Privacy Policy
Last updated: February 18, 2026
1. Introduction
This Privacy Policy explains how inPhrase, trading as TokenCompress, ("we", "us", "our"), operated at TokenCompress.com, collects, uses, shares, and protects your personal information when you use our context compression proxy service for Large Language Models.
We are committed to protecting your privacy and handling your data transparently. This policy applies to all users worldwide, including those in the European Economic Area (EEA), United Kingdom (UK), United States (US), and all other jurisdictions.
2. Data Controller
inPhrase (trading as TokenCompress) is the data controller for the personal data processed through our Service. For payment processing, Paddle.com Market Limited acts as the Merchant of Record and is an independent data controller for payment-related data.
For any privacy-related inquiries, contact us at: info@tokencompress.com
3. Information We Collect
3.1 Account Information
When you create an account via GitHub or Google OAuth, we receive and store:
- Name β as provided by your OAuth provider
- Email address β your primary email from GitHub or Google
- Avatar URL β your profile picture URL
- OAuth provider ID β a unique identifier from GitHub or Google
We do not receive or store your GitHub/Google password. Authentication is handled entirely through OAuth tokens.
3.2 API Keys
When you create API keys for accessing the Service:
- API keys are stored in hashed form; the full key is shown to you only once at creation
- Your LLM provider API keys (e.g., OpenAI, Anthropic) are encrypted at rest and transmitted over TLS
3.3 Usage Data
We automatically collect:
- Request metadata β timestamps, request counts, compression ratios, latency measurements
- Aggregate usage metrics β total requests per billing period, plan utilization
- Error logs β error types and frequency (without request content)
3.4 Content Data (Transient)
We do NOT store your code or text content. When you send a compression request:
- Your content is processed in memory for compression
- The compressed content is forwarded to your chosen LLM provider
- The original and compressed content are immediately discarded after processing
- We do not log, cache, or retain the content of your requests or LLM responses
3.5 Payment Information
We do not directly collect or store payment card details. All payment processing is handled by Paddle.com, our Merchant of Record. Paddle may collect:
- Payment method details (credit card, PayPal, etc.)
- Billing address
- Transaction history
Please refer to Paddle's Privacy Policy for details on how they handle payment data.
3.6 Cookies and Analytics
We use the following cookies and tracking technologies:
- Session cookie (
session_id) β essential for authentication, expires when you log out or after session timeout - CSRF token (
csrf_token) β essential for security, prevents cross-site request forgery - Locale preference (
locale) β stores your language preference - Google Analytics β we use Google Analytics (gtag.js) to understand how users interact with our website. This collects anonymized page views, session duration, and referral sources. See Google's Privacy Policy.
4. How We Use Your Information
We use your information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and operating the Service | Contract performance |
| Authentication and account management | Contract performance |
| Processing subscriptions and billing | Contract performance |
| Usage tracking and enforcing plan limits | Contract performance |
| Service improvement and performance optimization | Legitimate interest |
| Security monitoring and fraud prevention | Legitimate interest |
| Responding to support requests | Contract performance |
| Sending important service notifications | Contract performance |
| Website analytics | Consent (via cookie banner where required) |
| Legal compliance | Legal obligation |
We do not use your data for:
- Training AI or machine learning models
- Selling to third parties
- Profiling for advertising purposes
- Automated decision-making with legal effects
5. Data Sharing and Third Parties
We share your data only with the following categories of third parties:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Paddle.com | Payment processing (Merchant of Record) | Email, billing info, transaction data |
| Your LLM Provider | Forwarding compressed requests | Compressed content (using your API key) |
| Google Analytics | Website analytics | Anonymized usage data |
| Infrastructure providers | Hosting and CDN | Technical data (IP addresses, logs) |
We may also disclose information when required by law, legal process, or to protect our rights, safety, or the security of others.
6. Data Retention
- Account data: Retained while your account is active, plus 30 days after account deletion
- Usage metrics: Retained for up to 24 months for billing and analytics purposes
- Content data: Not retained β processed transiently and immediately discarded
- Session data: Automatically expired and cleaned up hourly
- Payment records: Retained by Paddle as required by tax and financial regulations
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit: All data is transmitted over TLS 1.2+
- Encryption at rest: API keys and sensitive data are encrypted in our database
- Access controls: Role-based access with principle of least privilege
- CSRF protection: All state-changing operations require valid CSRF tokens
- Security headers: We implement Content-Security-Policy, HSTS, and other security headers
- Regular security updates: Dependencies and infrastructure are kept up to date
8. International Data Transfers
Our Service is available globally. Your data may be transferred to and processed in jurisdictions outside your country of residence.
For transfers from the EEA/UK to countries without an adequacy decision, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Supplementary measures as needed to ensure adequate protection
9. Your Rights
9.1 Rights for All Users
Regardless of your location, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Cancel your subscription at any time
9.2 Additional Rights for EEA/UK Users (GDPR)
If you are located in the European Economic Area or the United Kingdom, you additionally have the right to:
- Data portability β receive your data in a structured, commonly used, machine-readable format
- Restriction of processing β request that we limit how we use your data
- Object to processing β object to processing based on legitimate interests
- Withdraw consent β where processing is based on consent, withdraw it at any time
- Lodge a complaint β file a complaint with your local data protection authority
9.3 Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know β what personal information we collect, use, and disclose
- Delete β request deletion of your personal information
- Opt-out of sale β we do not sell your personal information
- Non-discrimination β exercise your rights without discriminatory treatment
9.4 Exercising Your Rights
To exercise any of these rights, contact us at info@tokencompress.com. We will respond within 30 days (or the timeframe required by your jurisdiction's law). We may need to verify your identity before processing your request.
10. Children's Privacy
The Service is not intended for individuals under the age of 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you by email or through the Service where required by law
We encourage you to review this page periodically.
12. Contact Us
For any questions or requests regarding this Privacy Policy or your personal data, contact us:
- Email: info@tokencompress.com
- Website: tokencompress.com/contact