← Back to shop

Privacy Policy

Last updated: May 2026

1. Introduction

At TokenVault we respect your privacy. This policy explains what data we collect, how we use it, and what rights you have. It applies to every user of the site and service.

2. Data we collect

  • Account profile: user ID, username, and email — received when you sign in.
  • Purchase data: our internal order ID, the payment provider's invoice ID, the token pack you bought, the price, and the date.
  • Refund crypto address (optional): if you provide a wallet address for refunds, we store it so we can process a refund if one is needed.
  • API keys: we store the keys we issued to you so you can see them in the dashboard and so we can help with support.
  • Basic usage data: standard technical logs (IP address, browser type, access times) for security and troubleshooting.

3. What we don't collect

  • We do not store your payment details. Every payment runs through our payment provider — whether you pay by credit card or crypto, we only see the transaction status and amount, never your card or wallet details.
  • We do not collect the content of the queries you send to AI services through your API key.
  • We do not have access to your account password.

4. How we use data

  • Service delivery — associating purchases with your account, sending keys by email, showing the dashboard.
  • Customer support — looking up orders, handling refund requests.
  • Security — fraud detection, abuse handling, and blocking problematic accounts.
  • Legal obligations — keeping transaction records as required by applicable law.

5. Third parties

We rely on trusted third-party providers for authentication, payment processing, email delivery, and hosting. We share with them only the data needed to deliver the service, and each one has its own privacy policy.

6. Cookies

We use only essential cookies — to maintain your login state and protect session security. We don't use marketing or third-party tracking cookies.

7. Security

We use standard security practices: HTTPS for all traffic, API keys encrypted in transit, and only authenticated servers can reach the database. No system is 100% secure, but we make reasonable efforts to protect your data.

8. Data retention

We retain account and purchase data for as long as your account is active and for a reasonable period afterward (up to 7 years) to comply with legal and accounting obligations. You can request deletion subject to legal limits.

9. Your rights

  • Right of access — request a copy of the data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure — request account deletion (subject to legal limits).
  • Right to object — object to certain types of processing.

To exercise these rights, contact us on Telegram (@layletoken) with your account details.

10. Minors

The service is intended for users aged 18 and over. If you are under 18, parental or guardian consent is required.

11. Changes to this policy

This policy may be updated. The current version is always published on this page with an updated date. Material changes will be communicated by email or by an in-site notice.

12. Contact

For privacy questions, reach out to us on Telegram at @layletoken.

Telegram (@layletoken)