Claudin.io
🇬🇧 English 🇪🇸 Español 🇫🇷 Français 🇨🇳 简体中文 🇯🇵 日本語 🇰🇷 한국어 🇮🇳 हिन्दी 🇷🇺 Русский 🇩🇪 Deutsch 🇮🇹 Italiano 🇧🇷 Português (BR) 🇵🇹 Português (PT)

Privacy Policy

Last updated: November 5, 2025

1. Introduction

Claudin.io respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information.

Privacy Commitment: We do not sell, rent, or share your personal data with third parties for marketing purposes. Your privacy is our priority.

2. Nature of the Service

IMPORTANT: We Are Just a Router

Claudin.io functions as a routing service (proxy) between your application and language model providers, primarily OpenRouter.

What this means:

  • We DON'T save your messages or conversations - Requests pass through our system only for analysis and routing
  • We DON'T train models with your data - We don't have our own models, we just direct to the best available ones
  • We DON'T store request content - Only statistical metadata (quantity, timestamp, model used)
  • Real-time processing - Your messages are processed and sent immediately to OpenRouter

3. Data We Collect

3.1. Account Data (GitHub OAuth)

  • GitHub username
  • Email associated with your GitHub account
  • GitHub avatar
  • GitHub unique ID
  • OAuth access token (encrypted)

3.2. API Keys

  • OpenRouter API key (stored encrypted with Fernet)
  • Claudin.io service key (SHA256 hash)
  • Key creation date

3.3. Usage Data (Statistical Metadata)

  • Number of requests made
  • Request timestamps
  • Models used
  • User tier/plan
  • Error information (for debugging)
We DON'T collect: Content of your messages, conversations, prompts, model responses, sensitive data from your application's end users.

4. How We Use Your Data

We use your data exclusively for:

  • Authentication and authorization - Verify your identity and manage access
  • Smart routing - Analyze request complexity and choose the best model
  • Limit enforcement - Control usage according to your plan
  • Billing - Process payments via Stripe (for paid plans)
  • Usage statistics - Show your dashboard with consumption metrics
  • Service improvement - Aggregated and anonymous analysis to optimize algorithms
  • Technical support - Investigate reported issues

5. Privacy in Third-Party Providers

IMPORTANT NOTICE: While Claudin.io does not save or train with your data, model providers (such as OpenRouter and underlying providers) have their own privacy policies that are NOT under our control.

OpenRouter and AI Models:

  • Some models may use data for training according to their policies
  • Each provider (OpenAI, Anthropic, Google, etc.) has its own policies
  • We recommend reviewing OpenRouter's privacy policy and individual providers
  • We have no control over how third parties process your data

Useful links:

Models used

6. Data Sharing

We share data only with:

  • GitHub - For OAuth authentication (only necessary data)
  • OpenRouter - Your requests are sent through their API
  • Stripe - To process payments (paid plans)
  • Amplitude Analytics - Behavioral data, events, and sessions for analytics and session replay
  • Legal authorities - Only when legally required
We never sell your data to third parties, advertising agencies, or data brokers.

7. Data Security

We implement robust security measures:

  • Fernet encryption - API keys stored encrypted
  • SHA256 hash - Service tokens hashed
  • HTTPS/TLS - All communications encrypted in transit
  • OAuth 2.0 with PKCE - Secure authentication via GitHub
  • Internal secrets - Protection of communication between services
  • Cache with Redis - Only metadata, never sensitive keys
  • Security audit - Regular security testing

8. Data Retention

Data maintained while your account is active:

  • Profile information (GitHub)
  • API keys (encrypted)
  • Usage history (last 90 days)
  • Payment information (Stripe - retained according to tax regulations)

After account deletion:

  • Personal data is deleted within 30 days
  • Billing data retained for 7 years (tax requirements)
  • Aggregated and anonymous statistics may be retained

9. Your Rights (LGPD)

According to the General Data Protection Law (LGPD), you have the right to:

  • Access - Request a copy of your data
  • Correction - Update incorrect information
  • Deletion - Request removal of your data
  • Portability - Receive your data in structured format
  • Consent revocation - Withdraw usage authorization
  • Information - Know who has access to your data

10. Cookies and Tracking

We use only essential cookies for:

  • Maintain your login session
  • Store dashboard preferences
  • CSRF protection in forms

10.1. Analytics and Session Replay (Amplitude Analytics)

We use Amplitude Analytics with Session Replay to understand how our users interact with the service and improve the user experience:

  • Behavioral analytics - We track events and interactions to improve the product
  • Session Replay - We record user sessions (interactions, clicks, navigation) for debugging and UX improvement
  • Autocapture enabled - We automatically capture clicks, pageviews, and main interactions
  • Anonymized data - We use anonymization techniques to protect your privacy
  • GDPR and LGPD compliant - Amplitude complies with privacy regulations
  • Secure storage - Data stored on servers in the EU region
What we collect via Amplitude:
  • Pages visited and navigation
  • Interaction events (clicks, forms, actions)
  • Session data (duration, usage frequency)
  • Device and browser information
  • Approximate geographic location (country/city)
  • Session recordings (clicks, mouse movements, visual interactions)

Tracked events:

  • Page views and navigation
  • Clicks on important CTAs ("Connect OpenRouter", "Subscribe to Plan")
  • Management actions (copy/renew API key, cancel plan)
  • Conversions and purchase funnel (checkout initiated, purchase completed)
  • Automatic interactions captured by autocapture
  • Complete session recordings for UX analysis
Session Replay: We record user sessions including clicks, mouse movements, typing (sensitive fields are masked), and navigation to improve the product experience. You can disable this by contacting us.

More information about Amplitude privacy: amplitude.com/privacy

11. Minors

Claudin.io is not intended for minors under 18 years of age. If you are under 18, do not use our service. If we become aware that we have collected data from minors, we will delete it immediately.

12. Changes to this Policy

We may update this Privacy Policy periodically. Significant changes will be notified through the dashboard or registered email.

We recommend reviewing this policy regularly to be aware of how we protect your data.

13. Contact

To exercise your rights or ask questions about privacy, contact:

contato@claudin.io

14. Summary in Plain Language

In summary:
  • ✓ We're just a router - we don't save your messages
  • ✓ We don't train AI with your data
  • ✓ We only keep what's necessary (login, keys, statistics)
  • ✓ We encrypt sensitive data
  • ✓ We never sell your data
  • ⚠ We use Amplitude for analytics and session replay (we track behavior and record sessions)
  • ⚠ Third-party providers (OpenRouter, models, Amplitude) have their own policies

By using Claudin.io, you agree to this Privacy Policy and our Terms of Use.