, and internal governance requirements.

4. AI Data Handling

5. How We Disclose Personal Data

We may disclose personal data to the following categories of recipients, subject to applicable law and contractual restrictions:

• Affiliates, for the purposes described in this Privacy Policy.
• Service providers and contractors, such as cloud hosting, infrastructure, analytics, security, payment, communications, customer support, compliance, and professional service providers.
• AI model providers and infrastructure providers, as necessary to process requests, return outputs, support routing, and maintain service continuity.
• Enterprise customers, resellers, and account administrators, if you use the Services through an organizational account.
• Payment processors, banks, card networks, and fraud prevention providers, as necessary to process payments and administer billing.
• Legal, compliance, and safety recipients, where disclosure is necessary to comply with law, enforce agreements, protect rights and safety, prevent fraud or abuse, or respond to emergencies.
• Parties involved in a corporate transaction, such as a financing, merger, acquisition, reorganization, or sale of assets.
• Other parties at your direction or with your consent.

We do not sell personal data for money. We do not share personal data for cross-context behavioral advertising unless we update this Privacy Policy and provide any legally required choices.

6. Legal Bases and Consent

Where applicable, we process personal data based on one or more lawful grounds, including performance of a contract with you or your organization, compliance with legal obligations, our legitimate interests in operating and securing the Services, and your consent where required by law. You may withdraw consent where applicable by contacting us, but withdrawal may affect our ability to provide certain Services.

7. International Transfers

We and our service providers may process personal data in the United States, China and other jurisdictions where we or our providers operate. These jurisdictions may have data protection laws different from those in your location. Where required by applicable law, we will use appropriate safeguards for cross-border transfers, such as contractual protections, transfer impact measures, or other lawful transfer mechanisms.

8. Retention and Security

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud and abuse, and protect our rights. When personal data is no longer needed, we will delete, anonymize, or de-identify it unless retention is required or permitted by law.

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. These safeguards may include encryption in transit, access controls, audit logging, vendor diligence, network security controls, and incident response procedures. No method of transmission or storage is completely secure, and you are responsible for protecting your credentials and API keys.

9. Cookies and Similar Technologies

We and our service providers may use cookies, pixels, local storage, and similar technologies to operate and secure the Website, remember preferences, authenticate users, analyze usage, improve the Services, and support marketing where permitted by law. You can control cookies through your browser settings, but disabling cookies may affect certain features.

10. Your Rights and Choices

Subject to applicable law, you may have rights to access, correct, delete, restrict, object to, or obtain a copy of your personal data, and to withdraw consent where processing is based on consent. You may also opt out of marketing communications by using the unsubscribe link or contacting us. To make a request, contact us using the details in Section 13. We may need to verify your identity or authority before responding.

If you are an end user of one of our enterprise customers, please contact that customer first. We may be required to refer your request to the customer where we process personal data on its behalf.

11. Children

The Services are not directed to children under 13 or to any person below the minimum age required by applicable law. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so that we can take appropriate steps.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify you by email, through the Website, or by updating the "Last Updated" date. Your continued use of the Services after the effective date of an updated Privacy Policy means that you acknowledge the updated terms to the extent permitted by law.

13. Contact Us

For questions, requests, or complaints about this Privacy Policy or our personal data practices, please contact us at: