ClaudeFolio

Privacy Policy

Last updated: April 22, 2026

ClaudeFolio ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit https://claudefolio.com (the "Website"). By using the Website, you consent to the practices described in this policy.

1. Information we collect

Information you provide

  • Email address (account registration, sign-in, delivery of magic-link emails).
  • Profile information you choose to share: username, display name, bio, avatar, links to your social profiles.
  • Project submissions: title, tagline, description, live URL, GitHub URL, demo URL, screenshots, thumbnail, stack tags, categories, build metrics, proof link.
  • Votes and comments you post.
  • Newsletter and digest subscription preferences.
  • Any message you send us.

Information collected automatically

  • IP address and approximate location (country or region).
  • Browser type and version, device type, operating system.
  • Pages viewed, time on site, and interaction data.
  • Referring website or traffic source.
  • Cookies and similar tracking technologies (see Section 6).

Information from third-party authentication

We support passwordless magic-link email sign-in, email + password sign-in, and third-party sign-in via Google, Facebook, and Apple. When you use a social provider, we receive limited profile data (name, email address, profile picture URL) in accordance with the provider's policies. We do not access private content, contacts, or unrelated account data.

Automatic Newsletter Enrollment on Signup

When you create a ClaudeFolio account, your email address is automatically added to our newsletter list so you can receive periodic updates about product features, builder interviews, reported data pieces, the Folio of the Week, and site news. You can unsubscribe at any time using the one-click link in any newsletter email or from your account Settings page. Unsubscribing from the newsletter does not affect transactional emails (account verification, password resets, reply notifications, and moderation notices), which are required for the service to function.

2. How we use your information

  • Create and manage user accounts.
  • Operate, maintain, and improve the platform.
  • Send magic-link emails, notifications, and the weekly digest.
  • Surface relevant builders and projects and personalize your experience.
  • Detect and prevent fraud, abuse, and spam.
  • Analyze usage patterns and platform performance in aggregate.
  • Comply with legal obligations.

We do not sell your personal information to third parties.

3. Legal basis for processing (GDPR / UK GDPR)

For users in the European Economic Area and the United Kingdom, we process data based on: performance of a contract (providing the service); legitimate interests (security, analytics, platform improvement); legal compliance; and consent where required.

4. California privacy rights (CCPA / CPRA)

If you are a California resident, you have the following rights:

  • Right to know. Request disclosure of what personal information we collect, use, and share about you.
  • Right to access. Request a copy of the personal information we hold about you.
  • Right to delete. Request deletion of your personal information, subject to certain legal exceptions.
  • Right to correct. Request correction of inaccurate personal information.
  • Right to opt-out of sale. We do not sell personal data; you do not need to opt out.
  • Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

Requests may be submitted to [email protected] or via our Data Deletion page. We will respond to verifiable requests within 45 days.

5. Children's privacy

ClaudeFolio is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact [email protected] and we will delete the account and associated data.

6. Cookies, analytics, and tracking

We use the following categories of cookies and tracking technologies:

  • Essential (strictly necessary): session cookie (cf_session) for authentication and security tokens. These cannot be disabled without breaking the service.
  • Analytics: aggregated traffic, page-view, and performance metrics where enabled by site configuration. These are used to understand usage in aggregate, not to identify individuals.
  • Anti-abuse: Cloudflare Turnstile sets short-lived tokens to distinguish humans from bots on sign-in and submit.

You can disable non-essential cookies through your browser settings. Disabling essential cookies will log you out and break sign-in.

Do Not Track and Global Privacy Control

We honor the Global Privacy Control (GPC) signal as an opt-out of sharing personal information for cross-context behavioral advertising where applicable. We do not separately respond to Do-Not-Track (DNT) browser signals because there is no industry consensus on implementation.

7. Data retention

  • Account data (email, username, profile): retained while your account is active, plus up to 30 days after deletion to allow recovery from accidental deletion and to complete abuse investigations.
  • Projects, votes, comments: part of the public archive. On account deletion, authorship is replaced with "[deleted]" and bodies are redacted per our Data Deletion flow.
  • Newsletter subscriber records: until you unsubscribe, plus a suppression record (hashed email) retained indefinitely to honor your unsubscribe.
  • Server logs, audit logs, rate-limit records: typically 30 to 90 days, longer if retained as part of a security investigation.
  • Email delivery logs: retained by our email provider per their policy (typically 30 days).
  • Aggregated, anonymized analytics: may be retained indefinitely.

8. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal data: TLS in transit, HttpOnly/Secure session cookies, role-based access controls on administrative systems, private-network-only database connectivity, at-rest storage on provider-managed volumes, Cloudflare-fronted origin, and audit logging for administrative actions. No method of transmission or electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your sign-in email account secure.

9. Data breach notification

In the event of a data breach affecting your personal information, we will notify affected users without undue delay, and in any case within the timeframes required by applicable law (for example, within 72 hours for GDPR-covered breaches, or as required by state breach-notification laws in the United States). Notifications will describe the nature of the breach, the categories of data involved, the likely consequences, and the measures we are taking in response.

10. Third-party services

We rely on the following categories of processors to operate the service. Each processor handles data under its own published policies, and we share only the minimum data necessary.

  • Hosting and infrastructure (Hetzner, Cloudflare): server hosting, DDoS protection, CDN, and DNS.
  • Email delivery (Resend): transactional and digest email sending.
  • Object storage and CDN (Cloudflare R2): user-uploaded images (thumbnails, screenshots, avatars).
  • Anti-abuse (Cloudflare Turnstile): challenge-response to block automated abuse.
  • Authentication providers (Google, Facebook, Apple): identity verification when you choose social sign-in.

We do not sell your personal information to third parties, and we do not share personal information with third parties for their own marketing purposes.

11. International data transfers

Our primary infrastructure is located in the United States. If you access the Website from another country, your personal information may be transferred to, stored in, and processed in the United States and, where our processors operate globally, in other jurisdictions. Where required by law, we rely on Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms. By using the Website, you consent to such transfers to the extent permitted by applicable law.

12. Your choices

  • Unsubscribe from the digest: one-click via any digest email, or via Settings.
  • Update your profile: via your dashboard.
  • Delete your account: via the Data Deletion page.
  • Data requests: [email protected].

13. Third-party content and external links

ClaudeFolio hosts user-submitted projects and links to the builders' live sites and repositories. We are not responsible for the accuracy, completeness, or timeliness of user-submitted content or third-party sites. External links are provided for convenience only; we do not endorse, control, or assume responsibility for the content, privacy practices, or security of external sites. Please review the privacy policy of any third-party site before providing personal information.

14. No guarantee of service

We make no guarantee that the Website will be continuously available, error-free, or that any specific feature will be retained. To the fullest extent permitted by law, we disclaim liability for any inconvenience, loss, or damages arising from service interruptions, data loss, or changes to the platform. See our Terms for the full disclaimers and limitation-of-liability provisions that apply to this Policy.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and may provide additional notice (such as an email or in-site banner). Continued use of the Website after changes are posted constitutes acceptance of the updated Policy.

16. Contact

Privacy questions or rights requests: [email protected]. Legal matters: [email protected]. We aim to acknowledge privacy requests within ten business days and respond substantively within 45 days, with a possible extension of another 45 days where permitted by law.

See also: Data Use Policy, Data Deletion, Disclaimer, Terms.

Permalink