Privacy Policy
Last updated: July 3, 2026
TokenLens ("we", "us") provides LLM cost monitoring for teams. This policy explains what we collect, why, and how it's protected.
Account data: your email address (for sign-in and notifications). Billing metadata from your LLM providers: daily cost totals grouped by model and project — numbers only. We never receive, request, or store your prompts, completions, or any content sent to LLM APIs. Settings you provide: budgets, notification email, Slack webhook URL.
Admin keys you connect are used solely to read billing data from your provider's official APIs. Keys are encrypted at rest with AES-256-GCM before touching our database, are never sent to your browser after entry, and are never logged. You can disconnect (delete) a key at any time on the Providers page, which removes it immediately. These keys are read-only for billing by design and cannot make model calls or spend on your behalf.
To render your dashboards, compute insights, and send the alerts you configure. We do not sell your data, use it for advertising, or train models on it.
Vercel (hosting), Supabase (database and authentication), and Resend (email delivery, only if email alerts are enabled). Each processes data only as needed to provide the service.
Spend history is retained while your account is active. To delete your account and all associated data (including encrypted keys and spend history), email us and we'll complete deletion within 30 days.
Questions or deletion requests: privacy@tokenlens.us