Privacy Policy

Introduction

Claudaborative Cloud is a hosted AI editing service for WordPress. This policy explains what data we collect, how we use it, who we share it with, and how long we keep it.

We aim to collect only what's necessary to provide the service and to be transparent about what happens with your data.

Information We Collect

Account information

When you sign up, we store your email address to identify your account. If you subscribe to a paid plan, we also store your Stripe customer ID and subscription status — but never your payment card details.

WordPress site credentials

To connect to your WordPress site, we store your site URL, WordPress username, and a WordPress application password. The application password is encrypted at rest using AES-256-GCM. It is only decrypted in memory during an active editing session and discarded when the session ends.

Content processed by AI

When you use an editing command (proofread, review, edit, translate, compose, or pre-publish check), the relevant content from your WordPress post is sent to the Anthropic Claude API for processing. We temporarily store the conversation history (your content, AI responses, and tool calls) to support multi-turn interactions. This data is typically deleted within 24 hours.

Usage data

We log each AI API call with the command type, model used, token counts, calculated cost, and duration. This data is used for billing calculations and enforcing monthly usage limits. It does not include the content of your posts or AI responses.

Authentication tokens

Magic link tokens are hashed (SHA-256) before storage and expire after 15 minutes. Session cookies contain a signed JWT with your account ID and expire after 7 days.

How We Use Your Information

• Authentication: your email is used to send magic link sign-in emails.
• AI editing: your post content is sent to the Anthropic API to perform the editing commands you request.
• Billing: your email and subscription data are shared with Stripe to manage your subscription.
• Usage limits: usage logs are used to calculate your monthly costs and enforce spending limits.

Third-Party Services

We share data with the following third-party services to operate Claudaborative Cloud:

We do not use any analytics, error tracking, or advertising services. There are no tracking cookies or third-party scripts beyond Google Fonts.

Data Storage & Security

• All data is stored in a secure database on our servers.
• WordPress application passwords are encrypted at rest using AES-256-GCM with a server-side key.
• Magic link tokens are hashed with SHA-256 — the original token is never stored.
• Session cookies are signed JWTs, marked httpOnly, secure, and sameSite=Lax.
• Payment card details never touch our servers — Stripe handles all payment information directly.

Data Retention

Your Rights

You can:

• Delete your sites from the dashboard at any time. This removes the site's credentials, usage logs, and any stored conversation data.
• Request account deletion by contacting us at [email protected]. This permanently removes all your data, including all connected sites and their associated records.
• Log out to clear your session cookie immediately.

Cookies

We use a single session cookie for authentication. It contains a signed JWT with your account ID. We do not use tracking cookies, advertising cookies, or any other cookies.

Changes to This Policy

If we make changes to this policy, we'll update the "last updated" date at the top. We encourage you to review this page periodically.

Contact

If you have questions about this privacy policy or your data, contact us at [email protected].