TokenFloor.AI Home

★ EUROPE'S EDGE

Privacy policy (Datenschutz)

As of 2026-05-28

1. Data controller (Verantwortlicher)

NC AGENTIC GmbH
Lilienstraße 11
D-20095 Hamburg
Germany
Email: dsb@startvisor.ai

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is NC AGENTIC GmbH as stated above.

2. General principles

We process personal data only to the extent necessary and always in accordance with the applicable legal bases under Art. 6 (1) GDPR:

  • Art. 6 (1) lit. a GDPR — where you have given consent to processing for one or more specific purposes.
  • Art. 6 (1) lit. b GDPR — where processing is necessary for the performance of a contract to which you are party, or to take steps at your request prior to entering into a contract.
  • Art. 6 (1) lit. f GDPR — where processing is necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by your fundamental rights and freedoms.

TokenFloor.AI is a read-only public information service. We collect no user accounts, no payment data, and run no advertising or analytics systems.

3. Server logs (Automatische Erfassung)

When you visit TokenFloor.AI, our web server automatically records the following data in server log files:

  • IP address (anonymised after 24 hours)
  • Browser type and version
  • Operating system
  • Date and time of the request
  • Pages and resources accessed (URL paths)
  • HTTP referrer (if transmitted by the browser)
  • HTTP status code and bytes transferred

These logs are retained for up to 30 days for the purposes of server security, abuse prevention, and error diagnosis, then deleted. Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in operating a secure service).

4. Cookies and local storage

TokenFloor.AI uses no tracking cookies, no third-party cookies, and no analytics or advertising cookies. There are no consent banners because there is nothing to consent to.

The only client-side storage used is a localStorage entry that remembers your preferred display currency (EUR by default). This value never leaves your browser and is not transmitted to our servers. You can clear it at any time via your browser's developer tools or by clearing site data.

5. In-browser tokenizer — architectural privacy guarantee

The tokenizer playground on TokenFloor.AI runs entirely within your browser using a WebAssembly (wasm) module. Token counts and cost estimates are computed locally on your device.

Prompt text, document content, and token counts are never transmitted to TokenFloor's servers or to any LLM provider from this site. This is a hard architectural guarantee: the wasm module has no network access and no code path sends your input anywhere. You can verify this via your browser's network inspector — no outbound requests are made when you use the tokenizer.

6. Contact by email

TokenFloor.AI does not operate a contact form. If you contact us by email at dsb@startvisor.ai, the email content and metadata (sender address, subject, timestamp) will be retained for processing your inquiry. Data will be deleted after the conversation is concluded, unless statutory retention obligations require longer storage. Legal basis: Art. 6 (1) lit. b and lit. f GDPR.

7. Sub-processors and external services

The following third-party services are used exclusively server-side by our infrastructure. None of these services receive or process visitor data. They operate on public datasets or internal data only.

Firecrawl Inc. (firecrawl.dev)

Purpose: Server-side scraping of public vendor pricing pages by the auto-refresh bot. Data processed: publicly accessible pricing pages from LLM provider websites. No visitor data is involved.

Anthropic PBC (anthropic.com)

Purpose: LLM-as-judge for refresh validation and editorial insight drafting. Data processed: scraped pricing data and internally generated draft text. No visitor data or prompt content is involved.

European Central Bank (ecb.europa.eu)

Purpose: Daily EUR foreign exchange reference rates fetched server-side for the currency converter. Data processed: public ECB reference rate dataset. No visitor data is involved.

Hetzner Online GmbH (hetzner.com)

Purpose: Hosting of the TokenFloor.AI web server and database in a German data centre. An order-processing agreement (Auftragsverarbeitungsvertrag) is in place. Hetzner processes server log data on our behalf as described in section 3.

8. Your rights (Ihre Rechte)

Under the GDPR you have the following rights with regard to personal data concerning you:

  • Right of access (Art. 15 GDPR) — you may request confirmation of whether we process personal data about you and, if so, access to that data.
  • Right to rectification (Art. 16 GDPR) — you may request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR) — you may request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR) — you may request that we restrict processing in certain circumstances.
  • Right to data portability (Art. 20 GDPR) — you may request your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR) — you may object to processing based on legitimate interests (Art. 6 (1) lit. f GDPR).
  • Right to withdraw consent (Art. 7 (3) GDPR) — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at: dsb@startvisor.ai

You also have the right to lodge a complaint with the competent supervisory authority:

Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22
20459 Hamburg
Germany

9. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, TokenFloor.AI uses SSL/TLS encryption for all connections. You can recognise an encrypted connection in your browser's address bar (https://) and by the lock icon. Data transmitted over an encrypted connection cannot be read by third parties in transit.

10. Changes to this policy

We may update this privacy policy to reflect changes in our services or applicable law. The current version is always available at this URL. Material changes will be indicated by an updated "As of" date. We recommend reviewing this page periodically.

Last updated: 2026-05-28