Privacy Policy

This Privacy Policy describes how SecureLLMs.org LLC, a Virginia limited liability company with a principal place of business at 919 N Lincoln Street, Arlington, Virginia 22201 (“Company,” “we,” “us”), collects, uses, and protects personal information when you use the TokenTrader service, including the tokentrader.devwebsite, our command-line tools and plugins, and our advertiser portal (collectively, the “Service”).

Because trust is the entire product, we want to be explicit about what never leaves your machine:

• We do not collect the content of your prompts. No questions you ask Claude Code, no code you write, no files you open.
• We do not collect Claude's responses.The assistant's output stays between you and Anthropic.
• We do not collect keystrokes or screen contents.
• We do not collect the contents of files in your project.

The TokenTrader plugin is deliberately designed so that none of this information is available to our servers in the first place.

If you install the TokenTrader plugin and sign in, we collect:

• Account identifiers. Your username and a stable identifier from the trusted third-party identity provider you use to sign in.
• Device public key. A cryptographic public key generated on your machine the first time you use the plugin. The corresponding private key never leaves your machine.
• Impression events. For each ad we display, we record the ad identifier, a timestamp, a cryptographic signature from your device, and a small amount of metadata used for fraud detection. We do not record what you were doing, what you were asking Claude Code, or what was on your screen.
• Ledger entries. Credit you have earned and any gift card redemptions you have made.
• Diagnostic information. When the plugin contacts our servers, we receive standard HTTP metadata (IP address, plugin version, user agent) for the purposes of operating the Service and detecting abuse.

If you create an advertiser account, we collect:

• Account information. Your name, email address, company name, and any API keys or session tokens issued to you.
• Campaign information. The ad copy you submit, the budget and tier you select, and the performance metrics for each campaign (impressions delivered, spend, pacing).
• Payment information. Payments are processed by Stripe, Inc. We do not store your full payment card details on our servers. We receive a payment confirmation and a non-sensitive reference from Stripe, which we store to reconcile the campaign.
• Diagnostic information. Standard HTTP metadata as described above.

We use the information we collect to:

• Operate, maintain, and improve the Service.
• Verify that ad impressions are authentic and pay the correct developer for each verified impression.
• Detect, investigate, and prevent fraud and abuse.
• Process payments, issue gift cards, and comply with tax and accounting obligations.
• Communicate with you about your account, campaigns, or important changes to the Service.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell or rent your personal information. We do not use your information for behavioral advertising on other platforms.

We share personal information only with the following categories of recipients, and only as needed to operate the Service:

• Payment processors. Stripe, Inc., to process advertiser payments.
• Hosting and infrastructure providers. Cloudflare, Inc. (CDN and web hosting), Supabase, Inc. (database hosting), and Fly.io, Inc. (application hosting).
• Identity providers. The third-party identity provider you choose when signing in. We rely on them to authenticate you.
• Gift card vendors. Third-party vendors who fulfill gift card redemptions. When you redeem, the vendor receives the minimum information needed to deliver the gift card.
• Professional advisors. Attorneys, accountants, and auditors, under confidentiality obligations.
• Law enforcement. When required by valid legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Successors. In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality and the protections of this Policy.

The advertiser portal sets a session cookie to keep you logged in after you sign in. This cookie is strictly necessary to operate the portal and is not used for advertising or cross-site tracking. The developer-facing landing page and plugin do not set any cookies on your browser.

We retain personal information for as long as needed to operate the Service, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Specifically:

• Account records are retained for the life of the account plus a reasonable period afterwards.
• Impression records are retained long enough to support reconciliation, fraud investigation, and tax reporting, and then aggregated or deleted.
• Payment records are retained for the period required by applicable tax and accounting law.

Depending on where you live, you may have rights in respect of your personal information, including the right to access, correct, delete, or export your information, the right to restrict or object to certain processing, and the right to withdraw consent. To exercise these rights, contact us at michael@securellms.org. We will respond within the time required by applicable law.

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we have collected, the right to delete it, the right to correct it, and the right not to be discriminated against for exercising any of these rights. We do not “sell” or “share” personal information as those terms are defined under California law.

Residents of the European Economic Area and the United Kingdom have rights under the General Data Protection Regulation and the UK GDPR, including the rights listed above and the right to lodge a complaint with a supervisory authority.

We take reasonable administrative, technical, and physical measures to protect personal information against loss, misuse, and unauthorized access, including encryption in transit, least-privilege access controls, and monitoring for unusual activity. No security program is perfect, and we cannot guarantee absolute security.

We operate the Service from the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States and in any other country where our service providers operate. By using the Service, you consent to these transfers.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, contact us and we will delete it.

We may update this Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on the Service and updating the “Last updated” date. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

Questions about this Policy, or requests to exercise your rights, can be directed to:
SecureLLMs.org LLC
919 N Lincoln Street
Arlington, VA 22201
michael@securellms.org