Privacy Policy

Last Updated: February 27, 2026

CW ("we," "us," "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect information when you use the CW conversational assistant at claudewill.io ("Service").

Key Point: We collect conversation data to improve CW. Your conversations are logged but not linked to your personal identity.

1. Information We Collect

When you use CW, we collect:

Conversation Content: Your messages to CW and CW's responses
Session Information: A randomly generated session ID created by your browser
Visitor Memory: A unique visitor token (UUID) stored in your browser's localStorage that persists across visits. This allows CW to recognize returning visitors.
Name Detection: If you share your name during conversation, CW may detect and store it to personalize future visits. This is stored in Supabase alongside your visitor token.
Session Summaries: When you leave the page, a brief summary of the conversation is generated and stored. On return visits, these summaries are included in CW's context so the conversation can continue naturally.
Technical Data: Hashed IP address (for abuse prevention), timestamps, token usage metrics
Metadata: Time of day conditions (dawn, clear, dusk, etc.) used to inform CW's tone

What We Don't Collect:

Browser fingerprints or tracking cookies
Location data beyond general timezone
Raw IP addresses (only cryptographic hashes)

Clearing Your Visitor Memory: You can clear your visitor token and all local data by clearing your browser's localStorage for claudewill.io. This will reset CW's memory of you. To also delete server-side data (conversation summaries, stored name), contact Derek using the information below.

2. How We Use Your Information

We use collected data to:

Improve CW: Analyze conversations to refine system prompts and response quality
Prevent Abuse: Detect spam, harassment, or attempts to bypass rate limits
Monitor Costs: Track API token usage to manage infrastructure expenses
Understand Usage: Analyze conversation patterns, common questions, and session lengths

We do not use your data for advertising, marketing, or selling to third parties.

3. Data Sharing & Third Parties

Your conversations are processed by the following third-party services:

Anthropic (Claude API): Processes messages to generate CW's responses. See Anthropic's Privacy Policy.
Supabase: Stores conversation logs. See Supabase's Privacy Policy.
Netlify: Hosts the service and routes traffic. See Netlify's Privacy Policy.

We do not sell, rent, or share your data with any other parties except:

When required by law (subpoena, court order)
To protect rights and safety (fraud, abuse, security threats)

4. Data Retention

Current Policy: Conversation data is retained indefinitely for service improvement.

Future Policy (to be implemented): Conversations will be deleted after 90 days unless flagged for quality review.

You may request deletion of your data at any time (see Your Rights below).

5. Your Rights

You have the right to:

Access Your Data: Request a copy of conversations associated with your session IDs
Delete Your Data: Request deletion of specific conversations or all data associated with your session IDs
Correct Your Data: Request correction of inaccurate information (though we collect minimal personally identifiable data)
Object to Processing: Request we stop processing your data (note: this means you cannot use the Service)

To exercise your rights: Contact Derek with your session ID(s) if known, or describe the conversation timeframe and content.

6. International Users

GDPR (European Union): If you're in the EU, you have additional rights under GDPR including data portability. Our legal basis for processing is legitimate interest (service improvement) and your consent through continued use.

CCPA (California): California residents have the right to know what data is collected and request deletion. We do not "sell" data as defined by CCPA.

Data is stored on servers in the United States. By using the Service, you consent to data transfer to the US.

7. Security

We implement security measures including:

HTTPS encryption for all traffic
IP address hashing (not storing raw IPs)
Secure environment variable storage
Rate limiting (20 requests/min per IP)
Regular security audits

However, no internet transmission is 100% secure. Use CW at your own risk and avoid sharing sensitive personal information.

8. Children's Privacy

The Service is not intended for users under 13 years old. We do not knowingly collect data from children under 13.

If you're 13-17, you must have parental consent to use this Service.

If we learn we've collected data from a child under 13, we will delete it immediately. Contact Derek if you believe this has occurred.

9. Cookies & Tracking

We do not use cookies.

Session tracking is done via client-side generated IDs stored in your browser's sessionStorage. These IDs:

Are created locally by your browser
Are not shared with third parties
Are deleted when you close the browser tab
Cannot track you across websites

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

For significant changes, we'll display a notice on the home page for 30 days.

Continued use of the Service after changes constitutes acceptance of the new policy.

11. Contact

Questions, concerns, or requests regarding this Privacy Policy? Contact Derek.

Response Time: We aim to respond to privacy inquiries within 7 business days.