Privacy Policy

Last Updated: October 19, 2025

Effective Date: October 19, 2025

1. Introduction

Welcome to ClaudeKit. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our products and services.

ClaudeKit ("we," "us," or "our") operates the website https://claudekit.cc and provides Claude Code starter kits for developers.

1.1 Controller Information

For the purposes of data protection laws, ClaudeKit is the data controller responsible for your personal information.

1.2 Contact Information

For privacy questions or to exercise your rights:

• Email: hello@claudekit.cc
• Discord: https://claudekit.cc/discord
• Website: https://claudekit.cc

2. Information We Collect

2.1 Information You Provide

Account & Purchase Information:

• Full name
• Email address
• GitHub username (for repository access)
• Country/region (for tax purposes)

Payment Information:

• Credit card details (collected by Polar.sh)
• Bank transfer details (collected by Sepay for Vietnam payments)
• Billing address
• Transaction history

Communications:

• Support emails and messages
• Discord community interactions
• Survey responses and feedback

2.2 Automatically Collected Information

Usage Data:

• Pages visited on our website
• Time spent on pages
• Click behavior and navigation paths
• Referral sources
• Device information (browser type, OS, screen resolution)
• IP address
• Session duration

Analytics & Cookies:

• Google Analytics (GA4) tracking for site usage
• Umami Analytics for privacy-focused tracking
• Essential cookies for authentication and preferences
• No third-party advertising cookies

2.3 Information from Third Parties

OAuth Providers:

• GitHub account information (username, email) if you use GitHub OAuth

Payment Processors:

• Payment confirmation and transaction status from Polar.sh and Sepay

3. How We Use Your Information

We use your information to:

3.1 Provide Services

• Process and fulfill your orders
• Send GitHub repository invitations
• Deliver email confirmations and receipts
• Provide customer support
• Manage your account and access

3.2 Improve Services

• Analyze website usage and user behavior
• Identify bugs and performance issues
• Develop new features and improvements
• Conduct research and analytics

3.3 Communicate

• Send order confirmations and updates
• Request GitHub username if not provided
• Notify about repository invitation status
• Send important service updates
• Respond to your inquiries and support requests

We do not send marketing emails unless you explicitly opt-in.

3.4 Comply with Legal Obligations

• Maintain transaction records for tax compliance
• Respond to legal requests and court orders
• Prevent fraud and abuse
• Protect our rights and property

4. Legal Basis for Processing (GDPR)

For users in the EU, EEA, and UK, we process your personal data based on:

4.1 Contractual Necessity

Processing necessary to provide our services, including order fulfillment and repository access.

4.2 Consent

• Marketing communications (if opted in)
• Optional analytics and tracking
• Survey participation

4.3 Legitimate Interests

• Fraud prevention and security
• Website analytics and improvements
• Customer support and service quality

4.4 Legal Obligations

• Tax compliance and financial record-keeping
• Response to lawful requests
• Data breach notifications

5. How We Share Your Information

5.1 Service Providers (Processors)

We share your data with trusted third-party service providers who process data on our behalf:

GitHub (Microsoft Corporation)

• Purpose: Repository hosting and access management
• Data Shared: GitHub username, repository invitations
• Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

Polar.sh

• Purpose: Global payment processing (credit cards, PayPal)
• Data Shared: Name, email, payment details
• Privacy Policy: https://polar.sh/legal/privacy

Sepay (SePay JSC)

• Purpose: Vietnam bank transfer payments
• Data Shared: Name, email, bank transfer details
• Privacy Policy: https://sepay.vn/privacy.html

Resend

• Purpose: Transactional email delivery
• Data Shared: Name, email address, order details
• Privacy Policy: https://resend.com/legal/privacy-policy

Google Analytics (GA4)

• Purpose: Website analytics and usage tracking
• Data Shared: Anonymized usage data, device information
• Privacy Policy: https://policies.google.com/privacy
• Opt-out: https://tools.google.com/dlpage/gaoptout

Umami Analytics

• Purpose: Privacy-focused website analytics
• Data Shared: Anonymized usage data (no personal information)
• Privacy Policy: Self-hosted, no cookies, privacy-first
• Note: No personal data collected or shared

Vercel

• Purpose: Website hosting and infrastructure
• Data Shared: Usage logs, performance metrics
• Privacy Policy: https://vercel.com/legal/privacy-policy

Discord (Optional - Internal Notifications)

• Purpose: Internal sales notifications for our team
• Data Shared: Order details (for internal monitoring only)
• Note: Personal data is not logged or stored in Discord

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity. You will be notified via email of any such change.

5.3 Legal Requirements

We may disclose your information to:

• Comply with legal obligations
• Respond to court orders and subpoenas
• Cooperate with law enforcement
• Protect our rights, property, and safety
• Prevent fraud or illegal activity

5.4 With Your Consent

We may share your information for purposes not listed here if you provide explicit consent.

We do not sell your personal data to third parties.

6. International Data Transfers

ClaudeKit is based in Vietnam. Your personal data may be transferred to and processed in:

• Vietnam (primary operations)
• United States (hosting, payment processing, email services)
• European Union (analytics, if using EU-hosted services)

6.1 Safeguards for International Transfers

For transfers outside the EU/EEA, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Service providers' data protection certifications

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

7.1 Retention Periods

Account Data:

• Active accounts: Indefinitely (while you have access)
• Deleted accounts: 30 days grace period for recovery

Order Records:

• 7 years from purchase date (tax and financial compliance)

Email Communications:

• 2 years from last communication

Support Tickets:

• 2 years from resolution

Website Analytics:

• 26 months (Google Analytics default)
• 12 months (Umami Analytics)

Payment Data:

• Processed and stored by payment processors (Polar.sh/Sepay)
• Not stored on ClaudeKit servers

7.2 Data Deletion

After retention periods expire, we securely delete or anonymize your data. You may request earlier deletion (see Section 8).

8. Your Rights & Choices

8.1 GDPR Rights (EU/EEA/UK Users)

If you are located in the EU, EEA, or UK, you have the following rights:

Right to Access

• Request a copy of your personal data
• Understand how we process your information

Right to Rectification

• Correct inaccurate or incomplete data
• Update your account information

Right to Erasure ("Right to Be Forgotten")

• Request deletion of your personal data
• Subject to legal retention obligations

Right to Restrict Processing

• Limit how we use your data
• Temporarily suspend processing

Right to Data Portability

• Receive your data in a structured, machine-readable format
• Transfer your data to another service

Right to Object

• Object to processing based on legitimate interests
• Opt-out of marketing communications

Right to Withdraw Consent

• Withdraw consent at any time (for consent-based processing)
• Does not affect lawfulness of prior processing

Right to Lodge a Complaint

• File a complaint with your local data protection authority

8.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know

• What personal information we collect
• How we use and share your information
• Categories of data and sources

Right to Delete

• Request deletion of your personal information
• Subject to legal exceptions

Right to Correct

• Request correction of inaccurate personal information

Right to Opt-Out of Sales/Sharing

• We do not sell or share your personal information for advertising
• This right does not apply to ClaudeKit

Right to Limit Sensitive Data Use

• We do not use sensitive personal information beyond what's necessary

Right to Non-Discrimination

• We will not discriminate against you for exercising your privacy rights

8.3 How to Exercise Your Rights

Email Request:

• Send your request to: hello@claudekit.cc
• Subject line: "Privacy Rights Request"
• Include: Your name, email, and specific request

Account Settings:

• Update your information in your account (when available)

Response Time:

• We will respond within 30 days (GDPR) or 45 days (CCPA)
• We may request verification of your identity

Verification Process:

• We may ask for additional information to verify your identity
• This protects your data from unauthorized access

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

9.1 Security Measures

Encryption:

• TLS 1.3 encryption for data in transit
• Encrypted database storage

Access Controls:

• Limited employee access to personal data
• Role-based access permissions
• Authentication and authorization controls

Infrastructure Security:

• Secure hosting with Vercel
• Database backups and redundancy
• Regular security updates and patches

Payment Security:

• PCI-DSS compliant payment processors (Polar.sh)
• We do not store credit card information

9.2 Security Practices

• Regular security audits and assessments
• Employee privacy and security training
• Incident response procedures
• Monitoring for suspicious activity

9.3 Data Breach Notification

In the event of a data breach affecting your personal data, we will:

• Notify you without undue delay
• Inform relevant data protection authorities within 72 hours (GDPR requirement)
• Provide details about the breach and remediation steps

Note: While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the security of your account credentials.

10. Cookies & Tracking Technologies

10.1 Types of Cookies We Use

Essential Cookies:

• Session management and authentication
• Security and fraud prevention
• Required for website functionality

Analytics Cookies:

• Google Analytics (GA4) for usage statistics
• Umami Analytics (privacy-focused, no personal data)

We do not use:

• Advertising cookies
• Third-party tracking cookies for ads
• Social media tracking pixels

10.2 Cookie Management

Browser Controls:

• Configure cookie preferences in your browser settings
• Block or delete cookies at any time

Opt-Out Links:

• Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

Impact of Disabling Cookies:

• Essential cookies: Website may not function properly
• Analytics cookies: No impact on functionality

11. Third-Party Links

Our website may contain links to third-party websites and services:

• GitHub - Repository hosting
• Discord - Community support
• X (Twitter) - Social media
• Facebook - Social media

We are not responsible for the privacy practices of these third-party sites. Please review their privacy policies before providing personal information.

12. Children's Privacy

ClaudeKit products are intended for users 18 years of age or older. We do not knowingly collect personal information from children under 18.

If you believe we have collected information from a child under 18, please contact us immediately at hello@claudekit.cc, and we will delete the information.

13. California-Specific Disclosures

13.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, GitHub username)
• Commercial information (purchase history, transactions)
• Internet activity (website usage, analytics)
• Geolocation data (country/region from IP address)

13.2 Business or Commercial Purposes

We use personal information for:

• Order fulfillment and service delivery
• Customer support and communications
• Website analytics and improvements
• Fraud prevention and security
• Legal compliance

13.3 Categories of Third Parties

We share personal information with:

• Service providers (GitHub, Polar.sh, Sepay, Resend, Vercel)
• Analytics providers (Google Analytics, Umami)
• Payment processors

13.4 Do Not Sell My Personal Information

We do not sell your personal information. We have not sold personal information in the past 12 months.

13.5 Shine the Light

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. Since we do not share your information for third-party direct marketing, this request does not apply.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

14.1 Notification of Changes

Material Changes:

• Email notification at least 30 days before effective date
• Prominent notice on our website
• Summary of key changes

Non-Material Changes:

• Updated "Last Updated" date
• Posted on our website

14.2 Your Acceptance

Continued use of ClaudeKit services after changes take effect constitutes acceptance of the updated Privacy Policy.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

General Inquiries:

• Email: hello@claudekit.cc
• Discord: https://claudekit.cc/discord

Privacy Rights Requests:

• Email: hello@claudekit.cc
• Subject: "Privacy Rights Request"

Data Protection Officer (if required):

• Email: hello@claudekit.cc

Mailing Address: ClaudeKit Ho Chi Minh City Vietnam

---

Summary

We want to be transparent about how we handle your data:

✅ What we collect:

• Name, email, GitHub username
• Payment info (via secure processors)
• Website usage analytics

✅ How we use it:

• Fulfill your orders
• Send repository invitations
• Provide customer support
• Improve our services

✅ How we protect it:

• Encrypted data transmission and storage
• Secure payment processing
• Limited data access
• Regular security audits

✅ Your rights:

• Access, correct, or delete your data
• Opt-out of marketing
• Data portability
• File complaints with authorities

✅ What we don't do:

• ❌ Sell your personal data
• ❌ Use data for AI training (not applicable to ClaudeKit)
• ❌ Share data for third-party advertising
• ❌ Send marketing emails without opt-in

Questions? Contact us at hello@claudekit.cc

---

Thank you for trusting ClaudeKit with your data. We're committed to protecting your privacy and being transparent about our practices.