Is TokenMix compatible with the OpenAI SDK?

Yes. TokenMix works with OpenAI-style SDKs. Set the base URL to https://api.tokenmix.ai/v1 and use model IDs from the Models page.

How many AI models does TokenMix support?

TokenMix provides a live model catalog covering chat, image, video, audio, and embedding models from leading AI labs. Check the Models page for the current supported list and pricing.

What payment methods does TokenMix accept?

TokenMix supports local and international top-up methods including Alipay, WeChat Pay, Stripe, Antom, and selected cryptocurrency payments where available. Cryptocurrency is accepted only as a top-up payment method and TokenMix does not provide crypto wallets, custody, exchange, transfers, on-chain settlement, or virtual asset services.

Do I need a credit card to start?

No. You can sign up and start with available complimentary credits when offered. When you need to top up, TokenMix supports a $1 minimum top-up and payment methods including Alipay, WeChat Pay, Stripe, Antom, and selected cryptocurrency payments where available.

How does pay-per-token billing work?

Usage is billed from your prepaid wallet. Token, image, audio, video, and request-based models use the rates shown for each model. You can review usage and spending records in the dashboard.

How can I monitor usage and availability?

Use the dashboard to review request logs, usage, spending, and API key activity. The public status page shows model availability information.

プライバシーポリシー

Privacy Policy

Last updated: March 29, 2026

Token Limited, a company incorporated in Hong Kong, operates TokenMix.ai. This Privacy Policy describes how TokenMix ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use the TokenMix.ai platform, API gateway services, and related services (the "Service"). We are committed to protecting your privacy and handling your data with transparency.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address;
Password (stored as a cryptographic hash; we never store plaintext passwords);
Display name (if provided);
Language and timezone preferences.

1.2 Payment Information

When you purchase credits, we collect and process:

Transaction amounts and timestamps;
Payment method type;
Transaction identifiers from payment processors.

Full payment card details (card numbers, CVV, etc.) are processed directly by our payment service providers and are never stored on our servers.

1.3 API Usage Data

When you make API requests, we collect:

Request metadata: timestamps, model identifiers, token counts (input and output), request latency, HTTP status codes;
API key identifiers (hashed);
Standard request logs do not store request or response body content. Where necessary for security investigation, abuse handling, support troubleshooting, payment disputes, or legal compliance, limited request and response records may be stored in encrypted, access-controlled internal archives; see Section 4 for details.

1.4 Device and Access Information

When you access the Service, we automatically collect:

IP address;
Browser type and version;
Operating system;
Referring URL;
Pages visited and features used;
Session duration and access timestamps.

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases as defined in GDPR Article 6:

Performance of a contract (Art. 6(1)(b)): Processing your account data, payment information, and API usage data is necessary to provide the Service as agreed in our Terms of Service.
Legitimate interests (Art. 6(1)(f)): We process device/access information and usage analytics to maintain service security, prevent abuse, improve the Service, and detect fraud. Our legitimate interests do not override your fundamental rights and freedoms.
Legal obligation (Art. 6(1)(c)): We retain payment records and certain account data as required by applicable tax, financial reporting, and anti-money laundering laws.
Consent (Art. 6(1)(a)): Where required, we obtain your consent for optional data processing such as marketing communications. You may withdraw consent at any time.

3. How We Use Your Information

We use the information we collect for the following purposes:

Service delivery: To operate, maintain, and provide the API gateway service, including routing requests, billing, and account management;
Billing and payments: To process transactions, maintain credit balances, generate invoices, and handle refund requests;
Security: To detect and prevent fraud, abuse, unauthorized access, and other security threats;
Service improvement: To analyze usage patterns, optimize routing performance, and improve the overall user experience;
Communications: To send service-related notifications (e.g., account alerts, billing confirmations, policy updates);
Compliance: To comply with applicable laws, regulations, and legal processes;
Support: To respond to your inquiries and provide technical support.

4. API Request Privacy

We understand that the content of your API requests and model responses may be sensitive. TokenMix separates standard operational logging from limited security archives:

4.1 Standard Request Logs

Operational metadata may be logged for billing, service operation, rate limiting, abuse prevention, troubleshooting, and dispute handling. This may include request IDs, model identifiers, token counts, cost, latency, status codes, timestamps, API key identifiers, client IP/ASN information, and sanitized error summaries.
Standard request logs do not store request or response body content, including prompts, completions, uploaded file contents, or generated outputs.

4.2 Limited Encrypted Internal Archives

Where necessary for security investigation, abuse handling, support troubleshooting, payment disputes, or legal compliance, limited request and response records may be stored in encrypted, access-controlled internal archives. Access to these archives is restricted to authorized personnel and used only for the purposes described above.

4.3 What We Do Not Do

We do not use your prompts, completions, or archived request content to train, fine-tune, or improve any AI models;
We do not sell, license, or share your API request content with third parties for advertising or data brokerage;
We do not provide routine manual review of API request content. Manual access, where it occurs, is limited to specific security, abuse, support, dispute, or legal-compliance cases.

4.4 Upstream Provider Processing

Your API request content is transmitted to the Upstream Provider whose model you selected for model inference. The Upstream Provider's own privacy policy and data handling practices apply to their processing of this content. We encourage you to review the privacy policies of the Upstream Providers whose models you use.

4.5 Playground (Chat Interface)

The Playground chat feature available on our website stores conversation history exclusively in your browser's local storage. This data is not transmitted to or stored on our servers as chat history. API requests made through the Playground are handled under the same logging and archive practices described above.

5. Data Retention

We retain different categories of data for different periods:

Account data: Retained for the duration of your active account. After account deletion, retained for a maximum of 2 years to comply with legal requirements and handle potential disputes, after which it is securely deleted;
Standard API request logs: Do not store request or response body content;
Limited encrypted request archives: Retained only as necessary for security investigation, abuse handling, support troubleshooting, payment disputes, and legal compliance under internal access controls;
API request metadata: Retained as operational and billing records for the period necessary to provide the Service, resolve disputes, maintain security, and comply with applicable legal obligations;
Payment and transaction records: Retained for 7 years (as required by financial and tax regulations);
Server access logs: Retained for 90 days;
Aggregated, anonymized analytics: Retained indefinitely (this data cannot be used to identify you).

When data reaches the end of its retention period, it is securely deleted or anonymized.

6. Data Sharing and Disclosure

We do not sell your personal information. We share your data only in the following circumstances:

6.1 Upstream AI Providers

When you make an API request, the request content (prompts) is transmitted to the selected Upstream Provider for model inference. This is a core function of the Service and is necessary to fulfill your request.

6.2 Payment Processors

Payment transaction data is shared with the payment processor you selected to process your purchase. If you choose cryptocurrency payments, transaction processing is handled by a third-party cryptocurrency payment provider; TokenMix does not provide crypto wallets, custody, exchange, transfers, on-chain settlement, token issuance, or virtual asset services.

6.3 Infrastructure Providers

We use third-party infrastructure providers to host and deliver the Service (see Section 7: Sub-Processors).

6.4 Legal Requirements

We may disclose your information if required to do so by law, or in good faith belief that such action is necessary to: comply with a legal obligation, protect and defend our rights or property, prevent fraud, or protect the safety of our users or the public.

6.5 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your personal information becomes subject to a different privacy policy.

7. Sub-Processors

We use third-party sub-processors in the following categories to provide the Service:

Cloud Infrastructure Provider (Asia-Pacific region) — Server infrastructure and hosting;
Cloudflare, Inc. (United States / Global) — CDN, DDoS protection, DNS, and frontend static hosting;
Payment Service Providers — Payment processing. The specific providers are displayed on our payment page and may include credit/debit card processors, Alipay (Ant Group), and WeChat Pay (Tencent);
Upstream AI Providers — AI model inference. The list of available providers is displayed on our models page.

Each sub-processor is contractually required to protect your data in accordance with applicable data protection laws. We maintain an up-to-date list of sub-processors and will notify users of any material changes.

8. Cookies and Tracking

We use a minimal set of cookies and similar technologies:

Authentication cookies: Essential for maintaining your login session. These are strictly necessary and cannot be disabled.
Preference cookies: Store your language and theme preferences for a better user experience.

The specific cookies we use are:

Cookie Name	Purpose	Duration	Type
token	Authentication session	7 days	Essential
locale	Language preference	1 year	Preference
theme	Dark/light theme preference	1 year	Preference

We do not use third-party tracking cookies, advertising cookies, or analytics platforms that track you across other websites. We do not engage in cross-site tracking or behavioral advertising.

Our Service does not respond to "Do Not Track" (DNT) browser signals because we do not engage in cross-site tracking. Regardless of DNT settings, your privacy is protected by our minimal cookie practices as described above.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption of data in transit (TLS 1.2+) and at rest;
Secure password hashing (bcrypt);
API key hashing (only the prefix is stored in readable form);
Regular security assessments and updates;
Access controls limiting employee access to personal data on a need-to-know basis;
DDoS protection and web application firewall.

While we take reasonable measures to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33;
Notify affected users without undue delay when the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34;
Provide details of the breach, including the nature of the data affected, the approximate number of individuals concerned, the likely consequences, and the measures taken or proposed to address the breach;
Document all breaches, including those that do not require notification, as part of our internal breach register.

User notifications will be sent via the email address associated with your account. We encourage you to keep your contact information up to date.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

11.1 GDPR Rights (EEA, UK, Switzerland)

Right of access (Art. 15): You may request a copy of the personal data we hold about you.
Right to rectification (Art. 16): You may request correction of inaccurate personal data.
Right to erasure (Art. 17): You may request deletion of your personal data, subject to legal retention requirements.
Right to restriction (Art. 18): You may request that we restrict the processing of your personal data under certain circumstances.
Right to data portability (Art. 20): You may request your personal data in a structured, commonly used, machine-readable format.
Right to object (Art. 21): You may object to processing of your personal data based on our legitimate interests.

To exercise any of these rights, please contact us at [email protected] with the subject line "GDPR Data Request." We will respond within 30 days. We may request verification of your identity before processing your request.

You also have the right to lodge a complaint with your local data protection authority.

11.2 Hong Kong PDPO Rights

If you are located in Hong Kong, you have rights under the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"), including:

Right of access (DPP 6): You may request access to your personal data held by us and be informed of the types of personal data we hold;
Right of correction (DPP 6): You may request the correction of any personal data that is inaccurate;
Right to opt out of direct marketing: You may at any time request that we cease to use your personal data for direct marketing purposes.

To exercise these rights, please contact us at [email protected] with the subject line "PDPO Data Request." We will respond within 40 days as required by the PDPO. A reasonable fee may apply for data access requests as permitted by law.

11.3 General Rights (All Users)

Access your data: View your account information, usage history, and transaction records through your dashboard;
Update your data: Modify your account information through your dashboard settings;
Delete your account: Request account deletion by contacting [email protected];
Export your data: Request an export of your data by contacting support;
Opt out of communications: Unsubscribe from non-essential emails using the link provided in each message.

11.4 Automated Decision-Making

We use automated systems for the following purposes:

Abuse detection: Automated monitoring of API usage patterns to detect and prevent violations of our Acceptable Use Policy;
Fraud prevention: Automated screening of payment transactions to identify potentially fraudulent activity;
Rate limiting: Automated enforcement of usage quotas and rate limits.

These automated systems may result in account suspension or restriction of access. If you believe an automated decision has been made in error, you have the right to request human review by contacting [email protected]. We will review the decision and respond within 15 business days.

12. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to promptly delete that information.

If you believe that a child under 13 has provided us with personal information, please contact us at [email protected].

13. International Data Transfers

Our servers are located in Hong Kong. If you access the Service from outside Hong Kong, your data will be transferred to and processed in Hong Kong. Additionally, your API request content may be transmitted to Upstream Providers whose infrastructure may be located in other jurisdictions.

For users in the EEA, UK, or Switzerland, we ensure that international data transfers are conducted in compliance with applicable data protection laws by relying on:

Standard Contractual Clauses (SCCs) approved by the European Commission;
Adequacy decisions where available;
Supplementary measures as necessary to ensure an equivalent level of protection.

You may request a copy of the applicable transfer mechanisms by contacting us at [email protected].

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to know: You may request details about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes of collection, and the categories of third parties with whom we share it.
Right to delete: You may request deletion of your personal information, subject to certain exceptions.
Right to correct: You may request correction of inaccurate personal information.
Right to opt out of sale/sharing: We do not sell or share your personal information as defined under the CCPA/CPRA.
Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, please contact us at [email protected] with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

Update the "Last updated" date at the top of this page;
Provide notice through the Service (e.g., via email or dashboard notification) at least 14 days before material changes take effect.

We encourage you to review this Privacy Policy periodically.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Website: tokenmix.ai
Data Protection Inquiries: For GDPR-related requests, email [email protected] with the subject line "Data Protection Inquiry."
PDPO Inquiries: For Hong Kong privacy-related requests, email [email protected] with the subject line "PDPO Data Request."