Privacy Policy - PithToken

1. Introduction

PithToken Ltd ("we," "us," or "Company") respects your privacy and is committed to transparent data practices. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data.

PithToken is a data controller under UK and EU data protection regulations. If you have questions about our privacy practices, please contact our Data Protection Officer at [email protected].

2. Information We Collect

We collect different types of information depending on how you use PithToken:

Account Information

Email address (required for account creation and communication)
Display name or username
Account type and tier (Free or Pro)
Payment information (processed securely; we do not store full credit card details)

Provider API Keys

You provide API keys for third-party language model providers (OpenAI, Anthropic, OpenRouter) to enable PithToken to access those services on your behalf. Your API keys are stored using encryption standards appropriate for sensitive credentials and are never shared with third parties.

Usage Metadata

When you use PithToken, we automatically collect:

Request timestamps
Token counts and usage metrics
Language model used and provider selected
API response latency and performance metrics
Estimated cost savings percentages
IP address and user agent information

Prompt Content

                Important: Prompt text content is NOT collected, stored, or retained by PithToken. Your prompts pass through our optimization service but are not logged, archived, or analyzed for secondary purposes.
            

3. How We Use Your Information

We use collected information for legitimate business purposes:

Service Provision: Processing your requests, optimizing prompts, and forwarding them to your chosen provider
Account Management: Authentication, account administration, billing, and support
Analytics and Improvements: Analyzing usage patterns, performance metrics, and service quality to enhance PithToken
Security and Fraud Prevention: Detecting abuse, preventing unauthorized access, and maintaining service integrity
Communications: Sending service updates, billing notifications, and responses to your inquiries
Legal Compliance: Fulfilling legal obligations and responding to lawful government requests

4. Data Forwarding to Third-Party Providers

PithToken forwards your optimized prompts to your chosen language model provider using your own API credentials:

OpenAI: Governed by OpenAI's privacy policy and terms
Anthropic: Governed by Anthropic's privacy policy and terms
OpenRouter: Governed by OpenRouter's privacy policy and terms

Once your prompt reaches these providers, their own privacy policies apply. PithToken is not responsible for how third-party providers handle your data. We recommend reviewing their privacy policies before using PithToken.

5. Data Retention

Usage Logs: Metadata logs (timestamps, token counts, performance metrics) are retained for 90 days for analytics and troubleshooting purposes. After 90 days, these logs are automatically deleted unless required for legal compliance.

Account Data: Account information (email, name, payment history) is retained while your account is active. Upon account deletion, we remove personal data within 30 days, except where legal obligations require longer retention.

Prompt Content: As stated above, prompt text is never retained.

6. Cookies and Tracking

PithToken uses session cookies only to maintain your authenticated session. These cookies:

Are strictly necessary for service functionality
Expire when you log out or close your browser
Do not track your behavior across third-party sites
Are not used for marketing or analytics purposes

We do not use third-party tracking pixels, analytics cookies, or marketing cookies.

7. Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties.

We may share information only in these limited circumstances:

Service Providers: With vendors who assist in operating PithToken (hosting, payment processing, email delivery), all bound by confidentiality agreements
Legal Requirements: When required by law, court order, or government request
Abuse Prevention: With relevant authorities when we detect illegal activity or abuse of our service
Business Transfer: In the event of acquisition, merger, or sale of assets

8. Your Rights

Under UK and EU data protection regulations (GDPR and UK Data Protection Act), you have the following rights:

Right to Access: Request a copy of your personal data held by PithToken
Right to Correction: Request correction of inaccurate personal data
Right to Deletion: Request deletion of your personal data (with exceptions for legal obligations)
Right to Restrict Processing: Request limitation of how we process your data
Right to Data Portability: Request your data in a portable, machine-readable format
Right to Withdraw Consent: Withdraw consent for specific processing activities
Right to Object: Object to processing for certain purposes

To exercise any of these rights, contact us at [email protected] with your request and proof of identity. We will respond within 30 days or inform you if we require additional time.

9. Security of Your Data

We implement industry-standard security measures to protect your personal data:

Encryption in transit (TLS/HTTPS)
Encryption at rest for sensitive data (including API keys)
Secure authentication mechanisms
Regular security audits and vulnerability assessments
Access controls and role-based permissions

However, no security system is completely impenetrable. While we strive to protect your data, we cannot guarantee absolute security.

10. International Data Transfers

PithToken operates from the United Kingdom. If you access PithToken from outside the UK, your information may be transferred to, stored in, and processed in the UK and other jurisdictions. By using PithToken, you consent to such transfers, subject to appropriate safeguards and in compliance with data protection laws.

11. GDPR and UK Data Protection Act Compliance

PithToken is committed to GDPR compliance and compliance with the UK Data Protection Act 2018. We base data processing on one of these lawful grounds:

Contract: Processing necessary to perform our service agreement with you
Consent: Your explicit consent for specific processing activities
Legal Obligation: Compliance with applicable laws
Legitimate Interest: Our business interests (service improvement, fraud prevention) where not outweighed by your rights

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

12. Third-Party Links

PithToken may contain links to third-party websites and services. This Privacy Policy applies only to PithToken. We are not responsible for the privacy practices of linked third-party services. Please review their privacy policies before providing personal information.

13. Children's Privacy

PithToken is intended for business and professional use only. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that a child has provided personal data, we will delete such information immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the service dashboard. Your continued use of PithToken following notification of changes constitutes your acceptance of the updated policy.

15. Contact Information

For privacy-related questions, data subject requests, or concerns:

General Inquiries: [email protected]

Data Protection Officer: [email protected]

Company: PithToken Ltd
Location: London, UK