AI Token Dashboard

Privacy Policy

Last updated: April 16, 2026

1. Introduction

AI Token ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Please read this Privacy Policy carefully. By using the Service, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you sign up for an account, we collect:

  • Email address - Provided through Clerk authentication
  • User ID - Assigned by Clerk authentication service
  • Account balance - Your prepaid balance for API usage
  • Transaction history - Records of top-ups and usage

2.2 API Key Information

When you create API keys:

  • Key labels - User-defined names for your keys
  • Key metadata - Creation date, status, spend limits
  • Encrypted keys - Stored securely using AES-256 encryption

2.3 Usage Data

We automatically collect:

  • API usage - Model requests, tokens consumed
  • Access logs - IP addresses, timestamps, pages visited
  • Device information - Browser type, operating system

2.4 Payment Information

Payment processing is handled by DOKU. We do not store your credit card or banking details. We only store:

  • Transaction IDs - From DOKU payment gateway
  • Transaction amounts - For balance reconciliation
  • Payment status - Pending, success, or cancelled

3. How We Use Your Information

We use the collected information for:

  • Providing services - Managing your account, API keys, and balance
  • Processing payments - Facilitating top-ups through DOKU
  • Usage tracking - Monitoring API consumption and spend limits
  • Communication - Sending account-related notifications
  • Security - Detecting and preventing fraud or abuse
  • Improvement - Analyzing usage patterns to improve our Service

4. Third-Party Services

4.1 Clerk Authentication

We use Clerk for user authentication. Your sign-in credentials are managed by Clerk and subject to their privacy policy. We receive only your email and user ID.

4.2 OpenRouter

When you use our Service, you interact with OpenRouter's API. Your API requests (messages, prompts) are processed by OpenRouter and subject to their privacy policy. We recommend reviewing OpenRouter's privacy practices.

4.3 DOKU Payment

Payment processing is handled by DOKU. We share transaction information with DOKU to process payments. Please review DOKU's privacy policy for their data handling practices.

4.4 Neon PostgreSQL

Your data is stored in Neon PostgreSQL database. We ensure appropriate security measures are in place through our database configuration.

5. Data Security

We implement appropriate security measures to protect your information:

  • Encryption at rest - API keys are encrypted using AES-256
  • Encryption in transit - All data transmitted over HTTPS
  • Access controls - Strict access controls on our servers
  • Secure authentication - Using Clerk's enterprise-grade auth
  • Regular audits - Periodic security reviews

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services:

  • Account data - Retained until account deletion
  • Transaction records - Retained for 5 years for legal compliance
  • API logs - Retained for 90 days
  • Usage statistics - Aggregated and anonymized after 1 year

7. Your Rights

You have the right to:

  • Access - Request a copy of your personal data
  • Rectification - Request correction of inaccurate data
  • Deletion - Request deletion of your account and data
  • Portability - Request export of your data in JSON format
  • Objection - Object to certain processing activities

To exercise these rights, please contact us at the email provided below. We will respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies:

  • Authentication - Managed by Clerk for session management
  • Analytics - We may use analytics tools to understand usage patterns
  • Essential cookies - Required for Service functionality

You can control cookies through your browser settings, though some Service features may not function properly without them.

9. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 18, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than Indonesia. When we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top
  • Sending an email notification for significant changes

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

Email: privacy@aitoken.example.com
Website: https://aitoken.example.com
Data Protection Officer: Our team is available to address your concerns