TokenPane

Legal

Data privacy

This notice explains how TokenPane processes personal data on the public landing page and in the TokenPane service.

Last updated: May 13, 2026

Controller

The controller is Marius Glauer, Averhoffstr. 26, 22085 Hamburg, Germany. You can contact TokenPane at hello@tokenpane.com for privacy requests.

What TokenPane processes

TokenPane is built for organizations that need a reliable register of employees, workspace members, invitations, and AI account assignments. Depending on how a workspace is used, the service may process the following categories of personal data.

  • Account and workspace data such as names, email addresses, roles, invitation status, authentication status, and organization membership.
  • Employee directory data such as display name, work email, department, job title, active status, and account ownership context.
  • AI account records such as provider, account email, plan, owner, status, last activity, usage summaries, invoice metadata, and credentials or OTP secrets only where an authorized admin adds them.

Landing page and cookies

When you visit the landing page, technical server logs may be processed to deliver the page, secure the service, and diagnose errors. Logs can include IP address, time, requested URL, browser information, and referrer. TokenPane also uses the NEXT_LOCALE cookie to remember the selected language. It is not used for advertising tracking.

Service use and legal bases

TokenPane processes service data to create accounts, operate workspaces, manage organization access, authenticate users, track AI account assignments, and support invoice or usage workflows requested by the workspace. The legal bases are contract performance, legitimate interests in secure and reliable service operation, legal obligations where retention is required, and consent where a feature explicitly asks for it.

  • Workspace admins are responsible for having permission to add employee and AI account information to TokenPane.
  • Credentials and OTP secrets should only be added when the workspace has authority to manage the corresponding AI account.
  • TokenPane does not sell personal data and does not use workspace data for advertising profiles.

Security

TokenPane uses technical and organizational measures intended to protect workspace data against accidental loss, unauthorized access, and misuse. Access is organization-scoped and role-aware. No internet service can guarantee absolute security, so workspace admins should use strong passwords, manage memberships carefully, and remove access that is no longer needed.

Processors and transfers

TokenPane may use infrastructure, database, email, storage, workflow, analytics-free diagnostics, and authentication providers to operate the service. If providers process personal data outside the European Economic Area, TokenPane uses appropriate safeguards such as adequacy decisions or standard contractual clauses where required.

Retention

TokenPane keeps personal data only as long as needed for the purposes described here, for the workspace configuration, for security and audit needs, or for legal retention obligations. Workspace data can be deleted when an organization is deleted, subject to backups, logs, and legal retention periods.

Your rights

Subject to the legal requirements, you may have rights to access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You may also lodge a complaint with a competent data protection supervisory authority.

  • For workspace data, TokenPane may need to coordinate with the organization that controls the workspace.
  • Requests can be sent to hello@tokenpane.com.
  • TokenPane may need to verify your identity before acting on a request.

Questions

For privacy questions, contact hello@tokenpane.com. This privacy notice may be updated when TokenPane changes features, providers, or legal requirements.