Legal

Data Processing Addendum

Last updated: 2026-06-28

This page summarizes the current data-processing position for Token.AI. It is not a replacement for a signed enterprise DPA; customers that require one should request it before sending regulated production data.

Customer as controller

The customer decides what data is sent through the gateway, which model channels are enabled, and which internal users may access the service.

Token.AI as processor

Token.AI processes service data to provide API routing, usage attribution, billing, abuse prevention, support, and security operations.

Model providers as subprocessors or independent providers

When a model channel is enabled, prompts, outputs, and related metadata may be processed under that provider or channel terms.

DPA Request Flow

Email [email protected] with your company name, billing email, requested contract entity, and expected workload.
Identify whether your workload uses managed model channels, self-hosted endpoints, or third-party commercial model channels.
Review subprocessors, model-channel boundaries, data retention requirements, and security contacts before production use.
For regulated or enterprise workloads, confirm a signed order form or DPA before sending sensitive production data.

Contact [email protected] for enterprise review.

Retention Summary

Data	Purpose	Retention
账户与团队资料	登录、团队管理、权限控制、支持工单	账户存续期间保留；删除账户后按备份周期和法定义务清理。
计费与交易记录	余额、发票、退款、财务审计、争议处理	按适用财务、税务和反欺诈要求保留。
API 请求元数据	用量归因、速率限制、排障、安全审计	默认短期保留，建议生产默认 30 天；企业可按合同配置更短或更长周期。
请求与响应内容	仅在调试、滥用调查、用户主动开启日志或合规要求下处理	默认不作为产品展示日志长期保存；如开启调试日志，应显示保留周期和删除方式。
安全与滥用事件	攻击防护、欺诈检测、账户保护、政策执行	按事件严重程度保留至调查结束，并遵守适用法律要求。

Important Boundary

Model-channel processing may vary by provider, model, region, and enabled route. Customers should review the current model-channel details in the control console and the subprocessors page before production use.

DPA Request Flow

Email [email protected] with your company name, billing email, requested contract entity, and expected workload.

Identify whether your workload uses managed model channels, self-hosted endpoints, or third-party commercial model channels.

Review subprocessors, model-channel boundaries, data retention requirements, and security contacts before production use.

For regulated or enterprise workloads, confirm a signed order form or DPA before sending sensitive production data.

Contact [email protected] for enterprise review.

Retention Summary

Data	Purpose	Retention
账户与团队资料	登录、团队管理、权限控制、支持工单	账户存续期间保留；删除账户后按备份周期和法定义务清理。
计费与交易记录	余额、发票、退款、财务审计、争议处理	按适用财务、税务和反欺诈要求保留。
API 请求元数据	用量归因、速率限制、排障、安全审计	默认短期保留，建议生产默认 30 天；企业可按合同配置更短或更长周期。
请求与响应内容	仅在调试、滥用调查、用户主动开启日志或合规要求下处理	默认不作为产品展示日志长期保存；如开启调试日志，应显示保留周期和删除方式。
安全与滥用事件	攻击防护、欺诈检测、账户保护、政策执行	按事件严重程度保留至调查结束，并遵守适用法律要求。