Privacy Policy

1. Overview

AllYouCanToken (“we”, “our”, “the Service”) is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Information We Collect

We collect the following categories of data:

• Account data: Email address and hashed password provided at registration. We never store your password in plain text.
• Subscription data: Your selected tier and account approval status.
• API usage data: Request counts, token consumption, timestamps, and error rates associated with your API key. We do not log the content of your prompts or model responses.
• Technical data: IP addresses and HTTP request metadata collected incidentally by our infrastructure for security and abuse-detection purposes.

3. How We Use Your Data

• To provision and manage your account and API key.
• To enforce subscription limits and the Fair Use Policy.
• To send transactional emails (registration confirmation, account status updates).
• To detect and prevent abuse, fraud, and security incidents.
• To comply with legal obligations.

We do not sell, rent, share, or otherwise disclose your personal data to any third parties, except as strictly described in Section 7 (transactional email delivery only). Your data is never used for advertising, analytics resale, or any purpose beyond operating the Service.

4. Prompt and Output Data

All AI models available through AllYouCanToken are self-hosted and operated entirely on our own infrastructure. Your prompts and model responses never leave our systems and are never transmitted to any external model provider or third party.

We do not persistently store the content of your API requests (prompts) or the models' responses. Only usage metadata (token counts, latency, error codes) is retained for billing and operational purposes.

We do not use your prompts, outputs, or any user-generated content to train, fine-tune, evaluate, or otherwise improve any AI model, whether our own or a third party's. Your data is yours.

5. Data Retention

Account data is retained for as long as your account is active. If your account is closed or suspended, we may retain minimal records for up to 90 days for fraud prevention and legal compliance, after which personal data is deleted or anonymised.

6. Cookies and Sessions

We use a single session cookie to maintain your authenticated state within the web dashboard. This cookie is strictly necessary for the Service to function. We do not use tracking, analytics, or advertising cookies.

7. Third-Party Services

AllYouCanToken uses only one external third-party service processor:

• SMTP2GO — transactional email delivery. Only your email address is shared, solely for the purpose of delivering account notifications (registration, approval, status changes). No other data is disclosed.

All AI model inference is performed on infrastructure we own and operate. No prompt data, output data, or user identifiers are shared with any external model provider, cloud AI service, or other third party.

8. Security

We implement reasonable technical and organisational measures to protect your data, including encrypted storage of credentials and TLS in transit. No system is completely secure; you are also responsible for keeping your API key confidential.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Object to processing in certain circumstances.

To exercise any of these rights, contact us at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will reflect any changes. Continued use of the Service after updates constitutes acceptance of the revised policy.

11. Contact

Questions or concerns about this Privacy Policy can be directed to [email protected].