private beta · limited accessSign inStart free →
LegalPrivacy Policy
← Back

Privacy Policy

Effective: June 1, 2026Version: 2.1Contact: legal@tokenistt.com
Core Privacy Principle

Your prompt content, source code, files, and any context you send to an LLM never leaves your local machine. Tokenistt intercepts requests locally and only transmits performance metadata — token counts, latency, costs, and model identifiers — to its cloud backend. Your intellectual property stays yours.

1. What we collect

1a. Data that stays local (never transmitted)

  • Prompt and message content sent to any LLM
  • System prompt text, tool definitions, and function schemas
  • Source code, file contents, and repository context
  • Any personally identifiable information contained within your prompts
  • LLM API responses and model outputs
  • Conversation history and session context

This data is processed entirely on your device by the Tokenistt MCP server process. It is tokenized, scored, and analyzed in memory and is never written to disk by Tokenistt or transmitted to any external endpoint.

1b. Performance metadata we collect

  • Token counts: input tokens, output tokens, cached tokens per request
  • Cost estimates based on model pricing at time of request
  • Request latency and time-to-first-token (TTFT)
  • Model identifier (e.g. claude-sonnet-4-6, gpt-4o)
  • Workspace label (a string you configure, defaults to folder name)
  • Optimization score (0–100) and suggestion category, without prompt content
  • Cache hit/miss status and prefix fingerprint hash (not the prefix itself)
  • Timestamp and MCP host identifier (e.g. "cursor", "claude-desktop")

1c. Account data

  • Email address (for account creation and billing)
  • Name (optional, for dashboard display)
  • Payment method (tokenized via Stripe — we never store card numbers)
  • Team workspace membership and role

2. How we use your data

Data typePurpose
Performance metadataRender your dashboard, calculate savings, detect anomalies
Token counts + costsBilling calculation and spend attribution
Workspace labelsGroup and filter your analytics view
Optimization scoresTrend reporting and engine improvement (anonymized aggregates only)
Email addressAccount auth, billing receipts, critical security notices

3. Data retention

Performance metadata is retained for 90 days on free plans and 2 years on Team/Enterprise plans. You can delete all stored metadata at any time from your account settings. Account data is retained for 30 days after account deletion, then permanently purged.

4. Data sharing

We do not sell your data. We do not share performance metadata with third parties for advertising. We share data only with:

  • Infrastructure subprocessors (listed on our Subprocessors page) operating under DPAs
  • Payment processor (Stripe) for billing — they receive only what is required to process payment
  • Law enforcement when required by a valid legal process (we will notify you unless prohibited by law)

5. Security

All data in transit is encrypted with TLS 1.3. Performance metadata at rest is encrypted with AES-256. We are SOC 2 Type II certified. Our infrastructure undergoes annual penetration testing by an independent firm.

6. Your rights

  • Access: request a copy of all metadata we hold about your account
  • Deletion: permanently delete all stored metadata and account data
  • Correction: update any inaccurate account information
  • Portability: export your usage data as JSON or CSV
  • Opt-out of analytics: run the MCP server with TOKENISTT_DISABLE=1 to bypass all transmission

7. Contact

Questions about this policy: legal@tokenistt.com. For data deletion requests, email with subject line "Data Deletion Request" and we will process within 30 days.