Privacy Policy

Overview

Claudaway is designed with privacy as a core principle. Your code, your prompts, and your terminal output are end-to-end encrypted and never pass through our servers.

What we don't collect

• Your code. All communication between your Mac and iPhone is encrypted with AES-256-GCM. We cannot read it.
• Your prompts. What you type or dictate to Claude Code stays between your devices.
• Your files. The file browser operates directly over the encrypted connection. We never see your filesystem.

What we collect

• Account info (if you create an account): email address for purchase receipts
• Purchase data: managed by Apple (App Store) and RevenueCat for subscription management. We receive subscription status but not payment details.
• Crash reports: anonymous crash data via Apple's standard crash reporting to help us fix bugs. No personal data included.
• Basic analytics: app open count, session duration (anonymized). No content, no prompts, no code.

Architecture

Claudaway uses a direct peer-to-peer connection via Cloudflare's quick tunnel service. The tunnel provides a public URL for your local server, but all data passing through it is encrypted with a shared secret that only your Mac and iPhone know. Cloudflare cannot decrypt the traffic.

Data storage

• On your Mac: A 32-byte secret key is stored at ~/.claudaway/secret with 0600 permissions. This is the encryption key for your sessions.
• On your iPhone: Pairing data (secret key, tunnel URL) is stored in iOS Keychain, protected by your device passcode and Secure Enclave.
• On our servers: Nothing. There is no backend server for the core product. Subscription management is handled by Apple and RevenueCat.

Third-party services

• Cloudflare: Tunnel relay (encrypted, they can't read the data)
• Apple: App Store, in-app purchases, crash reports
• RevenueCat: Subscription management

Data retention

We do not retain any user data on our servers because we have no servers storing user content. Purchase records are retained by Apple and RevenueCat per their respective policies. Crash reports are retained for up to 90 days via Apple's crash reporting service.

Children's privacy

Claudaway is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us and we will promptly delete it.

Your rights

You can delete all local data by removing the ~/.claudaway directory on your Mac and uninstalling the iOS app. There is no server-side data to delete (beyond what Apple and RevenueCat hold for purchase records).

For EU/EEA residents (GDPR)

You have the right to access, correct, delete, restrict processing of, and port your personal data. Since we store virtually no personal data, most of these rights are satisfied by default. For purchase-related data, contact Apple or RevenueCat directly. For any GDPR request, email privacy@claudaway.dev.

For California residents (CCPA)

We do not sell your personal information. We do not share personal information for cross-context behavioral advertising. You have the right to know what personal information we collect (see above — virtually none), request deletion, and opt out of any sale (there is none). Contact privacy@claudaway.dev for requests.

International transfers

Your encrypted tunnel data passes through Cloudflare's global network. Since the data is end-to-end encrypted with keys only your devices hold, the content cannot be accessed regardless of which jurisdiction the tunnel nodes are in.

Changes to this policy

We may update this policy. Material changes will be communicated via the app or website. Continued use after changes constitutes acceptance.

Contact

Questions about privacy? Email privacy@claudaway.dev.