Privacy Policy

1. What we collect

Account data

Your email address, hashed password, and the persona you select at signup (e.g., "myself", "small company"). We store this on our own infrastructure — we do not use a third-party identity provider.

Deployment and infrastructure data

When you deploy a project we store: the source repository URL or Docker image name, environment variable keys and encrypted values, container configuration (ports, memory, CPU limits), custom domain names, build logs, and deployment history. Environment variable values are encrypted at rest — we never log them in plaintext.

Chat and usage data

When you use the chat interface or API tools, we log your request and the action taken, along with the outcome (e.g., deployed, cancelled). Any secrets detected in requests are redacted before storage. These logs help us improve how accurately the platform understands natural-language instructions.

Analytics events

We collect behavioral events on our own platform (e.g., page visits, first deploy, upgrade clicks). Events are associated with a pseudonymous session identifier — not your email address. IP addresses are hashed before storage; raw IPs are never persisted.

Standard request metadata

IP address (hashed), user-agent, and timestamps — used for abuse prevention and rate limiting.

2. How we use it

• Operate the service — provision, run, and monitor your containers and databases
• Improve accuracy — improve how the platform understands natural-language requests so deployments get smarter over time
• Send essential emails — account verification, deployment alerts, billing receipts, and security notifications
• Detect abuse — identify account fraud, resource misuse, and attacks on the platform
• Aggregate analytics — understand how the product is used so we can prioritize improvements (we look at trends, not individual profiles)

We do not sell your data. We do not run advertising. We do not build ad-targeting profiles.

3. AI processing

Natural-language requests are processed by one or more AI inference providers (currently including Anthropic). Your prompts leave our servers to reach those providers' inference infrastructure. Each provider's data practices are governed by their own privacy policies — for Anthropic, see anthropic.com/legal/privacy.

We pre-process requests to strip detected secrets (API keys, tokens, connection strings) before they leave our servers. Do not put sensitive credentials in chat messages — use the Env tab on your resource instead.

4. Your workloads on our infrastructure

Your containers and databases run on our own infrastructure, isolated per tenant with encrypted environment variables. We can access container logs and file systems for operational purposes — incident response, health checks, and security patching.

We do not read the contents of your deployed applications beyond what is needed to operate the platform. Authorized platform staff access tenant resources only when required for support or incident response, and all such access is audit-logged.

5. Sharing and third parties

We share your data with third parties only in these cases:

• Anthropic — your prompts, as described in §3
• Email delivery — we route transactional email through an SMTP provider; the recipient address and subject are shared with that provider
• Payment processing — once billing is live, payment data flows through our payment processor (Stripe); we never store raw card numbers
• Legal obligations — if required by law, court order, or to protect the safety of users or the public
• Business transfer — if Cloud Claude is acquired or merges, your data may transfer to the new entity under the same privacy commitments

We do not use third-party analytics scripts (no Google Analytics, Mixpanel, Amplitude, Segment, etc.). All analytics are self-hosted on our own infrastructure.

6. Data retention

• Account data — kept until you delete your account, then purged within 30 days
• Deployment logs — 90 days rolling retention
• Intent / chat events — 90 days rolling retention; anonymized aggregates kept longer for model improvement
• Analytics events — 365 days, then automatically pruned
• Billing records — 7 years (legal requirement in most jurisdictions)

If we wind down the service, we will notify you by email and delete all personal data within 30 days of shutdown.

7. Your rights

You can do any of the following by emailing contact@cloud-claude.com:

• Access — request a copy of the personal data we hold about you
• Correction — ask us to fix inaccurate information
• Deletion — ask us to delete your account and associated data; we'll action this within 7 days
• Portability — request an export of your account data in a machine-readable format
• Opt-out of marketing — click unsubscribe in any marketing email or email us directly

If you're in the EU/EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

8. Security

Passwords are hashed; we never store them in plaintext. Environment variable values are encrypted at rest using industry-standard encryption. All data is stored on our own infrastructure with per-tenant isolation. Platform access by authorized staff is gated by role-based controls and audit-logged. Communication between your browser and our servers is encrypted via TLS.

Found a security issue? Please report it responsibly to contact@cloud-claude.com before public disclosure.

9. Cookies and local storage

We do not use tracking cookies. The session token that keeps you signed in is stored in your browser's local storage (not a cookie) and is never shared with third parties. We set a first-party cookie only for OAuth authorization flows and certain internal admin features; these are scoped to .cloud-claude.com and expire when your session ends or at most in 1 hour.

We use local storage to persist your anonymous analytics ID and first-touch UTM attribution. Clearing your browser storage resets these.

10. Children

Cloud Claude is not directed at children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us and we will delete it promptly.

11. Changes to this policy

We will notify you by email of material changes to this policy at least 14 days before they take effect. The date at the top of this page reflects the most recent revision. Continued use after the effective date constitutes acceptance.

12. Contact

Questions, requests, or concerns about this policy: contact@cloud-claude.com