Privacy Policy

Last updated: May 30, 2026

This Privacy Policy explains what information Air Token (the "Service") collects, how we use it, and the choices you have. By using the Service you agree to this Policy.

1. Information We Collect

• Account information. Your email address (used as your username) and a securely hashed password. If you sign in with Google, we receive your email address, basic profile name, and a Google account identifier — we never receive your Google password.
• Payment information. Payments are processed by Stripe. We receive confirmation of a payment and its amount, but we do not collect or store your full card details.
• Usage data. Metadata about your API requests, such as the model used, token counts, timestamps, and your account balance, which we use for billing and abuse prevention.
• Technical data. Limited data such as IP address, used for rate limiting, security, and operating the Service.

2. Prompts and Content

To fulfill your API requests, the content you send (your prompts and inputs) is transmitted to the relevant upstream model provider, which generates the response. We do not use your prompt or response content to train models, and we do not retain that content beyond what is needed to deliver the Service and prevent abuse. Upstream providers process this content under their own privacy terms.

3. How We Use Information

• to provide, maintain, and secure the Service;
• to authenticate you and manage your account and API keys;
• to process payments and calculate usage-based billing;
• to detect, prevent, and address fraud, abuse, or technical issues; and
• to comply with legal obligations.

4. Service Providers

We share information only as needed with providers that help us operate:

• Stripe — payment processing.
• Google — optional "Sign in with Google" authentication.
• Upstream model providers — to generate responses to your API requests.
• Cloudflare — network delivery and security.

We do not sell your personal information.

5. Cookies

We use a single session cookie to keep you signed in. We do not use advertising or third-party tracking cookies.

6. Data Retention

We retain account and usage records for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account as described below.

7. Your Rights

You may access, correct, or request deletion of your personal information by contacting us. Depending on your location, you may have additional rights under applicable data protection laws.

8. Security

We use reasonable technical and organizational measures to protect your information, including hashing passwords and transmitting traffic over encrypted connections. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

9. International Transfers

Your information may be processed in countries other than your own. Where we transfer information, we take steps to protect it consistent with this Policy.

10. Children

The Service is not directed to children under 13 (or the age of digital consent in your jurisdiction), and we do not knowingly collect their personal information.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be reflected by updating the "Last updated" date above.

12. Contact

Questions or requests regarding your privacy? Contact us at [email protected].