Privacy Policy

Last updated: May 2, 2026

neokens ("we," "us," or "our") operates the neokens platform at neokens.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using the Service, you consent to the practices described herein.

1. Information We Collect

We collect information in the following categories:

1.1 Account Information

When you register for an account, we collect your email address, display name, and authentication credentials. If you sign up through a third-party provider (e.g., Google, GitHub), we receive the profile information you authorize that provider to share with us, which typically includes your email address and public profile name.

1.2 API Usage Data

When you make requests through the neokens API, we log the metadata necessary to operate the service, including request timestamps, model identifiers, token counts (prompt and completion tokens), credit consumption, and response status codes. We do not store the contents of your prompts or the AI-generated responses on our servers beyond the transient period required to relay your request to the upstream AI provider and return the response to you.

1.3 Payment and Billing Information

When you purchase credit packs, we collect billing details including your name, billing address, and payment method information. Credit card numbers and sensitive payment data are processed exclusively by our payment processor (Stripe) and are never stored on our servers. We retain only a tokenized reference and the last four digits for receipt and reconciliation purposes.

1.4 Device and Usage Information

We collect information about how you interact with the Service, including browser type, operating system, IP address, referring URLs, pages visited, and interaction timestamps. This data is collected through standard web technologies such as server logs and first-party cookies.

1.5 Communications

If you contact our support team, we collect the contents of your messages along with any attachments you provide. This information is used solely to respond to your inquiry and improve our support services.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To create, maintain, and secure your account
  • To process API requests and route them to the appropriate upstream AI provider
  • To calculate credit consumption and enforce credit balances
  • To process payments and issue refunds in accordance with our Refund Policy
  • To communicate with you about your account, billing, and service updates
  • To detect, prevent, and investigate fraud, abuse, or violations of our Acceptable Use Policy
  • To monitor and improve the performance, reliability, and security of the Service
  • To comply with applicable legal obligations

3. Data Retention

We retain your account information for as long as your account is active. If you delete your account, we will remove or anonymize your personal data within 30 days, except where retention is required by law. API usage logs (metadata only, not prompt or response content) are retained for 12 months for billing, abuse detection, and analytics purposes, after which they are permanently deleted. Payment records are retained for 7 years as required by tax and financial regulations.

4. Cookies and Tracking Technologies

We use first-party cookies and similar technologies to operate the Service:

  • Essential cookies: Required for authentication, session management, and security (e.g., session token, CSRF protection). These cannot be disabled.
  • Preference cookies: Store your theme and display preferences (e.g., dark/light mode). These are optional and can be cleared at any time.
  • Analytics cookies: Help us understand usage patterns through aggregated, anonymized metrics. We do not use third-party advertising trackers or cross-site tracking cookies.

You may manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

5. Third-Party Providers

We integrate with the following categories of third-party providers to deliver the Service:

5.1 Upstream AI Providers

When you make API requests, we relay your prompts to one or more of the following upstream AI providers based on the model you select. These providers process your prompts and generate responses according to their own privacy policies:

neokens acts as an intermediary and does not control the data practices of these upstream providers. We encourage you to review their privacy policies. We do not share your account credentials or payment information with these providers; we transmit only the prompt content and model parameters necessary to fulfill your request.

5.2 Payment Processor

Payment processing is handled by Stripe, Inc. Stripe processes your payment card data in compliance with PCI-DSS standards. neokens does not store raw card numbers on its systems. For details, see Stripe's Privacy Policy.

5.3 Infrastructure Providers

The Service is hosted on cloud infrastructure providers that may process limited personal data (such as IP addresses) in the course of delivering hosting services. We maintain data processing agreements with these providers to ensure appropriate safeguards.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

  • With upstream AI providers as described in Section 5.1, to fulfill your API requests
  • With our payment processor as described in Section 5.2, to process transactions
  • When required by law, such as in response to a subpoena, court order, or regulatory requirement
  • To protect rights and safety, when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of neokens, our users, or the public
  • In connection with a business transfer, such as a merger or acquisition, provided the acquiring entity agrees to honor this Privacy Policy

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data, subject to legal retention obligations
  • Portability: Request a machine-readable export of your personal data
  • Objection: Object to processing based on legitimate interests or for direct marketing
  • Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at our contact page or email [email protected]. We will respond to verifiable requests within 30 days. We may request additional information to verify your identity before fulfilling your request.

If you are a resident of the European Economic Area (EEA), you have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates the General Data Protection Regulation (GDPR).

8. Data Security

We implement industry-standard technical and organizational measures to protect your personal data, including TLS encryption for data in transit, encryption at rest for stored data, access controls, regular security assessments, and employee training. However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

The Service is operated from the United States, and your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate. If you are accessing the Service from outside the United States, you acknowledge that your data will be transferred to the United States. We rely on Standard Contractual Clauses and other appropriate safeguards where required to ensure adequate protection for international transfers.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date and, for significant changes, by sending an email to the address associated with your account. We encourage you to review this policy periodically.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: