1. Information We Collect

Token Exchange collects the following information:

Account Information: Email address and password (hashed) when you create an account.
API Keys: Provider API keys you submit are encrypted using AES-256-GCM and stored securely. We never log or expose raw API keys.
Usage Data: Token consumption statistics, request timestamps, and provider usage for billing and analytics.

2. How We Use Your Information

We use collected information to:

Provide and maintain the Token Exchange service
Process API requests through pooled keys
Calculate drawing rights and manage the token pool
Send service-related communications
Detect and prevent fraud or abuse

3. Data Security

We implement industry-standard security measures including:

AES-256-GCM encryption for all provider API keys
bcrypt hashing for passwords
TLS encryption for all data in transit
Regular security audits and monitoring

4. Data Retention

We retain your data for as long as your account is active. Usage records are kept for billing reconciliation. You can request deletion of your account and associated data at any time.

5. Third-Party Services

Token Exchange forwards your requests to third-party LLM providers (OpenAI, Anthropic, Google). Your request content is sent to these providers according to their respective privacy policies.

6. Contact