Skip to main content
Legal

Privacy Policy

Last updated: March 2026

1. Information We Collect

Account Information

When you sign in using OAuth providers (GitHub or Google), we receive and store:

  • Your name (as provided by the OAuth provider)
  • Email address
  • Profile picture URL
  • OAuth provider account ID

We do not receive or store your passwords. Authentication is handled entirely by your OAuth provider.

Usage Data

We collect engagement data to understand how the Service is used:

  • Plugin views and interactions
  • Search queries
  • Installation button clicks

If you are signed in and have an active Premium subscription, your search history is stored linked to your account for convenience. Search history is automatically deleted after 30 days, limited to 50 entries, and can be cleared manually at any time.

Payment Information

If you purchase a subscription or Sparks, payment processing is handled entirely by Stripe. We never receive or store your credit card details. We do store:

  • Stripe customer ID (to link your account to your Stripe profile)
  • Subscription status and billing period
  • Spark purchase records (quantity and amount)

Technical Data

For security and analytics, we collect:

  • IP address hash (one-way hashed, cannot be reversed to identify you)
  • User agent hash (browser type, anonymized)
  • Timestamps of interactions

We hash IP addresses and user agents to prevent individual identification while still being able to detect abuse patterns.

2. How We Use Information

We use collected information to:

  • Authenticate users and maintain sessions
  • Display personalized content (such as admin features for authorized users)
  • Process payments and manage subscriptions
  • Provide AI-powered plugin recommendations
  • Improve the Service based on usage patterns
  • Detect and prevent abuse, spam, and security threats
  • Generate aggregate, anonymized statistics

3. Data Retention

  • Account data: Retained while your account is active, deleted upon account deletion request
  • Session data: Sessions expire after 7 days of inactivity
  • Search history: Automatically deleted after 30 days, can be cleared manually at any time
  • Spark promotions: Expire automatically after 7 days
  • Payment records: Retained for legal and financial compliance purposes
  • Engagement data: Retained indefinitely in anonymized form for analytics

4. Third-Party Services

We use the following third-party services:

  • GitHub OAuth: For user authentication
  • Google OAuth: For user authentication (optional)
  • Stripe: For payment processing. Stripe handles all credit card data directly and is subject to its own privacy policy
  • OpenRouter: For AI-powered plugin recommendations. Only plugin content is sent to OpenRouter, never your personal data
  • Vercel: Hosting, infrastructure, and anonymized page view analytics
  • Neon: Database hosting

Each third-party service has its own privacy policy governing their data practices.

5. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under GDPR:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, you can sign out of your account and your session data will be cleared. For account deletion or data export requests, please email contact@claudepluginhub.com.

6. Cookies

We use the following types of cookies and local storage:

  • Essential cookies: Session cookies to maintain your authentication state. These are required for the Service to function.
  • Local storage:Your theme preference (dark/light mode) is stored in your browser's local storage, not as a cookie.

7. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete such information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our hosting providers maintain appropriate safeguards to protect your data in accordance with applicable data protection laws.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting to this page. We encourage you to review this page periodically for any changes.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at contact@claudepluginhub.com.