Oversættelse af bekvemmelighedshensyn – ved uoverensstemmelser gælder den engelske version. The English version below is the legally binding version.
TokenTally Privacy Policy
*Version 1.1 — Effective 17 June 2026*
This Privacy Policy explains how TokenTally ("TokenTally", "we", "us") handles personal data in connection with our public website and our commercial/subscription platform (together, the "Site"). By using the Site, requesting installation, or completing checkout, you confirm you have read this Policy. It must be read together with our Terms of Use.
1. The most important point: the self-hosted Software
The TokenTally software is self-hosted. When a customer installs and runs it, any data that the customer or its users provide to, process, store, or generate using the Software ("Customer Data") stays inside the customer's own installation and is never transmitted to, accessed by, received by, or processed by TokenTally.
- For Customer Data, the customer is the data controller (and, where applicable, the processor). TokenTally is not a controller, processor, or sub-processor of that data because it has no access to it.
- Employees and other individuals whose data is processed inside a customer installation should direct privacy requests to their employer (the customer), which controls that data. TokenTally cannot access, retrieve, correct, or delete data held in a customer installation.
This Policy therefore covers only the limited "Commercial Data" we collect through the Site.
2. Who we are (controller)
TokenTally is the controller of Commercial Data collected via the Site. Contact: contact@nelio-tech.com. Where required by law, designate your EU/UK representative and Data Protection Officer before production use.
3. Commercial Data we collect
When you interact with the Site, we may collect:
- Account and order data you provide: company name, contact name, work email, phone (if given), company size, selected plan and billing period, and notes.
- Order and delivery records: subscription and license records, download references, and delivery events (status and timestamp).
- Legal acceptance records: the fact and time of your acceptance of the Terms of Use and Privacy Policy, the document versions accepted, and a network identifier (a hashed/fingerprinted IP address and user-agent), kept as proof of agreement.
- Technical data: IP address and user-agent (which we generally store only as a hashed fingerprint), and a language preference stored in your browser.
- Payment data (demonstration checkout): the current checkout is a demonstration and does not process a real card payment. TokenTally does not retain card numbers. When a live, PCI-DSS-compliant payment processor is connected, it handles card data under its own privacy terms.
We do not collect, through the Site, any data that a customer processes within its own installation of the Software. Such data never reaches us.
4. Why we use Commercial Data and our legal bases
| Purpose | Legal basis (GDPR Art. 6, where applicable) |
|---|---|
| Create and manage subscriptions, licenses, invoices, and installation requests | Performance of a contract / steps prior to a contract |
| Deliver the purchased downloads | Performance of a contract |
| Record and prove acceptance of the Terms and this Policy | Legal obligation; legitimate interests (evidence, fraud prevention) |
| Secure the Site and prevent abuse | Legitimate interests (security) |
| Respond to enquiries and provide support | Legitimate interests / contract |
| Comply with legal, tax, and accounting obligations | Legal obligation |
Where we rely on legitimate interests, you may object (see Section 9). We do not use Commercial Data for advertising profiling and we do not sell it.
5. Cookies and local storage
The Site does not use third-party advertising or tracking cookies. It stores a small amount of data in your browser (local storage) for functionality, such as your language preference and your purchase confirmation details. You can clear this at any time in your browser. Any strictly necessary or analytics storage we add will be disclosed and, where required, consented.
6. Sharing and disclosure
We share Commercial Data only with: (a) service providers that host or support the Site (such as infrastructure, email, and, where connected, a payment processor), under confidentiality and data-processing terms; (b) professional advisers, auditors, or authorities where legally required; and (c) a successor in a merger, acquisition, or asset sale, subject to this Policy. We do not sell personal data and do not share it for cross-context behavioral advertising.
7. International transfers
If Commercial Data is transferred across borders, we use a lawful transfer mechanism (such as the EU Standard Contractual Clauses or an adequacy decision) where required.
8. Retention
We keep Commercial Data only as long as necessary for the purposes above: subscription, license, invoice, and acceptance records for the life of the relationship and for the period required by tax, accounting, and limitation laws; technical and delivery records for a shorter operational period; and then we delete or anonymize it.
9. Your rights
Subject to applicable law (including the EU/UK GDPR, the CCPA/CPRA, PIPEDA, Morocco Law 09-08, and others), you may have the right to: access your data; correct or update it; delete it; restrict or object to processing; receive a portable copy; withdraw consent at any time (without affecting prior processing); and lodge a complaint with your supervisory authority. California residents may exercise CCPA/CPRA rights, including to know, delete, correct, and opt out of "sale"/"sharing" — note that we do not sell or share personal data as those terms are defined. To exercise rights regarding Commercial Data, contact contact@nelio-tech.com. For data inside a customer installation, contact the relevant customer (employer), which is the controller.
10. Security
We apply reasonable technical and organizational measures to protect Commercial Data. No method of transmission or storage is fully secure; we cannot guarantee absolute security.
11. Children
The Site and Software are for businesses and are not directed to children, and we do not knowingly collect children's data through the Site.
12. Changes
We may update this Policy. The current version and effective date are published on the Site; material changes take effect on publication, and your acceptance is required again at the next download.
13. Language
This Policy is published in English and may be offered in other languages for convenience. In case of conflict, the English version prevails to the maximum extent permitted by applicable mandatory local law.
This Policy is a template provided with the Software and is not legal advice. Have it reviewed and adapted by qualified counsel for your jurisdictions before production use. No policy can guarantee the complete elimination of legal risk.