Privacy Policy

This Privacy Policy ("Policy") explains how Tokeflow, LLC ("Tokeflow," "we," "us," or "our") collects, uses, discloses, and protects information when you visit our website or use our dashboards, APIs, SDKs, and related services (collectively, the "Service").

1) Scope and Roles (Controller vs. Processor)

Depending on how you interact with Tokeflow, we may act as:

• Controller of personal data collected on our website (e.g., demo requests) and for account administration of the Service.
• Processor / service provider of personal data that our business customers ("Customers") submit to the Service in connection with their own operations (for example, operational metadata, merchant configuration data, routing configuration, and event logs).

When we process personal data on behalf of a Customer, the Customer is typically the controller of that data, and our processing is governed by our contract with that Customer (and, where applicable, a Data Processing Addendum).

2) Information We Collect

A. Information you provide directly

We may collect:

• Business contact information (e.g., name, work email, company, role, region) when you request a demo or communicate with us.
• Account information for authorized users of the Service (e.g., name, work email, role, access permissions).
• Support and communications content (e.g., messages, attachments, and troubleshooting details you send us).

B. Information collected automatically

When you use the website or Service, we may collect:

• Device and technical data (e.g., IP address, browser type, device identifiers, language, approximate location derived from IP).
• Usage data (e.g., pages viewed, clicks, time spent, referring URLs).
• Log data (e.g., timestamps, request/response metadata, error logs, performance metrics).

C. Customer-submitted data in the Service

Customers may submit data to Tokeflow as part of using the Service. This can include:

• Configuration data (e.g., merchant profiles, routing rules, webhook destinations).
• Operational metadata and event records (e.g., identifiers, timestamps, statuses, provider responses, and delivery attempts).
• Business records needed to operate the orchestration layer.

3) How We Use Information

We use information for the following purposes:

• To provide and operate the Service (authentication, access control, configuration, routing operations, event delivery).
• To secure the Service (fraud prevention, abuse monitoring, access control, vulnerability mitigation).
• To maintain reliability and performance (debugging, error tracking, monitoring, incident response).
• To communicate with you (responding to requests, providing service notices, support).
• To improve the Service (feature development, UX improvements, product analytics).
• To comply with legal obligations and enforce our Terms of Use.

We do not sell personal information.

4) Cookies and Similar Technologies

We may use cookies and similar technologies to:

• Enable core site functionality,
• Remember preferences,
• Understand website usage and improve performance.

You can control cookies through your browser settings. Some features may not function properly without certain cookies.

5) How We Share Information

We may share information in the following cases:

• Service providers that support our operations (e.g., hosting, monitoring, analytics, customer support tooling), under confidentiality and data protection obligations.
• With Customers (for example, account administrators may access user and operational data within their organization).
• Legal and safety reasons (to comply with law, respond to lawful requests, protect rights and safety, investigate abuse).
• Business transfers (e.g., merger, acquisition, restructuring), subject to appropriate safeguards.

We do not share your data with PSPs on your behalf unless you or your Customer configure such integrations as part of using the Service.

6) International Data Transfers

Tokeflow may process and store information in countries other than where you live. When required, we implement appropriate safeguards for cross-border transfers, such as contractual protections and security measures.

7) Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, including:

• the duration of your account,
• providing the Service,
• complying with legal obligations,
• resolving disputes,
• enforcing agreements.

Retention periods may vary depending on the type of data and the context in which it was collected.

8) Security

We implement reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, or alteration. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

9) Your Rights and Choices

Depending on your location, you may have rights to:

• Access, correct, or delete certain personal data,
• Object to or restrict certain processing,
• Request data portability,
• Withdraw consent where processing is based on consent.

If you are an end user of one of our Customers and your data was submitted to Tokeflow by that Customer, please direct requests to the Customer (the controller). We will assist Customers in responding to such requests as required by applicable law and our agreements.

To submit a request regarding data Tokeflow controls, contact us through the support channel or contact method provided within your account or by submitting a request via our website contact flow.

10) Children's Privacy

The Service is intended for business use and is not directed to children. We do not knowingly collect personal information from children.

11) Changes to This Policy

We may update this Policy from time to time. We will update the "Last Updated" date and, where appropriate, provide additional notice. Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

12) Contact

Questions about this Policy can be submitted through our support channel or the contact method provided in your account dashboard.