Privacy Policy
Privacy Policy
Last updated: 2026-06-03.
Tokenade ("we", "us", or "our") operates the tokenade.net website and the Tokenade software tool. This page explains what personal data we collect, why we collect it, and your rights under applicable law including the EU General Data Protection Regulation (GDPR).
1. Who we are
Tokenade is operated by Paul Irolla, based in France. You can reach us at the address on our contact page.
2. Data we collect and why
2.1 Account data
When you create an account, we collect your email address and a hashed password. We use this to authenticate you, send you your license key, and communicate essential service information (billing receipts, policy updates). Legal basis: performance of a contract.
2.2 License and machine identifiers
To enforce the 3-seat per-license limit, the Tokenade client sends us a hashed machine identifier (a one-way hash of hardware attributes) and non-identifying platform hints (OS family, hostname). We do not store a copy of your raw hostname — only the hash. Legal basis: legitimate interest in preventing license abuse.
2.3 Token-savings telemetry
The client reports operation name, token count before, token count after, and a timestamp so we can show you your savings dashboard and improve the product. We do not collect the content of your code, prompts, or AI responses. Secrets are redacted client-side before any data leaves your machine. Legal basis: legitimate interest / performance of a contract.
2.4 Payment data
Payments are processed by Stripe, Inc. Stripe collects and stores your card details directly under their own privacy policy (stripe.com/privacy). We receive only a Stripe customer ID, subscription status, and invoice metadata. We never see or store your card number.
2.5 Cookies and analytics
We use essential cookies for session management (login state). We may use privacy-respecting analytics (aggregate page-view counts, no cross-site tracking) to understand how the site is used. No advertising or fingerprinting cookies are set.
3. Data retention
- Account data: retained while your account is active and for up to 12 months after deletion to comply with legal obligations.
- Machine-ID hashes: deleted within 30 days of license cancellation or account deletion.
- Telemetry: retained in aggregate for product analytics; raw per-operation records are purged after 90 days.
4. Data sharing
We do not sell your personal data. We share data only with:
- Stripe (payment processing)
- Infrastructure providers (hosting, database) under data-processing agreements
- Legal authorities, only when required by law
5. Your rights (GDPR)
If you are in the EU/EEA or UK, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Delete your account and associated personal data
- Object to or restrict processing
- Data portability
- Lodge a complaint with your national data protection authority (e.g., CNIL in France)
To exercise any of these rights, contact us via the contact page. We will respond within 30 days.
6. Security
We use industry-standard measures (TLS in transit, encrypted storage at rest, hashed credentials) to protect your data. No transmission over the Internet is 100% secure; we cannot guarantee absolute security.
7. Children
Tokenade is not directed at children under 16. We do not knowingly collect data from minors.
8. Changes to this policy
We may update this policy. Material changes will be communicated by email or a notice on the site. The "Last updated" date at the top of this page reflects the most recent revision.
Questions about this policy? Use our contact page.