Privacy Policy

CW ("we," "us," "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect information when you use the CW conversational assistant at claudewill.io ("Service").

Key Point: We collect conversation data to improve CW. Your conversations are logged but not linked to your personal identity.

1. Information We Collect

When you use CW, we collect:

• Conversation Content: Your messages to CW and CW's responses
• Session Information: A randomly generated session ID created by your browser
• Technical Data: Hashed IP address (for abuse prevention), timestamps, token usage metrics
• Metadata: Time of day conditions (dawn, clear, dusk, etc.) used to inform CW's tone

What We Don't Collect:

• Your name or email address
• Browser fingerprints or tracking cookies
• Location data beyond general timezone
• Raw IP addresses (only cryptographic hashes)

2. How We Use Your Information

We use collected data to:

• Improve CW: Analyze conversations to refine system prompts and response quality
• Prevent Abuse: Detect spam, harassment, or attempts to bypass rate limits
• Monitor Costs: Track API token usage to manage infrastructure expenses
• Understand Usage: Analyze conversation patterns, common questions, and session lengths

We do not use your data for advertising, marketing, or selling to third parties.

3. Data Sharing & Third Parties

Your conversations are processed by the following third-party services:

• Anthropic (Claude API): Processes messages to generate CW's responses. See Anthropic's Privacy Policy.
• Supabase: Stores conversation logs. See Supabase's Privacy Policy.
• Netlify: Hosts the service and routes traffic. See Netlify's Privacy Policy.

We do not sell, rent, or share your data with any other parties except:

• When required by law (subpoena, court order)
• To protect rights and safety (fraud, abuse, security threats)

4. Data Retention

Current Policy: Conversation data is retained indefinitely for service improvement.

Future Policy (to be implemented): Conversations will be deleted after 90 days unless flagged for quality review.

You may request deletion of your data at any time (see Your Rights below).

5. Your Rights

You have the right to:

• Access Your Data: Request a copy of conversations associated with your session IDs
• Delete Your Data: Request deletion of specific conversations or all data associated with your session IDs
• Correct Your Data: Request correction of inaccurate information (though we collect minimal personally identifiable data)
• Object to Processing: Request we stop processing your data (note: this means you cannot use the Service)

To exercise your rights, email: derek@dcs.bio with your session ID(s) if known, or describe the conversation timeframe and content.

6. International Users

GDPR (European Union): If you're in the EU, you have additional rights under GDPR including data portability. Our legal basis for processing is legitimate interest (service improvement) and your consent through continued use.

CCPA (California): California residents have the right to know what data is collected and request deletion. We do not "sell" data as defined by CCPA.

Data is stored on servers in the United States. By using the Service, you consent to data transfer to the US.

7. Security

We implement security measures including:

• HTTPS encryption for all traffic
• IP address hashing (not storing raw IPs)
• Secure environment variable storage
• Rate limiting (20 requests/min per IP)
• Regular security audits

However, no internet transmission is 100% secure. Use CW at your own risk and avoid sharing sensitive personal information.

8. Children's Privacy

The Service is not intended for users under 13 years old. We do not knowingly collect data from children under 13.

If you're 13-17, you must have parental consent to use this Service.

If we learn we've collected data from a child under 13, we will delete it immediately. Contact derek@dcs.bio if you believe this has occurred.

9. Cookies & Tracking

We do not use cookies.

Session tracking is done via client-side generated IDs stored in your browser's sessionStorage. These IDs:

• Are created locally by your browser
• Are not shared with third parties
• Are deleted when you close the browser tab
• Cannot track you across websites

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

For significant changes, we'll display a notice on the home page for 30 days.

Continued use of the Service after changes constitutes acceptance of the new policy.

11. Contact

Questions, concerns, or requests regarding this Privacy Policy:

Email: derek@dcs.bio
Website: dcs.bio

Response Time: We aim to respond to privacy inquiries within 7 business days.