"> Skip to main content

Privacy First

Security & Privacy at FreeClaude

We built FreeClaude with one architectural principle: collect as little data as possible. This page explains exactly what we collect, what we don't, and how we protect you.

How Authentication Works

FreeClaude uses a 6-digit code system via Telegram that requires no password and no personal identification. Here's the flow:

  • You visit FreeClaude and click "Get Access"
  • Our Telegram bot sends you a one-time 6-digit code
  • You enter the code on FreeClaude — access granted
  • The code expires after use; no session data is stored client-side beyond an encrypted access token

We use your Telegram user ID (a numeric identifier, not your name or phone number) as your account anchor. This ID is never linked to any personal information beyond what's needed to track your access timer and referral credits.

What We Collect

  • Telegram user ID (numeric only)
  • Referral link usage (who referred you)
  • Access timer state (expiry timestamp)
  • Aggregate usage metrics (anonymous, no user-level tracking)

What We Do NOT Collect

  • Your conversations with Claude — never stored, never read
  • Your name, email address, or phone number
  • Your IP address (beyond standard server logs, auto-purged after 24h)
  • Browsing history or behavioral tracking
  • Payment information (we charge nothing)

Infrastructure Security

All connections to FreeClaude are protected by TLS 1.3 encryption. Our servers run behind a hardened nginx reverse proxy with HSTS headers enforced. We use automated certificate renewal (Let's Encrypt) with OCSP stapling.

Our infrastructure is hosted on dedicated servers in the EU. We do not use third-party cloud providers that may process your data under different jurisdictions.

GDPR & CCPA Compliance

FreeClaude is designed to be compliant with both the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

  • Right to Access: You can request what data we hold about your Telegram ID at any time.
  • Right to Deletion: You can request deletion of your account data by contacting support@freeclaude.io.
  • No Data Sales: We do not sell, rent, or share your data with any third party for commercial purposes.
  • No Profiling: We do not build behavioral profiles or use your data for targeted advertising.

Data Retention

Access records (Telegram ID + timer state) are retained as long as your account is active. If your account has been inactive for 180 days, all associated data is automatically purged. Server logs are purged after 24 hours.

Encryption in Transit and at Rest

All communications between your browser and FreeClaude servers are encrypted using TLS 1.3, the most current version of the Transport Layer Security protocol. We do not support legacy SSL versions or weak cipher suites. Our SSL configuration scores an A+ rating on independent security scanning tools.

Data at rest — including access records and session tokens — is encrypted using AES-256. Encryption keys are managed separately from the data they protect, using industry-standard key management practices. No single administrator has access to both the encrypted data and the decryption keys simultaneously.

Our Telegram authentication codes are single-use and expire within 5 minutes of generation. They are stored as salted hashes, never in plaintext. Even if an attacker gained access to our authentication database, the codes would be computationally infeasible to reverse.

Third-Party Security Audits

We believe in the principle that security cannot be self-certified. Our authentication architecture has been reviewed by independent security researchers, and we participate in responsible disclosure programs that allow external researchers to identify and report vulnerabilities safely. We maintain a bug bounty policy that rewards researchers who find and responsibly disclose security issues.

Our infrastructure is hosted on providers that maintain SOC 2 Type II certifications and undergo regular penetration testing by qualified third-party security firms. We review their audit reports annually and factor security posture into our vendor selection decisions.

User Rights Under GDPR, CCPA, and PDPA

Depending on your jurisdiction, you may have specific rights regarding your personal data. Under the General Data Protection Regulation (GDPR) applicable in European Union member states, you have the right to access your data, correct inaccuracies, request deletion, object to processing, and receive your data in a portable format.

Users in California benefit from similar protections under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to deletion, and the right to non-discrimination for exercising privacy rights.

In Thailand, the Personal Data Protection Act (PDPA) provides analogous protections. We respect the privacy rights of users in all jurisdictions where these rights are legally recognized, and we process requests in good faith even from users in jurisdictions without explicit statutory protections.

To exercise any of these rights, contact us at support@freeclaude.io with the subject line [PRIVACY REQUEST]. We will respond within the timeframes required by applicable law — typically 30 days for GDPR requests and 45 days for CCPA requests.

Security Incident Response

Despite our preventive measures, no system is entirely immune to security incidents. We maintain a documented incident response plan that defines escalation procedures, communication timelines, and remediation processes. In the event of a security breach that affects user data, we will notify affected users within 72 hours of becoming aware of the incident, as required by GDPR Article 33.

Our incident response team maintains 24/7 on-call coverage for critical security alerts. Automated monitoring systems detect anomalous patterns in authentication attempts, API usage, and data access, triggering alerts that are reviewed by human operators within minutes.

Security Contact

If you discover a security vulnerability, please report it responsibly. We will respond within 48 hours.

Security contact: support@freeclaude.io — Subject: [SECURITY]

FreeClaude is an independent community service. Not affiliated with, endorsed by, or sponsored by Anthropic PBC. Claude™ and Anthropic™ are trademarks of Anthropic PBC, used here descriptively under fair use.