TokenBridge runs on EU-hosted infrastructure. Your account data โ email, billing, usage โ lives in European databases. The only exception is when your API calls are forwarded to upstream AI providers in China.
Where is data stored?
TokenBridge infrastructure runs on servers hosted in the European Union. Your account data (email, billing) is stored in EU-hosted databases.
What happens when you make an API call?
When you send a prompt via TokenBridge:
The prompt passes through China at step 2. We cannot avoid that โ the model runs there. We do not store the prompt or completion on our servers after the response is delivered.
What data do we keep?
We keep API metadata โ timestamps, which model you used, how many tokens โ for up to 90 days. This is for operational monitoring and debugging.
We do not keep your prompt text or the model's response text. That's by design, not a policy we could change tomorrow.
Who controls what data is sent?
You do. If you include personal data in your prompts, that's your choice and your responsibility under GDPR. You control the content of what you send. We can't see it (we don't log it) and we don't need it to provide the service.
What about international transfers?
Any data that passes to our upstream providers in China is transferred under EU Standard Contractual Clauses with supplementary protective measures:
Our Data Processing Agreement covers this in full, including sub-processor obligations, audit rights, and breach notification.
What about Stripe payments?
Your payment data goes directly to Stripe. We never see your credit card number. Stripe is US-based and certified under the EU-U.S. Data Privacy Framework โ a recognised adequacy mechanism.
Want a copy of our DPA?
Read the full Data Processing Agreement or download it as a .txt file for your procurement team.
Questions? Email privacy@polsia.app. We aim to respond within 48 hours.