vøiddo

tokcount privacy.

specific to the tokcount browser extension. read in plain language exactly what stays on your device, what touches our servers, and what never leaves your browser.

last updated: 2026-04-23

overview

this policy describes the data practices of tokcount, a browser extension built by vøiddo. it complements the global vøiddo privacy policy with extension-specific detail required by chrome web store, firefox add-ons, and microsoft edge add-ons.

what we collect

nothing personal. tokcount counts characters in the chat composer of supported ai sites and converts the count to an estimated token count and dollar cost. it never reads chat history, never reads your prompts after you send them, and never reads other tabs. we do not collect names, browsing history, page contents, form contents, keystrokes, mouse movements, screenshots, or any analytics events. we do not have a third-party analytics sdk in this extension. there is no telemetry endpoint.

what we store locally on your device

the extension uses your browser's chrome.storage.local and IndexedDB APIs to remember:

  • your last 200 measurements (model, token count, cost, timestamp, optional project name) — used to draw the popup history
  • your license key, if you have entered one
  • your overlay preferences (position, dark/light, opacity)
  • your daily / weekly / monthly budget caps, if you have set any
this data never leaves your machine. uninstalling the extension deletes all of it.

network endpoints we contact

the extension makes outbound network requests only to:

  • voiddo.com/tools/tokcount/pricing.json — refreshed once per hour, returns the public model price table. no request body, no cookies.
  • scrb.voiddo.com/api/v1/ext/license/tokcount — only when you have entered a license key. request body is your key + literal string "tokcount". response is {valid, plan, expires_at}. no other data sent.
we do not contact any other server. we do not load remote scripts. we do not bundle a tracking pixel.

license keys

if you upgrade to a paid tier, the tokcount api receives your license key (a short opaque string like TC-XXXX-XXXX-XXXX) and the timestamp of the check. this is used solely to verify entitlement and to bump an activation counter we use to detect key sharing. we do not log your ip on these requests beyond the standard nginx access log (rotated, 30-day retention, not joined to any user table).

payments

purchases go through paddle.com, our merchant of record. paddle collects payment data (card number, billing address) directly — that data never touches our servers. we receive only the transaction id, subscription id, customer email, and the price tier you purchased.

permissions and what we use them for

see the dedicated tokcount page for the full permissions table. each permission is justified by a single concrete feature; nothing is requested speculatively.

children

our extensions are designed for developers, marketers, and power users. they are not intended for children under sixteen.

changes

the date at the top of this page reflects the current version. when we change what tokcount does on your device or which servers it talks to, the date updates and we publish a release note in the extension's store listing.

contact

questions about this policy or anything else about the extension: support@voiddo.com. expect a reply within one business day.