Your instance is your own
Your Token runs on its own server with its own storage. Your conversations, memory, and settings live there, separate from any other customer.Every conversation is sandboxed
Each request Token handles runs in its own locked-down session.Isolated
A session can only see its own conversation’s data, never another chat’s.
No open internet
Sessions cannot roam the web. They reach the outside world only through the
controlled gateway that enforces approvals.
Least privilege
Sessions run with minimal permissions and only read-only access to Token’s own
code.
The host decides
The AI proposes actions; the server checks and runs them. Policy is never left
to the AI.
Your credentials stay with the server
When you connect a tool, the credential is held by the server, encrypted, and never handed to the AI or included in what is sent to the model. When Token uses a tool, the server attaches the credential at the last moment, on the way out. The AI only ever sees that a tool succeeded or failed, not the secret behind it.What is stored
To give Token history and memory, your messages and any attachments are stored on your own instance, in its database and per-chat folders. You stay in control: admins can review activity with/token-audit and manage what
Token is allowed to do.
The AI model
Token uses Anthropic’s Claude models through their commercial API to generate replies, so your messages are sent to Anthropic to produce a response.Anthropic does not use data submitted through its commercial API to train its
models. See Anthropic’s commercial terms
for the authoritative details.