Privacy Policy

Last updated: March 2026

What we collect

• Account info — name and email from Google OAuth, used solely for authentication.
• API keys — encrypted at rest with AES-256-GCM. Keys are only used to fetch your usage data from providers.
• Usage data — aggregated cost and token counts fetched from your AI providers, stored to power your dashboard.
• Analytics — anonymous page views and feature usage via PostHog to improve the product.

What we don't do

• We never sell your data.
• We never read your API prompts or completions.
• We never share data with third parties beyond hosting infrastructure.

Data storage

All data is stored on Neon (PostgreSQL) with encryption in transit. API keys are encrypted at rest using AES-256-GCM before being stored.

Deletion

You can delete your account and all associated data at any time from the Settings page. Email support@tokenwatch.dev if you need help.

Contact

Questions? Reach out at support@tokenwatch.dev.