Shadow ClaudeShadow Claude

Privacy Policy

Last updated: March 15, 2026

Overview

Shadow Claude is designed with privacy as a core principle. Audio processing happens entirely on your device. We collect the minimum data necessary to provide the Service.

Data We Collect

Account Information

When you create an account, we collect your email address. If you sign in via Google or GitHub, we receive only your email from the OAuth provider.

Payment Information

Payment processing is handled entirely by Stripe. We store your Stripe customer ID but never your card number, CVV, or billing address.

Usage Data

We track token usage (input and output token counts) per billing period to enforce plan limits. We record which AI model was used and the request source (voice, screenshot, manual).

Resume and Job Description

If you upload a resume or job description, it is stored on our servers to personalize AI responses. You can delete this data at any time.

Data We Do NOT Collect

  • Audio data — All speech-to-text processing runs locally on your machine using Whisper AI. Your audio never leaves your device.
  • Screen content — Screenshots are processed in-memory and sent as text queries. Raw image data is not stored on our servers.
  • Telemetry — We do not collect analytics, crash reports, or behavioral tracking data.

How We Use Your Data

  • To provide and maintain the Service
  • To process payments and manage subscriptions
  • To enforce usage limits per your subscription plan
  • To personalize AI responses using your resume and job description
  • To send transactional emails (OTP codes, billing receipts)
  • To prevent abuse and enforce our terms

Third-Party Services

  • Anthropic (Claude AI) — Text queries are sent to Anthropic for AI response generation. Subject to Anthropic's Privacy Policy.
  • Stripe — Payment processing. Subject to Stripe's Privacy Policy.
  • Resend — Transactional email delivery for OTP codes.

Data Retention

Account data is retained while your account is active. If you delete your account, your personal data is soft-deleted and will not be accessible. Usage records may be retained in anonymized form for analytics.

Your Rights

You can:

  • Access your account data through the dashboard
  • Delete your resume and job description at any time
  • Delete your account entirely via account settings
  • Request a copy of your data by emailing [email protected]

Security

API keys are stored server-side only and never exposed to clients. Authentication tokens are stored in your operating system's secure keychain. All communication uses HTTPS. Refresh tokens implement rotation with compromise detection.

Changes to This Policy

We may update this policy from time to time. We will notify users of material changes via email. Continued use of the Service constitutes acceptance of the updated policy.

Contact

For privacy questions, email [email protected].