PRIVACY POLICY
Effective Date: April 1, 2026
Last Updated: April 1, 2026
Token Dynamics Inc. (“GenFlow,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data. This Privacy Policy describes how we collect, use, disclose, and secure information that identifies or is associated with you (“Personal Information”) in connection with our website, APIs, and AI-powered generation tools (the “Services”).
By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your Personal Information as described in this Privacy Policy and our Terms of Service.
1. CATEGORIES OF INFORMATION WE COLLECT
We collect information through three primary channels: information you provide, information collected automatically, and information from third parties.
A. Information You Provide Directly
- Account Identifiers: Full name, username, email address, and password.
- Commercial Information: Purchase history, subscription tier, and credit balance. While payment is handled by third parties, we keep a record of your transaction ID and billing preferences.
- User Content (Input/Output): We collect the text prompts, source images, and video clips you upload (“Input”), as well as the resulting images and videos generated by our AI (“Output”). This includes any metadata associated with these files.
- Customer Support & Communications: Records and copies of your correspondence if you contact us regarding technical issues or feedback.
B. Information Collected Automatically
- Device and Log Data: IP address, browser type, device identifiers (UDID/IMEI), operating system, and mobile network information.
- Usage Analytics: Clickstream data, time spent on specific features, latency metrics, and "Prompt" history to optimize server allocation.
- Cookies and Tracking: We use both "Essential" cookies (for login) and "Analytics" cookies (to understand site traffic). You can manage these via your browser settings.
C. Information from Third Parties
- Social Sign-On: If you link your Discord, Google, or GitHub account, we receive your public profile information (e.g., avatar, verified email).
2. HOW WE USE YOUR PERSONAL INFORMATION
We process your data based on several legal grounds: Contractual Necessity, Legitimate Interests, and Legal Obligation.
- To Provide the Services: Managing your account, processing payments for credits/subscriptions, and delivering AI-generated content.
- Service Optimization: Monitoring system health, troubleshooting "Mintlify" or API errors, and improving the responsiveness of our Nano Banana models.
- Safety and Integrity: Reviewing User Content to ensure compliance with our Prohibited Conduct policy (e.g., preventing the generation of CSAM or non-consensual deepfakes).
- Marketing: Sending you updates about GenFlow features, promotional offers, or news from Token Dynamics Inc. (You may opt-out at any time).
3. AI MODEL TRAINING AND DATA USAGE
A core part of GenFlow’s service involves the use of machine learning.
- Improvement of Models: We may use anonymized or de-identified Input and Output to train, fine-tune, and improve our proprietary AI models.
- Opt-Out Rights: We respect the privacy of your creative work.
- Free/Standard Tier: Content may be used for model improvement.
- Pro/Enterprise Tier: Users may opt-out of having their content used for training via the "Privacy Settings" in their dashboard.
- Human Review: In rare cases (e.g., to debug a failure or investigate a safety violation), a limited number of authorized employees may review specific User Content.
4. DISCLOSURE AND SHARING OF DATA
We do not "sell" your personal information in the traditional sense of exchanging it for money. We share data only as follows:
- Service Providers: Cloud hosting (AWS/Google Cloud), database management, and payment processing (Stripe). These partners are contractually bound to protect your data.
- Business Partners: If you access GenFlow through a third-party platform (like CastarAI), we may share usage data to facilitate the integration.
- Legal Compliance: To comply with federal or state laws, respond to a valid subpoena, or protect the rights and safety of Token Dynamics Inc. or our users.
- Corporate Events: In the event of a merger, acquisition, or bankruptcy, your data may be transferred as a business asset.
5. YOUR PRIVACY RIGHTS (CCPA/GDPR COMPLIANCE)
Depending on your jurisdiction, you may have the following rights:
- The Right to Know: Request a list of the categories of data we collect and the specific pieces of information we hold.
- The Right to Delete: Request that we erase your personal data, subject to certain legal and accounting retentions.
- The Right to Correct: Request corrections to inaccurate account information.
- The Right to Data Portability: Receive your data in a structured, machine-readable format.
- The Right to Opt-Out of Automated Decision Making: Request human intervention in processes that significantly affect your legal status.
To exercise these rights, email [email protected] with the subject "Data Privacy Request."
6. DATA SECURITY AND RETENTION
- Security Measures: We utilize industry-standard AES-256 encryption for data at rest and TLS 1.3 for data in transit. We conduct regular vulnerability scans.
- Retention Policy: * Account Data: Retained for the life of the account. * User Content: Retained as long as necessary to provide your history, or until you manually delete the assets. * Payment Records: Retained for 7 years to comply with US tax laws.
7. CHILDREN’S PRIVACY (COPPA)
GenFlow is strictly for users 18 and older. We do not knowingly collect information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it immediately and terminate the account.
8. INTERNATIONAL DATA TRANSFERS
Token Dynamics Inc. is headquartered in the United States. If you are accessing our Services from the EEA, UK, or Switzerland, please note that your data will be transferred to the US. We use Standard Contractual Clauses (SCCs) to ensure a level of protection equivalent to your home jurisdiction.
9. CALIFORNIA PRIVACY NOTICE (NOTICE AT COLLECTION)
This section applies solely to California residents under the CCPA/CPRA:
- We collect identifiers, commercial information, and internet activity.
- We do not "sell" personal information.
- We do not "share" personal information for cross-context behavioral advertising.
- We do not use or disclose "sensitive personal information" for purposes other than those permitted by the CCPA.
10. CONTACT INFORMATION
For questions about this Privacy Policy or to submit a formal inquiry, please contact:
Postal address
1500 N Grant St Ste R Denver CO 80203 US
Read our GENFLOW TERMS OF SERVICE for the rules governing your use of Genflow.