EcoToken Privacy Policy

• Account. Email address and a password (stored only as a hash by our authentication provider; the plaintext is never seen by us or stored anywhere).
• Prompt content. Text you submit to EcoForge, EcoCompressor, or EcoOptimum for optimization. Both the original and the Optimized Output may be stored so the result appears in your Saved Prompts and Recents.
• Saved prompts and projects. Names, colors, and any prompts you save to your library.
• Calibration samples. Integer pairs of (input tokens, output tokens) per project, plus a single anonymized theme tag derived from the calibration reply text (see Section 2.3 below for details). The reply text itself is tokenized in your browser for the count, sent to our server once for theme classification, and discarded immediately — never stored.
• Bring-Your-Own-Key (BYO) data. If you use the BYO plan, the Anthropic API key you provide. Stored encrypted at rest (AES-256-GCM) and decrypted only at the moment a request is forwarded on your behalf. We also store the last four characters of the key in plaintext for display in the UI.

• Service usage. Token counts, model targeted, run timestamps, and savings estimates for each optimization, persisted to the Savings Library.
• Plan and billing state. Current plan, subscription status, Pay-As-You-Go credit balance, and a Stripe customer identifier. Card numbers and bank details are handled directly by Stripe and are never seen or stored by us.
• Session cookies. Strictly-necessary cookies set by our authentication provider to keep you signed in. No advertising or cross-site tracking cookies are used.
• Server logs. Request metadata (IP address, user agent, request path, response code, timestamp) retained for operational, security, and abuse-detection purposes for up to 30 days.
• Page-view analytics (Vercel Analytics). We use Vercel Analytics — a privacy-friendly, first-party tool provided by our hosting platform — to count page views and measure Core Web Vitals. It does not set third-party cookies, does not follow visitors across other websites, does not collect personal identifiers, and does not share data with advertising networks. Full details at vercel.com/docs/analytics/privacy-policy.

When you submit a calibration sample by pasting an AI reply (the "Paste the reply" mode on the Calibrate page), the text is sent to our server once and used solely to classify the sample into one of about a dozen high-level theme buckets — for example App building, Customer support, Code generation, Marketing copy. The classification is performed by Claude Haiku and returns a single short identifier.

What we do with the text:

• It's held in memory for the duration of the classification request only.
• It is never written to disk, never logged, never persisted in any database.
• It is not used to train any AI model and is not shared with any third party other than the AI provider that performs the classification (Anthropic).
• The only thing kept after classification is the resulting theme identifier.

How the theme is used: theme tags are aggregated into anonymized per-theme ratio statistics (e.g. "App building projects average 1.8× output/input ratio at typical prompt sizes"). The aggregation table contains no user identifier, no project identifier, no project name, and no calibration text. Once a theme tag enters the aggregate, it is permanently disconnected from the source user and project.

How to opt out: use the Calibrate page's "Enter a count" mode instead of paste mode. That path sends only the integer token count and never transmits the reply text.

We rely on: (a) contractual necessity to operate the Service you signed up for; (b) legitimate interests in securing the Service, preventing abuse, and improving product quality; and (c) consent, where required, for non-essential processing. You can withdraw consent at any time.

We do not sell your personal information. We do not rent or trade it. We do not share your prompt content with any party other than the AI provider strictly necessary to fulfill the optimization request you initiated.

• Anthropic, PBC — receives your prompt text solely to generate the Optimized Output you requested. Anthropic's handling of that content is governed by its own terms and privacy policy.
• Stripe, Inc. — receives your email, plan selection, and payment details directly (we never see full card data). Stripe processes payment and stores billing records per its own retention policies.
• Supabase, Inc. — our database and authentication provider. All User Content not explicitly excluded above is stored in Supabase-managed Postgres.
• Vercel, Inc. — hosts the application and serves its static assets; processes request metadata at the edge.

• We may disclose information if required by law, subpoena, or court order, or to protect our rights, property, or safety, or those of our users or the public.
• If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

In addition to the rights above, California residents have the right to know what personal information we collect, disclose, and "sell" (we do not sell personal information), and the right to non-discrimination for exercising privacy rights. No financial incentives are offered in exchange for personal information.

If you are in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with your local data protection authority. We do not rely on automated decision-making or profiling that produces legal or similarly significant effects on you.