Privacy Policy

Mitja Eichhorn, Brunnenstrasse 1, 10119 Berlin, Germany. Email: privacy@claudecode-kit.com.

This privacy policy applies to claudecode-kit.com and app.claudecode-kit.com (the "Service").

• ·Account information: Email address and name from Google OAuth when you log in.
• ·License data: License key (last 6 characters stored; full key hashed), plan, purchase date — provided by Lemon Squeezy on successful purchase.
• ·Project fingerprints: A derived identifier for each project directory where you install the kit. Not a path — a non-reversible hash.
• ·MCP usage logs: Tool invocation records (which tool, timestamp, license ID, project fingerprint). No tool input/output content is logged.
• ·Server logs: IP addresses and request metadata — kept for 30 days for security and fraud detection.
• ·Telemetry (opt-in only): Aggregate usage patterns if you opt in during onboarding. Never personally identifiable; opt-out at any time from the personal area.

• ·Contract performance (Art. 6(1)(b) GDPR): Account info and license data are needed to provide the Service you paid for.
• ·Legitimate interests (Art. 6(1)(f) GDPR): Server logs and usage records for security, fraud prevention, and abuse detection.
• ·Consent (Art. 6(1)(a) GDPR): Opt-in telemetry. You can withdraw consent at any time.

• ·Lemon Squeezy: Payment processing and merchant of record. Handles billing, VAT/sales tax, and payment data. We receive purchase events; we never see raw card data.
• ·Google (OAuth): Authentication provider. We receive your email and name; we do not receive your Google password or other Google data.
• ·Resend (planned): Email delivery for purchase confirmation, bootstrap URLs, and transactional messages. No marketing emails without explicit consent.
• ·Neon (Postgres): Database hosting. Your data sits on EU servers (AWS eu-central-1).
• ·Hetzner: MCP server hosting. Germany-based datacentre; your data does not leave the EU.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

• ·Account data: retained until you request deletion.
• ·License records: retained indefinitely for support and audit purposes; you may request deletion after cancellation.
• ·Server logs: 30 days.
• ·Opt-in telemetry: retained in aggregate (no personal linkage) after account deletion.

You have the right to:

• ·Access the personal data we hold about you (Art. 15)
• ·Rectify inaccurate or incomplete data (Art. 16)
• ·Request erasure ('right to be forgotten') where legally permissible (Art. 17)
• ·Receive your data in a portable format (Art. 20)
• ·Object to processing based on legitimate interests (Art. 21)
• ·Withdraw consent for opt-in telemetry at any time (Art. 7)
• ·Lodge a complaint with a supervisory authority — in Germany: Berliner Beauftragte für Datenschutz und Informationsfreiheit

To exercise any of these rights, email privacy@claudecode-kit.com. We handle requests manually for v1; we will respond within 30 days as required by GDPR.

All personal data is stored on EU-based servers: MCP server on Hetzner (Germany), database on Neon (AWS eu-central-1). Data does not leave the EU in normal operations.

We use strictly necessary cookies for login and CSRF protection. We do not currently use analytics or marketing cookies. See our full Cookie Policy.

We will notify active users by email before making material changes to this policy. The "Last updated" date at the top reflects the most recent revision.

privacy@claudecode-kit.com