Methods and systems disclosed herein describe tokenizing data to generate a secure token that is limited in scope (e.g., directed to a specific recipient) and limited in time (e.g., valid for only a specified period of time). A detokenization process may be employed to recover encrypted data of the secure token without the need for any relational database lookup processes, thereby reducing cost while maintaining robust protection against unintended recipients that attempt to recover the encrypted data.