This privacy policy applies to the TokenFlow OTP API, customer portal, and related services operated by Infydex (collectively, the "Service"). Infydex is referred to as the "Service Provider".
When you use TokenFlow as a business customer or API integrator, we may collect:
We use collected information to provide and operate the OTP API, deliver messages via WhatsApp and Telegram, authenticate portal users, enforce rate limits, investigate abuse, comply with legal obligations, and communicate about your account or service.
We do not sell personal data. We may share data with infrastructure providers that host our systems, messaging platform providers required to deliver OTPs, and authorities when required by law. All processors are bound by contractual obligations consistent with this policy.
OTP audit logs and related delivery metadata are retained for operational and security purposes. Account data is retained while your organization maintains an active relationship with us and for a reasonable period thereafter unless a longer retention period is required by law. You may request deletion subject to legal and contractual requirements.
Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data, and to data portability. To exercise these rights, contact us at otpspace.support@gmail.com.
We apply technical and organizational measures to protect data, including encryption in transit, hashed credentials, and access controls. No method of transmission or storage is completely secure.
Data may be processed in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers.
TokenFlow is a B2B service not intended for individuals under 16.
We may update this policy from time to time. Material changes will be posted with an updated effective date.
This privacy policy is effective as of 2026-07-14
Questions about this policy: otpspace.support@gmail.com