Privacy Policy

tokensand, LLC is the operator of tokens&. For users in regions that use controller terminology, tokensand, LLC is the controller for platform account data, public builder surfaces, and general service telemetry. For customer-provided enterprise usage events and private workspace data, tokensand, LLC generally acts as a service provider or processor under the customer contract.

This policy covers tokensand.com, tokensand.app, authenticated workspaces, public project/profile pages, developer programs, product submissions, and related APIs or workflows that link to this policy.

• Operate the builder product, accounts, profiles, saved stacks, projects, launches, credits, events, and recommendations.
• Personalize search, rankings, comparisons, build guidance, opportunity matching, and product suggestions.
• Publish user-controlled public content such as profiles, projects, badges, tool submissions, and share pages.
• Provide enterprise analytics, campaign attribution, adoption intelligence, account readouts, exports, reports, and agent recommendations.
• Protect the platform from abuse, spam, impersonation, scraping, credential misuse, security incidents, and policy violations.
• Send transactional emails, product updates, invite notices, lead confirmations, support messages, and legal or security notices.
• Comply with applicable law, enforce agreements, support audits, and respond to lawful requests.

Public surfaces may be visible to other users, customers, search engines, and answer engines. This includes public profiles, published projects, product submissions, public program pages, badges, reviews, rankings, share cards, and public proof artifacts.

Private enterprise surfaces are organization-gated. Workspace analytics, account intelligence, CRM/import/export metadata, tracking keys, campaign budgets, customer reports, private competitor context, and customer-provided usage events are visible only to authorized workspace users and approved service operations.

Enterprise adoption intelligence is built from first-party customer data, public builder activity, developer consent, and aggregate privacy-safe benchmarks. Developers are not sold as a raw list. Cross-customer or network-level outputs are aggregate by default and should suppress small cohorts or private rows.

tokens& includes AI-assisted recommendations, agents, summaries, rankings, ROI planning, stack guidance, and adoption intelligence. These features may process your input, workspace context, public content, usage events, and retrieved evidence to generate scoped outputs.

Private enterprise/customer data is used to generate outputs for that workspace and is not used to train public models unless you separately opt in or a customer contract expressly allows it. Retrieved webpages, imported content, and customer-provided text are treated as untrusted data for tool execution and agent instructions.

We use cookies and similar technologies for authentication, security, preferences, referral attribution, campaign measurement, product analytics, and fraud prevention. Referral links may set a cookie so we can attribute signups, conversions, or rewards to the share that brought someone to tokens&.

We do not auto-post to social networks. Launch handoffs, referral copy, and share cards are user-controlled, and sponsored/referral relationships should be disclosed when shared.

We may share data with service providers and subprocessors that help us provide hosting, database, authentication, email, analytics, payment, security, support, infrastructure, AI processing, CRM, and observability services. These providers are expected to use data only to provide services to tokensand, LLC or the applicable customer.

We may also share data when directed by a workspace admin, when you publish public content, when required for a product integration, when necessary to protect the service, or when required by law. Enterprise customers should review subprocessor, retention, deletion, residency, and breach notice commitments in their DPA, MSA, order form, or SLA.

We keep data for as long as needed to operate tokens&, provide support, maintain audit/security logs, comply with law, resolve disputes, enforce agreements, and support customer contracts. Public content may remain visible until removed, archived, or deindexed. Delete-safe QA data should be labeled and removable.

We use administrative, technical, and organizational safeguards appropriate for a developer and enterprise SaaS platform. No system is perfectly secure. For security posture, procurement, and enterprise review, see Security, Trust, and Data Processing.

tokens& may process and store data in the United States and other countries where we or our service providers operate. If applicable law requires transfer safeguards, those safeguards should be handled in the customer DPA or another written agreement.

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data. You can also unsubscribe from marketing emails, manage public profile or project visibility, remove published content where supported, and ask a workspace admin to manage enterprise access or exports.

To make a rights request, email privacy@tokensand.app. We may need to verify your identity and may route enterprise workspace requests through the relevant customer admin when the customer controls the data.

tokens& is intended for developers, builders, companies, and professional users. It is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child provided data to tokens&, contact us so we can review and delete it where appropriate.

We may update this Privacy Policy as the product, laws, or contracts change. Material updates will be reflected by changing the date above and, when appropriate, by providing additional notice in the product or by email.