Privacy Policy
Privacy Policy
Last updated: 2026-06-23.
Tokenade ("we", "us", or "our") operates the tokenade.net website and the Tokenade software tool. This page explains what personal data we collect, why we collect it, and your rights under applicable law including the EU General Data Protection Regulation (GDPR).
1. Who we are
Tokenade is operated by Paul Irolla, based in France. You can reach us at the address on our contact page.
2. Data we collect and why
2.1 Account data
When you create an account, we collect your email address and a hashed password. We use this to authenticate you, send you your license key, and communicate essential service information (billing receipts, policy updates). Legal basis: performance of a contract.
2.2 License and machine identifiers
To enforce per-plan seat limits, the Tokenade client sends us a hashed machine identifier (a one-way hash of hardware attributes) and non-identifying platform hints (OS family, hostname). We do not store a copy of your raw hostname — only the hash. Legal basis: legitimate interest in preventing license abuse.
2.3 Token-savings telemetry
The client reports anonymous, aggregate usage statistics so we can show you your savings dashboard and decide which optimizations to build next: the operation or command name (the program name only — for example git — never its arguments, paths, or values), the token count before and after compaction, whether a command-specific optimization applied, and a timestamp. These are measurements of how Tokenade itself behaved, not data about you. We never collect the content of your code, your prompts, AI responses, command arguments, or file contents — none of that ever leaves your machine. Legal basis: legitimate interest / performance of a contract.
2.4 Payment data
Payments are processed by Stripe, Inc. Stripe collects and stores your card details directly under their own privacy policy (stripe.com/privacy). We receive only a Stripe customer ID, subscription status, and invoice metadata. We never see or store your card number.
2.5 Cookies and analytics
We use essential cookies for session management (login state). We may use privacy-respecting analytics (aggregate page-view counts, no cross-site tracking) to understand how the site is used.
With your consent only, we use marketing-measurement trackers provided by third-party vendors (social networks and advertising platforms) which set third-party cookies and share browsing data with those vendors. These trackers only load after you accept them via the consent banner shown on your first visit; you can refuse, and no advertising cookie is set without your agreement. You can change your choice at any time by clearing your browser cookies/local storage. Legal basis: consent (GDPR art. 6(1)(a)).
3. Data retention
- Account data: retained while your account is active and for up to 12 months after deletion to comply with legal obligations.
- Machine-ID hashes: deleted within 30 days of license cancellation or account deletion.
- Telemetry: retained in aggregate for product analytics; raw per-operation records are purged after 90 days.
4. Data sharing
We do not sell your personal data. We share data only with:
- Stripe (payment processing)
- Third-party marketing-measurement and advertising vendors (social networks and advertising platforms) — only if you have consented (see § 2.5)
- Infrastructure providers (hosting, database) under data-processing agreements
- Legal authorities, only when required by law
5. Your rights (GDPR)
If you are in the EU/EEA or UK, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Delete your account and associated personal data
- Object to or restrict processing
- Data portability
- Lodge a complaint with your national data protection authority (e.g., CNIL in France)
You can delete your account and all associated data yourself at any time, directly from your dashboard ("Privacy & account" section): deletion is immediate, irreversible, and cancels any active paid subscription. To exercise any of the other rights, contact us via the contact page. We will respond within 30 days.
6. Security
We use industry-standard measures (TLS in transit, encrypted storage at rest, hashed credentials) to protect your data. No transmission over the Internet is 100% secure; we cannot guarantee absolute security.
7. Children
Tokenade is not directed at children under 16. We do not knowingly collect data from minors.
8. Changes to this policy
We may update this policy. Material changes will be communicated by email or a notice on the site. The "Last updated" date at the top of this page reflects the most recent revision.
Questions about this policy? Use our contact page.