Privacy Policy
Last updated July 2026
1. Who we are
Token ("we", "us", or "our") operates the website at token.fyi and related services. We provide secure document sharing rooms with client-side encryption. We act as the data controller for all personal data processed in connection with our service.
2. What data we collect
We collect the following categories of personal data:
- Account data — your email address, provided when you create an account via magic-link login.
- Workspace data — the name and company name of your workspace, and any logo you upload.
- Shared document metadata — file names, file sizes, MIME types, and room settings (expiry, access controls) you configure.
- Acceptance records — when a recipient signs an NDA or legal document to access your room, we record their name, email, company, address, signature (typed name or drawn image), IP address, browser user agent, and the time of signing. For rooms gated by an uploaded legal document, we also record a fingerprint (SHA-256 hash) of the exact document that was signed.
- Gate documents — when a room owner attaches a legal document (PDF) that recipients must sign before entering the room, we store that document as uploaded so we can show it to recipients before they enter. Unlike room files, it is not client-side encrypted.
- Access logs — timestamps and IP addresses of recipients who view or download documents from your rooms.
- Cookie data — a signed session cookie to keep you logged in, and an access token cookie when you open a shared room.
Important: Files you upload are encrypted client-side (AES-256-GCM) before they reach our servers. We never have access to the plaintext of your files or the passwords used to protect them.
3. How we use your data
- To create and manage your account and workspace
- To deliver shared documents to recipients you invite
- To record NDA acceptances and access logs you request
- To notify you about document activity via email (when you opt in)
- To operate, secure, and improve our service
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
4. Encryption
All files uploaded to Token are encrypted client-side using AES-256-GCM with a key derived from your chosen password (PBKDF2, 250,000 iterations). This means:
- The server stores only the encrypted blob and key-derivation parameters.
- We cannot decrypt your files without your password.
- If you lose your password, encrypted files cannot be recovered.
One exception: a legal gate document attached by a room owner is stored as uploaded (not client-side encrypted), because recipients must be able to read it before they enter the room.
5. Data retention
We retain your personal data for as long as your account is active. You may delete your account and all associated data at any time from your workspace settings. Upon deletion, we remove:
- Your user account and workspace
- All rooms, files, and access logs in your workspace
- All NDA acceptance records associated with your workspace
Deletion is permanent and cannot be undone. Data removed from our active systems may persist in backups for up to 30 days before being overwritten.
6. Your rights
You have the following rights over your personal data:
- Access — request a copy of all personal data we hold about you.
- Deletion — delete your account and all associated data at any time from your workspace settings page.
- Portability — request a copy of your workspace data by emailing us before deleting your account.
- Correction — update your email, workspace name, or company name at any time.
To exercise any of these rights, log in to your account and visit your workspace settings, or contact us at privacy@token.fyi.
7. Cookies
We use only functional, necessary cookies:
- Session cookie — keeps you logged in. HttpOnly, signed with HMAC-SHA256. Automatically removed when you log out.
- Access token cookie — set when you open a shared room using an owner link. HttpOnly. Used to manage room access.
- Email verification cookie — set for 30 minutes after you verify your email with a one-time code, for rooms that require a signed legal document. HttpOnly.
We do not use advertising cookies, analytics cookies, or any tracking pixels. We do not honor "Do Not Track" signals as we do not track across sites.
8. Third-party processors
We use the following third-party services to operate Token. Each is a data processor acting only on our instructions:
- Railway — hosting, compute, database, and encrypted file storage. Privacy Policy
- Twilio SendGrid — transactional email delivery (OTP codes). Privacy Policy
We may update this list if we change service providers. Updates will be posted on this page.
9. Data security
We implement industry-standard technical and organisational measures to protect your personal data, including:
- TLS encryption in transit (HTTPS everywhere)
- AES-256-GCM encryption at rest for all uploaded files
- HMAC-SHA256 signed session cookies
- Access logging and anomaly detection
- Least-privilege access controls for our own team
10. Children
Token is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at privacy@token.fyi and we will delete it promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page with a revised "Last updated" date. For material changes, we will notify you by email if you have an active account.
12. Contact
For any questions about this Privacy Policy or to exercise your rights, contact us at:
privacy@token.fyi