Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.toktra.dev/llms.txt

Use this file to discover all available pages before exploring further.

Toktra is designed to give organizations visibility into AI tool usage without intruding on the content of those conversations. This page explains exactly what Toktra captures, what it never captures, and the controls employees have over their own data.

What Toktra captures

Toktra agents capture connection metadata — the observable facts about a network connection, not what was said in it.
Data pointExamplePurpose
Provider hostnameapi.openai.comIdentify which AI tool was used
Request byte count2,048 bytesEstimate input token count
Response byte count8,192 bytesEstimate output token count
Estimated token count~1,600 tokensBudget tracking and cost attribution
Timestamp2025-04-01T14:32:10ZUsage timeline and trend analysis
Device identifierlaptop-jsmith-001Associate usage with a managed device
User accountjsmith@company.comAttribute usage to an individual
Token counts are estimates derived from byte counts using provider-specific ratios. They are reconciled against provider admin APIs (OpenAI, Anthropic, Azure, Vertex) to produce authoritative counts.

What Toktra never captures

  • Prompt content — the text you type into ChatGPT, Claude, or any other provider.
  • Response content — what the model replies with.
  • Encrypted payloads — the agent reads only the SNI hostname from the TLS handshake header. The encrypted request and response bodies are never inspected.
  • Browser history or page content — the browser extensions capture only requests to known LLM provider endpoints, not general browsing activity.
This is enforced at the architecture level. The macOS Network Extension uses SNI detection — it physically cannot read the TLS payload. The Windows WFP driver operates the same way: observation of connection metadata only, with all traffic permitted through.

Privacy Hours

Privacy Hours let employees pause monitoring during windows they designate as personal time — lunch breaks, after-hours use, or any period when they don’t want their AI tool usage attributed to work activity. When an employee activates Privacy Hours:
  • The agent stops transmitting telemetry for the duration of the window.
  • No usage data is captured on the device during that period.
  • The employee’s scheduled hours (e.g., 12:00–13:00 daily) can be configured in the Toktra menu bar app on macOS or through the employee portal.
Privacy Hours configuration is managed by the employee, not the administrator. Admins can see that Privacy Hours are in use for a device, but cannot override or disable them.

Token Perks: dual-ledger personal usage

Token Perks is an optional feature that gives employees a personal AI usage budget separate from their corporate allocation. It is designed for employees who use AI tools for personal projects outside of work hours. The key design guarantee of Token Perks is a dual-ledger architecture: personal usage and corporate usage are kept completely separate from the moment they are generated. When an employee activates personal mode on their device:
  1. Usage events are tagged as personal and routed through a completely separate data pipeline — isolated from the corporate analytics stream.
  2. Personal usage data is encrypted with a per-user key. The user holds the key — even Toktra administrators cannot read individual personal usage records.
  3. Corporate administrators see only aggregate Token Perks statistics (e.g., total enrollment count, aggregate redemptions). They never see which prompts an employee sent or what responses they received.
Personal usage data is never included in corporate usage reports, policy evaluations, or budget enforcement. The two ledgers do not mix.

GDPR and CCPA compliance

Toktra’s data practices are designed to support GDPR and CCPA obligations: Data minimization — Toktra captures the minimum data necessary to provide usage visibility. No prompt content is ever stored. Data subject requests — Employees (data subjects) can submit access requests and erasure requests through Toktra’s DSAR pipeline. GDPR requests are processed within 30 days; CCPA requests within 45 days. Data retention — Administrators configure per-tenant retention policies. Personal usage data under Token Perks has a fixed 90-day TTL. Toktra provides data export in CSV and JSON formats. Employee notice — Before deploying Toktra, your organization should notify employees that LLM usage metadata will be collected. Toktra provides a customizable employee notice template in the compliance/ documentation package. Data residency — Enterprise tenants can configure data residency to store all telemetry in a specific AWS region (US, EU, AU, or CA) to meet local data sovereignty requirements.
Toktra’s SOC 2 Type II controls, DPIA documentation, and GDPR workflow documentation are available in the Compliance section of this documentation and through your account team.