Skip to content
Claude Yard

Privacy

TL;DR

Section titled “TL;DR”
  • Local-first. Your code, terminals, and session JSONLs never leave your machine unless you turn on Sync.
  • Hosted proxy is opt-out. If you’re signed in and haven’t pasted your own API keys, AI calls go through our Cloudflare Worker. We never log request/response bodies — only token counts + outcome codes for cap accounting.
  • Sync is opt-in. Each workspace has its own Sync toggle.
  • No cookies, no tracking pixels, no third-party analytics.

Data processors

Section titled “Data processors”

If you sign in and use hosted features:

ProcessorWhat it seesWhy
ClerkEmail, name, sign-in eventsAuthentication
Cloudflare WorkersBearer JWT, request URL, your prompts in transitHosted proxy
AnthropicYour prompts, model responsesLLM calls
DeepgramAudio framesVoice transcription
CartesiaText to speak, audio bytes returnedText-to-speech
SupabaseSession JSONLs (only if Sync on)Cross-device session sync

If you bring your own keys, Anthropic / Deepgram / Cartesia see your data directly — Cloudflare and our proxy are not in the path.

What we log

Section titled “What we log”

Per request through the hosted proxy:

  • Coarse Clerk user identifier (HMAC-hashed, 128-bit truncated)
  • Provider name and model id
  • Token counts (input, output, cached)
  • Outcome (ok, 402, 429, 5xx, auth_failed)
  • Wall-clock duration
  • Coarse IP prefix (/24 for IPv4, /64 for IPv6) — only on auth failures

We do not log:

  • Prompt text or response text
  • Audio bytes
  • Anything that lets us reconstruct your conversations
  • Your full IP address

Logs are retained:

  • Usage data: 90 days
  • Auth audit events: 1 year (regulatory)
  • Admin actions (tier changes, kill switch flips): 1 year

Local data

Section titled “Local data”

The app keeps state in ~/.multi-claude/:

  • app-config.json (or app-config.dev.json) — your API keys, hosted proxy URL
  • settings.json — your preferences
  • seen.json — read/unread tracking per session
  • notebooks/ — observer’s per-session notes
  • agent-logs/ — full LLM call logs (kept for debugging)
  • server.log — server activity log

These never leave your machine. To wipe them: quit the app, then rm -rf ~/.multi-claude/.

Your rights

Section titled “Your rights”
  • Export — email support@claudeyard.com and we’ll send your hashed usage data within 14 days.
  • Delete — same address. We delete your Clerk profile, Supabase rows (if any), and any non-aggregate logs within 30 days.
  • Object to processing — sign out, remove the app, you’re done. Nothing is retained client-side past app removal.

Changes

Section titled “Changes”

We’ll bump the version on this page whenever the data flow changes. Last updated: 2026-04-13.