Skip to content
ClauDesign

Privacy

Last updated May 3, 2026

ClauDesign is an independent project. It is not affiliated with, endorsed by, or sponsored by Anthropic. We're fans of Claude and Claude Code — the name reflects that, nothing more. Operating contact: [email protected].

The short version

We collect what's needed to sign you in, host your design systems, and send you transactional email. We don't sell your data. We don't run third-party advertising or analytics trackers. You can delete your account or unsubscribe from non-essential email at any time.

What we collect, and why

  • Account identity. If you sign in with GitHub, Google, or Apple, we receive your provider ID, email address (where shared), display name, and avatar URL. If you sign up with email + password, we store your email address and a salted PBKDF2 hash of your password — never the password itself. Used to authenticate you and attribute the design systems you publish.
  • Your design systems. The zip you upload, the assets it contains, the Markdown knowledge files (skill, readme, brand, changelog), and the metadata you set (name, version, public/private). Stored so we can serve them back to your agents on install.
  • Install events. When an agent fetches a design system, we record the system, version, a coarse timestamp, and a truncated user-agent string. Used to show you install counts on your dashboard and to size infrastructure. We do not link install events to user accounts.
  • Operational logs. The Cloudflare Worker that serves the API logs request paths, status codes, IP addresses (for rate limiting), and errors. These rotate automatically and are not used for profiling.

Where it's stored

Everything runs on Cloudflare's infrastructure: account and version metadata in Cloudflare D1, your design-system files in Cloudflare R2, and short-lived caches in Cloudflare KV. Read more about Cloudflare's data handling at cloudflare.com/privacypolicy.

Third parties we rely on

  • GitHub, Google, Apple — only when you choose to sign in with one of them. They share an account identifier and (where you've allowed it) your email and profile.
  • Cloudflare Email Service — sends our transactional email (verification, password reset, proposal notifications, welcome) from [email protected].
  • Resend — kept wired up as a backup email provider; not active under normal operation.

We do not run Google Analytics, Meta pixels, or third-party advertising trackers.

Cookies and sessions

We set one cookie: a signed JWT that keeps you logged in. It's marked HttpOnly, Secure, and SameSite=Lax. We don't use third-party cookies. Signing out clears it.

Email

We send two kinds of email:

  • Account & security (verification, password reset, password-changed notice). Required for the service to function — these are not optional.
  • Activity (welcome, proposal notifications, team invites). Each carries an unsubscribe link in the footer; one click and we stop.

Your rights

  • Access & export. Email [email protected] and we'll send you everything we hold about you.
  • Delete. Same address — we'll wipe your account and the design systems you've published. Public versions previously installed by other agents are immutable by design; only the link from your account is removed.
  • Unsubscribe from activity email at any time via the footer link in any such email, or by emailing us.

Children

ClauDesign is not directed at children under 13. We don't knowingly collect data from anyone under 13.

Changes to this policy

We'll update the "last updated" date above when this changes. For material changes (new categories of data, new third parties), we'll email registered users.

Contact

Questions or requests: [email protected].