Privacy Policy

1. Who we are

TokenBridge is operated by Polsia Inc., 548 Market Street, San Francisco, CA 94104, United States. For GDPR purposes, we have appointed a representative in the EU: Polsia Technologies GmbH, c/o WeWork, Invalidenstraße 91, 10115 Berlin, Germany.

Contact: privacy@polsia.app

2. What we collect

We collect:

• Account information: Name, email address, company name, billing address, payment information (via Stripe)
• API metadata: Timestamps, model used, token counts, error codes, endpoint called. We do not log prompt input text or model completion text after the response is returned.
• Usage data: Features used, approximate request volumes, referrer URL

3. How we use it

• To provide and maintain the TokenBridge service
• To process payments (via Stripe)
• To send transactional emails — account notifications, API alerts, billing (via Postmark)
• To improve our service and detect abuse

We do not sell, trade, or otherwise transfer your personal data to unrelated third parties.

4. Our sub-processors

Stripe is certified under the EU-U.S. Data Privacy Framework. International transfers to China are covered by Standard Contractual Clauses (Module Two, Commission Implementing Decision (EU) 2021/914) with supplementary measures as described in our Data Processing Agreement.

5. Data retention

Account data is retained for the duration of your account plus 2 years after closure. API metadata is retained for 90 days for operational purposes, then deleted. Prompt input and completion output are not persisted — they pass through our systems and are returned to you.

6. Your rights under GDPR

If you are in the European Economic Area, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Restriction: Request limited processing
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests

To exercise any rights, email privacy@polsia.app. We respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority (DPA) if you believe we have not handled your data appropriately.

7. Cookies

The TokenBridge website uses minimal cookies: authentication session cookies (essential, not marketing) and one analytics cookie (PostHog, anonymised, opt-out available).

8. Data security

We use TLS 1.2+ for all data in transit, encrypted storage, role-based access controls, and regular security reviews.

9. Children's data

TokenBridge is not directed at individuals under 16. We do not knowingly collect data from children.

10. Changes to this policy

We update this policy when our practices change. The "Last updated" date at the top reflects the most recent change. For material changes, we will notify you via email or dashboard notice.