Privacy Policy

1. Who We Are

Token Arena (“we”, “us”) operates this Service. We provide AI usage data collection, analytics, and presentation, and (when you enable it) social features such as public profiles, following, and leaderboards.

2. Scope

This Privacy Policy applies to your access to or use of Token Arena’s website, APIs, and CLI features, including identity verification through third-party sign-in providers.

3. Effective Date

This policy is effective as of 2026-03-31. We may update it from time to time to reflect actual data practices.

4. Information We Collect

4.1 Account & identity data: username, display name, email, avatar, and third-party account identifiers.

4.2 Authentication & security data: session identifiers, login timestamps, IP address, user agent, session tokens, and related metadata.

4.3 Device & usage data: device ID, hostname, session start/end times, active duration, message counts, token statistics (input/output/reasoning/cache), and model/tool usage distributions. Project identifiers may be hashed or raw depending on your project mode settings.

4.4 Social/public profile data (if enabled): bio, public profile visibility, follow relationships, and aggregated stats shown on your public pages and leaderboards.

5. How We Use Data

We use personal data for:

5.1 providing authentication, account services, and security controls;

5.2 computing, storing, and displaying usage analytics and (where applicable) cost estimates;

5.3 enabling CLI-to-server synchronization;

5.4 operating social features such as following and public visibility;

5.5 troubleshooting, performance optimization, and improving user experience;

5.6 complying with legal obligations and handling complaints/disputes.

6. Legal Bases

We process personal data based on: (1) necessity to perform a contract; (2) legitimate interests (e.g., security, anti-abuse, product maintenance and improvement); (3) your consent where required; and (4) legal obligations.

7. Sharing & Recipients

7.1 We do not sell personal data.

7.2 We may share limited, necessary data with categories of vendors needed to run the Service, such as cloud hosting/infrastructure providers, authentication providers, and operational/support vendors.

7.3 When you enable public profiles or leaderboards, some information may be visible to other users and accessible to the public. Leaderboards are public by default.

8. International Transfers

Your data may be accessed or processed in countries outside your jurisdiction. If cross-border transfers occur, we apply reasonable safeguards and, where required, provide appropriate notice and contractual or other legal mechanisms.

9. Retention

We retain data only as long as necessary for the purposes described or as required by applicable law. If you request deletion (e.g., account deletion), we will delete or anonymize data where commercially reasonable, subject to lawful exceptions for compliance, security, or audit purposes.

10. Security

We implement reasonable technical and organizational measures, such as encryption in transit, access control, authentication, and key management. However, no system can guarantee absolute security, and you must protect your account and credentials.

11. Your Rights

Depending on your jurisdiction, you may have rights including access, correction, deletion, restriction of processing, objection, data portability (where applicable), and withdrawal of consent where applicable. You may also have the right to lodge a complaint with a supervisory authority.

To exercise your rights, contact us via GitHub repository.

12. Cookies

We use cookies/session technologies to enable authentication and security controls. Non-essential cookies (if any) are used only as permitted by applicable law and consent requirements.

13. Automated Decision-Making & Profiling

We primarily use aggregated statistics to deliver analytics and display. We do not intend to make decisions that significantly affect you solely based on automated processing, where such effects would be subject to additional legal requirements.

14. Children

The Service is not intended for users below the age of eligibility under applicable law. If we learn that we collected personal data from children without authorization, we will take reasonable steps to delete it.

15. Updates

We may update this policy. Material changes will be notified via in-app notices or other legally compliant methods.

16. Contact

Privacy contact: via GitHub repository.