This beta policy explains what TokenRoute processes while providing benchmark intelligence and route-decision evidence.
This privacy policy covers TokenRoute private beta use through the web app, API, benchmark workflows, and related support channels.
TokenRoute is designed as a benchmark intelligence system. It may process prompts, model outputs, scoring evidence, provider metadata, and usage events that you choose to submit.
Account data can include identity information provided through Clerk, such as email address, authentication provider, and session identifiers.
Project data can include tenants, projects, API key metadata, provider credential metadata, benchmark runs, prompts, model outputs, scores, route-decision evidence, exports, and usage activation events.
Operational data can include request metadata, error state, deployment evidence, cost estimates, provider status, and logs needed to secure and operate the service.
Provider credentials are intended to be stored in the configured secret backend. TokenRoute should not return raw provider keys after creation.
Credential metadata, validation state, provider name, and timestamps may be shown in the product so you can manage BYOK access.
We use project data to run benchmarks, score results, show trend intelligence, produce route-decision evidence, export benchmark packs, diagnose failures, and improve reliability.
During beta, customer benchmark intelligence is private by default. Public aggregate intelligence, cross-tenant reuse, or public leaderboards require a separate opt-in design and approval.
TokenRoute uses managed services for hosting, authentication, storage, and optional provider execution. Current production components include Azure, Clerk, GitHub, Cloudflare, and selected bring-your-own-key AI providers.
When you run a benchmark against an external model provider, prompt and context data needed for that benchmark may be sent to that provider under your provider account and provider terms.
Benchmark evidence is retained to provide history, trend analytics, exports, and route-decision provenance unless deleted under a future retention control or separate agreement.
Beta retention controls are still maturing. Do not upload regulated, highly sensitive, or production customer data unless you have confirmed the processing path is appropriate for your use case.
TokenRoute uses tenant/project scoping, hashed project API keys, secret-backed provider credential storage, and same-origin authenticated API bridging for protected app access.
No system is perfectly secure. Report suspected security issues through the support channel so they can be triaged quickly.
Privacy questions and beta data requests can be sent through the support channel listed on the Support page.
A production privacy/legal review may be required before broad public launch, paid plans, regulated workloads, or enterprise contracting.