Privacy Policy

Effective May 11, 2026

Claude Recall is a local-first memory tool for Claude Code. Your sessions, your code, and your conversations stay on your machine. We built the product around that promise, and this policy reflects it. We are genuinely proud of how little we collect.

What we collect (and what we do not)

Free tier: nothing (with one opt-in exception)

If you use Claude Recall on the free tier, we collect zero personal information. No account, no email, no signup. You install it, you run it, and we never know you exist.

The single exception is the opt-in install ping: a monthly anonymous message you can choose to send so we can tell real installs from bot traffic. It contains no PII, no fingerprint, and no identity. Default is off. Full payload, source code, and opt-out instructions are documented at /telemetry.

Pro tier: purchase and activation only

When you purchase Claude Recall Pro (one-time payment, $49.69), we collect only what is necessary to process your payment and activate your license:

• Email and name, provided during checkout. Used for purchase receipts and refund communications.
• Payment information, processed entirely by Stripe. We never see, store, or have access to your card number.
• License key, generated at purchase and sent to your email.
• Machine fingerprint, a SHA-256 hash of your hostname, OS username, platform, and CPU architecture, computed locally and sent during activation to enforce the three-device limit and bind the license to your machine. We store only the one-way hash — your hostname and username are not recoverable from it.
• Activation timestamp, recorded once per device when you activate.

After activation, Claude Recall works offline forever. There are no recurring check-ins, no heartbeat pings, no silent phone-home calls.

What we never collect

This list is not aspirational. It is how the software is engineered.

• Your Claude Code session content (conversations, prompts, responses)
• Your code or repository contents
• File system paths beyond ~/.recall/ and ~/.claude/projects/
• Browsing behavior on the website (no analytics scripts are loaded)
• IP addresses (not logged on our server)
• Product telemetry, usage analytics, or feature tracking of any kind

The daemon binds to 127.0.0.1 only. It cannot accept connections from the network. Your original session files at ~/.claude/projects/ are strictly read-only; Claude Recall never modifies them.

How we use your information

For Pro users, we use the information described above for three purposes:

• Processing your purchase and sending your license key
• Validating your license activation (one outbound call, then offline)
• Sending transactional emails: purchase receipts and refund confirmations

For users in the European Economic Area (EEA) and United Kingdom, we process your personal information under the following legal bases: (a) contract performance, to process your purchase, generate your license key, and validate activation, as these are necessary to deliver the product you bought; (b) legitimate interest, to protect our website from abuse using Cloudflare Turnstile.

We do not sell, rent, or share your personal information with third parties. Not for advertising, not for analytics, not for any reason. Ever.

We may disclose personal information if required by law, subpoena, or court order. Because Claude Recall is local-first, we have no access to your session data, code, or conversations. We could not produce them even if compelled. For Pro users, the only information we could disclose is your email, license key, and activation records.

Developer outreach program (publicly observable data)

Separately from the product, we operate a small developer outreach program. If your public activity on developer platforms suggests you use Claude Code, we may send you a short introduction to Claude Recall. This section covers exactly what we collect, why it qualifies as legitimate interest under GDPR Article 6(1)(f), and how to opt out.

What we collect, and from where

We collect only data that is publicly accessible at the time we collect it. This is required to satisfy GDPR Article 14 transparency for indirectly-collected information. The fields and their sources:

• Public name and handle, from your public profile on GitHub (the great majority of our records), Hacker News, dev.to, or TikTok. We may also reference a public Twitter/X, Bluesky, or Stack Overflow handle that you have published in a profile bio or commit, used only to corroborate identity — we do not extract email addresses from those platforms.
• Public email address, only when you have made it publicly visible. In practice, the sources are: a public Git commit header (where you already published your email to share open-source work — this is by far our largest source); the email field of your public GitHub profile, when set; a Hacker News "Who is hiring" or "Who wants to be hired" post body; or a personal website that one of the public bios above links to.
• Public activity signals, such as a public repo containing a CLAUDE.md file, a public star of an Anthropic repository, a public comment or post mentioning Claude Code, or a public bio referencing AI tooling. We do not access private repos, private profiles, or private messages.
• Public bio and location, where you have published them, used to schedule sends inside your local business hours.

We do not buy mailing lists, we do not scrape behind logins, and we do not use any data that requires authentication or paid API access to retrieve. If you would like to verify where exactly your address came from, it is almost always traceable in the public commit history of one of your repositories or in the public profile fields you have set.

Why we process it (legal basis)

For recipients in the EEA, United Kingdom, and other GDPR-adequacy jurisdictions, we process this information under legitimate interest per Article 6(1)(f) GDPR. We believe a developer who publicly maintains a CLAUDE.md repository or publicly discusses Claude Code has a reasonable expectation of receiving a one-time, professionally relevant introduction to a Claude Code companion tool, and that this interest is balanced against the minimal intrusion of three emails maximum followed by permanent suppression on first objection. We have completed a written balancing assessment, available on request.

For recipients in the United States, this program complies with the CAN-SPAM Act of 2003, including identification of the sender, a valid physical postal address, and a functioning unsubscribe mechanism in every message.

For recipients in Canada, this program operates under the implied consent framework of CASL Section 10(9)(b) when the recipient has conspicuously published a business email address in connection with their work, and Section 10(9)(a) when the recipient has disclosed the email address to us in a context relevant to the offering.

What we send, and what we never send

A recipient receives at most three emails in this program: an initial introduction, a one-time follow-up roughly four days later, and a final break-up note roughly two weeks after the first. After the third email, we send nothing further unless you reply. Every email carries a one-click unsubscribe link, the sender identity (Jeno from Claude Recall), and our physical mailing address.

We never share this information with third parties for their own marketing. We do not enrich it with data brokers. We do not retarget you with ads.

Your right to object (immediate)

Under GDPR Article 21, you have the right to object to processing based on legitimate interest, at any time, for any reason. Three ways to exercise it:

• Click the unsubscribe link in any email we send you. Suppression is recorded immediately and applies across all future Claude Recall outreach.
• Reply to the email with the word unsubscribe, stop, or any plain-language refusal. Our classifier escalates to a human and we suppress within one business day.
• Email [email protected] with the address you want suppressed.

Once your email is on our suppression list, it is never removed. We retain the suppression record for at least five years to satisfy CAN-SPAM and to guarantee we never re-contact you.

Retention

We retain prospect records (name, public handle, email, public activity signals) for the duration of the outreach program. If you unsubscribe or do not reply within 30 days of the third email, we keep only the email address on the suppression list and delete the rest of your record within 90 days. Suppression records are retained for at least five years per CAN-SPAM record-keeping requirements.

Third-party services

We use a small number of third-party services to operate. Each has its own privacy policy, and we encourage you to review them:

• Stripe processes payments. Claude Recall never handles or stores your card information. See Stripe's privacy policy.
• Resend delivers transactional emails (purchase receipts, refund confirmations). See Resend's privacy policy.
• Cloudflare Turnstile provides bot protection on the website. It may set cookies to distinguish humans from bots. See Cloudflare's privacy policy.
• Cloudflare Tunnel proxies the website as standard web infrastructure. No additional data is collected through this service beyond normal HTTPS request handling.

If you are located in the EEA or United Kingdom, your personal information may be transferred to and processed in the United States by our third-party service providers (Stripe and Resend). These providers maintain appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission.

Our website may link to third-party websites. We are not responsible for the privacy practices or content of those sites.

Cookies

The Claude Recall website does not use analytics cookies, advertising cookies, or tracking pixels. The only cookies that may be set come from Cloudflare Turnstile for bot protection. These are functional cookies required for the website to operate securely; they do not track you across sites.

The Claude Recall desktop application (the daemon and CLI) does not set or read any cookies.

Our website does not track users across third-party websites and does not respond to Do Not Track browser signals because we do not engage in tracking. No analytics scripts, advertising pixels, or cross-site trackers are loaded on clauderecall.com.

Optional embedding model download

Claude Recall Pro offers an optional semantic search feature that requires downloading an embedding model (approximately 100 MB). This is a one-time download from a public model registry. No tracking, no authentication, and no personal data is sent during the download. The model runs entirely on your machine after that.

Data retention

Your session data, notes, tags, threads, and collections are stored locally in ~/.recall/ across three durability layers: a SQLite database, a history column, and a plain-text mirror on disk. We never have access to this data, and we cannot delete it. You own it completely.

For Pro users, we retain your email, license key, and activation records for as long as your license is valid. If you request deletion, we will remove your information from our systems within 30 days.

Data breach notification

In the unlikely event of a data breach affecting your personal information, we will notify affected users by email without unreasonable delay and no later than 60 days after discovering the breach. If the breach affects 500 or more consumers, we will also notify the Nevada Attorney General as required by NRS 603A.220.

Your rights

Depending on where you live, you may have specific rights under privacy laws such as the GDPR (EU/EEA), UK GDPR, or CCPA (California). Regardless of your jurisdiction, we extend the following rights to all Claude Recall users:

• Access: You can request a copy of any personal information we hold about you.
• Deletion: You can request that we delete your personal information from our systems.
• Export: You can request your data in a portable format.
• Opt-out of sale: We do not sell personal information, so there is nothing to opt out of. We state this explicitly for CCPA compliance.
• Correction: You can request that we correct any inaccurate personal information we hold.
• Restriction: You can ask us to restrict how we process your personal information — for example, while we look into an objection, verify the accuracy of disputed data, or where processing would otherwise be unlawful but you prefer restriction over deletion. This right is provided under GDPR Article 18.

For your local data (everything in ~/.recall/), you already have full control. You can read, export, modify, or delete it at any time without contacting us.

To exercise any of these rights for data we hold (Pro purchase and activation records), email us at [email protected]. We will respond within 30 days.

Nevada residents: Under Nevada Revised Statutes Chapter 603A, you have the right to direct us not to sell your covered information. We do not sell your personal information. To submit a verified opt-out request under Nevada law, email [email protected].

EEA and UK residents: You also have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal information violates applicable law.

We do not use your personal information for automated decision-making or profiling.

Children's privacy

Claude Recall is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at [email protected] and we will delete it promptly.

Changes to this policy

If we update this privacy policy, we will post the revised version on this page and update the effective date at the top. For material changes that affect how we handle your personal information, we will notify Pro users by email before the changes take effect. The core commitment will not change: Claude Recall is local-first, and your session data stays on your machine.

Business transfers

If BLOCKA23 LLC dba Claude Recall is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify affected Pro users by email before your personal information becomes subject to a different privacy policy.

Related policies

• Terms of Service
• Refund Policy

Contact

BLOCKA23 LLC dba Claude Recall is the data controller for the personal information described in this policy. We are registered in Nevada, United States. Our mailing address is 732 S 6th St, Ste N, Las Vegas, NV 89101.

For privacy inquiries, data subject requests, or questions about this policy, contact us at [email protected].