Privacy Policy

AllToken ("we", "our", "us"), operated by MAGE BROS LIMITED, a company incorporated in Hong Kong, provides an AI API management and routing platform (the "Service") accessible at alltoken.ai. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

We comply with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong.

2.1 Account Information

• Name, email address
• Company name and billing address
• Phone number (optional)

2.2 Payment Information

Payment card details and billing information are collected and processed by our third-party payment processor, Stripe, Inc. We do not store your full credit card number on our servers.

2.3 Usage Data

• API call logs (timestamps, model selected, token usage, response metadata)
• Platform usage analytics (login times, dashboard interactions)
• IP address, browser type, and device information

2.4 API Content

We process API request and response content solely for the purpose of routing to the selected AI model provider. We do not store, train on, or analyze the content of your API requests or responses beyond what is technically necessary to deliver the Service.

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send billing notifications
• Monitor API usage and enforce rate limits
• Detect and prevent fraud, abuse, and security incidents
• Communicate service updates, technical notices, and support responses
• Comply with legal obligations

We may share your information with:

• AI Model Providers: API request content is forwarded to the AI model provider you select (e.g., OpenAI, Anthropic, Google, etc.). Each provider's own privacy policy governs their handling of that data.
• Payment Processor: Stripe, Inc. processes all payment transactions.
• Service Providers: We use third-party services for hosting, analytics, and customer support, under strict data processing agreements.
• Legal Requirements: We may disclose information if required by law, regulation, or valid legal process.

We do not sell your personal data to third parties.

• Account data is retained for as long as your account is active, plus 12 months after account closure.
• API usage logs (metadata only, not content) are retained for 90 days for billing and analytics purposes.
• Payment records are retained as required by applicable tax and accounting regulations (typically 7 years).
• API request/response content is not retained beyond the duration of the API call processing.

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• API key authentication and access controls
• Regular security assessments
• Access logging and monitoring

We use essential cookies to maintain your session and preferences. We use analytics cookies (which you may opt out of) to understand how the Service is used.

Under the Hong Kong Personal Data (Privacy) Ordinance, you have the right to:

• Access your personal data held by us
• Correct inaccurate personal data
• Request deletion of your account and associated data
• Export your data in a machine-readable format

To exercise any of these rights, contact us at [email protected].

For users in the European Economic Area (EEA), we also comply with applicable GDPR requirements, including lawful basis for processing and cross-border data transfer safeguards.

Your data may be processed in jurisdictions outside Hong Kong where our infrastructure providers operate. We ensure appropriate safeguards are in place through standard contractual clauses or equivalent measures.

Our Service is not directed to individuals under 18. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date.

If you have questions about this Privacy Policy or wish to exercise your data rights:

• Email: [email protected]
• Website: alltoken.ai