Identity
API keys are hashed at rest. Password sessions use HTTP-only cookies and admin routes require admin-tier identity.
Security
Security controls for commercial AI operations.
Tokenok keeps customer identity, hashed API keys, provider secrets, request logs, audit logs, payment signatures, and data protection controls in one operating surface.
Data protection
Request logs focus on metering and operations. Avoid sending regulated or unnecessary personal data in prompts.
Auditability
Provider changes, balance actions, key lifecycle events, payment operations, and announcements are written to audit logs.
Global privacy posture
APPI, GDPR, and CCPA readiness starts with clear disclosure.
The public policies are structured for APPI, GDPR-style, and California privacy rights review. Final wording should be approved by counsel before public launch.