Privacy Policy
Last updated: January 2026
Overview
CludCode is built with privacy by design. We collect only the minimum data necessary to provide the service. Your terminal traffic is end-to-end encrypted and we cannot read it. This policy explains exactly what data we collect, why, and how long we keep it.
Key Privacy Principles
- ✓Zero-knowledge encryption: All terminal traffic is encrypted in your browser. We cannot read your commands or output.
- ✓Minimal collection: We only collect data required to operate the service.
- ✓No selling: We never sell your data to third parties.
- ✓Data deletion: Delete your account and all your data is permanently removed.
Data We Collect
User Profile
Subscription and billing information only. We do not duplicate your email or name.
| Field | Purpose | Example |
|---|---|---|
| id | Unique identifier (links to auth) | a1b2c3d4-e5f6-... |
| stripe_customer_id | Link to Stripe for billing | cus_abc123... |
| subscription_plan | Current plan (free, pro, team) | pro |
| created_at | Account creation timestamp | 2026-01-15T10:30:00Z |
Note: Your email, name, and avatar are stored by your OAuth provider (GitHub/Google) and accessed only during login. We do not duplicate this data.
Registered Devices
Information about machines you connect to CludCode.
| Field | Purpose | Example |
|---|---|---|
| id | Unique device identifier | d1e2f3g4-h5i6-... |
| name | Display name you choose | Home MacBook Pro |
| os | Operating system (for display) | darwin |
| arch | CPU architecture (for display) | arm64 |
| agent_version | Agent software version | 3.0.2 |
| status | Online/offline indicator | online |
| last_seen | Last connection timestamp | 2026-01-22T14:30:00Z |
| auth_token_hash | Hashed auth token (not plaintext) | sha256:e3b0c44... |
Note: Your encryption key is NOT stored on our servers. It exists only on your device and in your browser.
Session History
Connection metadata for usage tracking (not terminal content).
| Field | Purpose | Example |
|---|---|---|
| started_at | Session start time | 2026-01-22T14:00:00Z |
| ended_at | Session end time | 2026-01-22T15:30:00Z |
| duration_seconds | Session length | 5400 |
| client_ip | IP address for security/abuse | 203.0.113.xxx |
| client_user_agent | Browser info for debugging | Mozilla/5.0... |
Important: We do NOT log your terminal commands or output. Session data is connection metadata only.
Registration Tokens
Temporary tokens for device registration. Auto-deleted after use or expiry.
| Field | Purpose | Retention |
|---|---|---|
| token_hash | Hashed token (not plaintext) | 10 minutes or until used |
| expires_at | Expiration timestamp | 10 minutes after creation |
Operational Data
Technical data for service operation, automatically cleaned up.
| Data | Purpose | Retention |
|---|---|---|
| Rate limit counters | Prevent API abuse | 1 hour |
| Webhook event IDs | Prevent duplicate processing | 30 days |
What We DON'T Collect
- ✗Terminal commands: Your commands and output are encrypted end-to-end. We cannot read them.
- ✗Encryption keys: Generated on your device, never transmitted to us.
- ✗File contents: We have no access to files on your connected devices.
- ✗Screen recordings: No visual capture of your terminal sessions.
- ✗Behavioral tracking: No user tracking, cookies, or fingerprinting. We use Vercel Speed Insights for anonymous performance metrics only.
Third-Party Services
We use the following third-party services:
Supabase
Database and authentication. Your data is stored in their US-based infrastructure.
Privacy PolicyVercel
Web hosting and performance analytics (Speed Insights). Collects anonymous page load metrics.
Privacy PolicyData Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Device registrations | Until you remove the device or delete account |
| Session history | 90 days (planned) |
| Registration tokens | 10 minutes or until used |
| Rate limit data | 1 hour |
| Webhook records | 30 days |
Your Rights
You have the right to:
- Access: Request a copy of all data we have about you
- Correction: Update inaccurate information via the dashboard
- Deletion: Delete your account and all associated data
- Export: Export your data in a machine-readable format
- Restrict: Request we limit how we use your data
To exercise these rights, contact us at privacy@cludcode.com
Contact
Questions about this policy? Contact us: