Legal

Privacy Policy

Last updated: 29 April 2026

Tokani ("we", "us") provides an AI cost intelligence platform. This policy explains what data we collect, why, and what we do with it. The short version: we collect the minimum needed to run the service and prove your savings. We never persist your prompts or responses.

1. What we collect

Account information

When you sign up or request access: name, work email, company name, and any details you provide in the form (e.g. monthly AI spend estimate, workload type). We use this to set up your account and communicate with you.

Operational metadata

For each request processed through Tokani: timestamp, request latency, token counts, estimated cost, estimated savings, model identifier, and HTTP status code. This is how we calculate and verify your savings. None of this contains prompt or response content.

Usage analytics

Standard web analytics on tokani.ai (page views, referrer, device type). We do not use third-party trackers that build cross-site profiles.

2. What we do NOT collect

• Prompt and response content. Your prompts and model responses are processed in-memory and never written to durable storage. This is an architectural property, not a policy toggle.
• Training data. Your traffic is never used to train, fine-tune, or improve any model — ours or upstream.

For a deeper explanation of how this is enforced architecturally, see our privacy architecture page.

3. How we use your data

• To operate and improve the Tokani platform.
• To calculate, verify, and report your cost savings.
• To communicate with you about your account, billing, and product updates (you can opt out of non-essential emails at any time).
• To generate aggregate, anonymized benchmarks (e.g. "support workloads typically see 30-50% savings"). These never identify you or your company.

4. Data sharing

We do not sell your data. We share data only when necessary:

• Upstream AI providers — your requests are forwarded to the model provider you selected (e.g. Anthropic, OpenAI). These providers are contracted under enterprise terms that exclude your content from training.
• Infrastructure providers — hosting and payment processing (e.g. Stripe). They receive the minimum data needed to perform their function.
• Legal obligations — if required by law, subpoena, or court order.

5. Data retention

Account information is retained while your account is active and for 90 days after deletion. Operational metadata is retained for 12 months for savings verification and billing, then deleted. Prompt and response content is never retained.

6. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted to the founding team and requires multi-factor authentication. We do not have a SOC 2 report yet — if that is a requirement, let us know and we will prioritize it.

7. Your rights

You can request a copy of your data, ask us to correct it, or ask us to delete it at any time by emailing privacy@tokani.ai. We will respond within 30 days.

8. Changes

If we make material changes to this policy we will notify you by email before the changes take effect.