Legal

Privacy Policy

Effective May 8, 2026  ·  Last updated May 8, 2026

This Privacy Policy describes how Nimbus Analytica Inc. ("TokenWatch", "we", "our", or "us"), operating tokenwatch.one, collects, uses, and protects information when you use our services. TokenWatch is incorporated in Ontario, Canada and this policy is governed by the laws of Ontario and the federal laws of Canada applicable therein, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

If you are located in the European Economic Area, we extend equivalent protections consistent with the General Data Protection Regulation (GDPR). If you are located in the United States, your use of TokenWatch is also subject to applicable US privacy laws.

1. What We Collect

1.1 Account Information

When you sign up for TokenWatch, we collect your name, email address, and billing information (processed by Stripe). Authentication is handled by Clerk. We do not store your payment card details — Stripe handles all payment data.

1.2 Attribution Metadata

TokenWatch collects the following metadata from developer machines for the purpose of AI cost attribution:

  • Git remote URL (e.g. github.com/your-org/your-repo) — used to identify the project
  • Git branch name — used for attribution granularity
  • Git user email and display name — used to identify the developer
  • Workspace directory path — used as a supplementary attribution signal
  • Token usage counts (input tokens, output tokens, cache tokens)
  • AI model name (e.g. claude-sonnet-4-6)
  • Estimated cost in USD, computed from token usage
  • Session identifiers and turn counts
  • Timestamps

1.3 What We Do Not Collect

TokenWatch does not capture, store, or transmit:

  • The content of your prompts or AI conversations
  • Your source code or file contents
  • Keystrokes or screen activity
  • Any data beyond the attribution metadata listed in 1.2

1.4 Usage and Analytics

We use PostHog to collect anonymized product analytics (page views, feature usage) to improve the product. This data is not sold or shared with third parties for advertising purposes.

2. How We Use Your Information

We use the information we collect to:

  • Provide the TokenWatch service — attributing AI token costs to developers, projects, and clients
  • Generate reports and exports for agency billing purposes
  • Process payments and manage your subscription
  • Send transactional emails (account setup, billing receipts, ingest key delivery)
  • Improve the product through anonymized usage analytics
  • Respond to support requests

We do not use your data to train AI models. We do not sell your data to third parties.

3. Data Storage and Security

Attribution metadata and account data are stored in Supabase (PostgreSQL), hosted on infrastructure located in the United States. By using TokenWatch, you consent to your data being stored in the United States.

We implement reasonable technical and organizational measures to protect your data, including encrypted connections (TLS), access controls, and server-side authentication. No method of transmission over the internet is 100% secure — we cannot guarantee absolute security.

Your Anthropic API key (if used with the TokenWatch proxy) is never stored by TokenWatch. It passes through the proxy in memory and is forwarded directly to Anthropic.

4. Data Retention

We retain attribution metadata for as long as your account is active. If you cancel your subscription, your data is retained for 90 days to allow for export, after which it is deleted. You may request earlier deletion by contacting us at the address below.

5. Sharing of Information

We share data only with the following service providers, strictly for the purpose of operating TokenWatch:

  • Clerk — authentication
  • Stripe — payment processing
  • Supabase — database hosting
  • Resend — transactional email
  • PostHog — anonymized product analytics
  • Vercel — application hosting

We do not share your data with any other third parties, and we do not sell your data.

6. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your data
  • Export your data in a machine-readable format (CSV export is available from your dashboard)
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at support@tokenwatch.one. We will respond within 30 days.

7. Cookies

TokenWatch uses essential cookies required for authentication (managed by Clerk) and session management. We do not use advertising cookies or third-party tracking cookies.

8. Children

TokenWatch is a business tool intended for use by professionals. We do not knowingly collect information from anyone under the age of 18.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the dashboard. Continued use of TokenWatch after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related inquiries:
Nimbus Analytica Inc.
Toronto, Ontario, Canada
support@tokenwatch.one