Privacy Policy

1.1 Information You Provide

• Account Registration: Name, email address, company name, billing address, and payment information.
• Communications: Messages you send to our support or sales teams.
• Configuration Data: Model selections and account-level settings you define within the platform (e.g., which models are enabled for your account). Scotch Token does not store or have access to the content of system prompts or individual API requests.

1.2 Information Collected Automatically

• Usage Data: Token counts, model identifiers, request timestamps, and account identifiers. This is the only request-level data Scotch Token retains, and it is used exclusively for billing and consumption calculations. Scotch Token does not log or store prompt content or model responses.
• Device & Technical Data: IP address, browser type, operating system, and referring URLs when you access our web dashboard.
• Cookies & Tracking: Session cookies, authentication tokens, and analytics cookies. See Section 7 for details.

1.3 Information from Third Parties

We may receive information from third-party payment processors (e.g., Stripe) and identity verification services to facilitate billing and fraud prevention.

We use the information we collect to:

• Provision, operate, and improve the Service.
• Process billing and manage your account.
• Route API requests to the appropriate third-party AI model provider.
• Monitor usage, enforce fair use policies, and detect abuse or security threats.
• Communicate with you about your account, updates, and Service changes.
• Comply with legal obligations.
• Conduct analytics to improve Service performance and user experience.

Scotch Token does not store, access, or use your prompt data or AI model responses for any purpose. The only data we retain is Usage Data (token counts, model identifiers, timestamps, and account identifiers), which is used exclusively for billing and consumption-level calculations.

3.1 Third-Party AI Model Providers

When you make an API request through Scotch Token, your prompt is routed directly to the model provider you have configured using the API key associated with your account. Scotch Token acts as a secure pass-through gateway: prompt content and model responses are never stored, logged, or accessed by Scotch Token.

Each model provider has its own privacy policy governing how it processes data you send to it. We recommend reviewing those policies for the providers you use.

3.2 Service Providers

We share information with trusted vendors who assist us in operating the Service, including cloud infrastructure providers, payment processors, and analytics platforms. These vendors are contractually required to protect your information and use it only for the services they perform for us.

3.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Scotch Token, our users, or the public.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the successor entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.5 Aggregated & De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you, for industry benchmarking, research, or marketing purposes.

Scotch Token retains only the data required for billing and consumption-level calculations: token counts, model identifiers, request timestamps, and account identifiers. This Usage Data is retained for as long as your account is active and for 7 years following termination, in accordance with legal and financial compliance requirements.

Scotch Token does not retain prompt content or model responses. These pass directly between your application and the model provider and are never written to Scotch Token storage.

You may request deletion of your account and billing data at any time, subject to legal retention obligations.

Scotch Token implements commercially reasonable technical and organizational security measures designed to protect your information, including:

• TLS encryption for all data in transit.
• AES-256 encryption for API keys and sensitive credentials stored at rest.
• Role-based access controls and audit logging for internal access to billing and account data.
• Regular security assessments and vulnerability testing.

No security measure is perfect. In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request that we provide your data in a machine-readable format.
• Objection / Restriction: Object to or request restriction of certain processing activities.
• Opt-Out of Marketing: Unsubscribe from marketing emails at any time by clicking 'unsubscribe' or contacting us.

To exercise these rights, contact us at privacy@scotchtoken.com. We will respond within 30 days (or as required by applicable law).

We use cookies and similar technologies to authenticate sessions, maintain preferences, and collect analytics. You can control cookie settings through your browser. Disabling cookies may affect your ability to use certain features of the Service.

We do not sell personal information or use third-party advertising cookies on the Scotch Token platform.

Scotch Token is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US or other countries. We take appropriate steps to ensure such transfers comply with applicable data protection laws, including Standard Contractual Clauses or other lawful transfer mechanisms where required.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have inadvertently collected such information, we will delete it promptly.

California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know, delete, correct, and opt out of the sale or sharing of personal information. Scotch Token does not sell or share personal information as defined by CCPA. To submit a CCPA rights request, contact privacy@scotchtoken.com.

If you are located in the European Economic Area (EEA) or United Kingdom, Scotch Token processes your personal data under the following legal bases: performance of a contract (to provide the Service); compliance with legal obligations; and legitimate interests (security, fraud prevention, product improvement). You have the rights described in Section 6, enforceable under applicable GDPR law. Contact privacy@scotchtoken.com with any GDPR-related requests.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on the Service at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact:

scotchtoken.com
Privacy Team: privacy@scotchtoken.com
Website: https://scotchtoken.com