Privacy Policy · jean-claude

🥐The short version: we collect what is needed to run the service and bill you, we do not sell any of it, and the contents of your VM are your business, not ours.

1. What we collect

Account data: your email and name, via our authentication provider (WorkOS).
SSH public keys: the public halves only, to grant you access to your VMs. We never see private keys.
VM metadata: names, regions, sizes, status and lifecycle events (created, resized, snapshotted), so the dashboard and CLI can do their jobs.
Billing data: handled by Stripe. Card numbers never touch our servers.
Operational logs: minimal request and error logs to keep the service healthy.

2. What we deliberately do not collect

The contents of your VM.Your code, files and repositories live on your VM's disk. We do not browse them. We access VM internals only when strictly necessary to operate the service, investigate abuse, or when the law requires it.
Your claude.ai credentials. They are stored on your VM, not in our database.
Your Claude sessions. Conversations travel between your VM and Anthropic; we are not in that loop.

3. How we use your data

To provide and operate the service, process payments, prevent abuse, answer support requests, and comply with the law. That is the whole list. We do not sell personal data, we do not run ads, and we do not share data with third parties for their marketing.

4. Who processes data for us

We use a small set of subprocessors: WorkOS (authentication), Stripe (payments), Fly.io (VM infrastructure), Vercel (web hosting) and Neon (database). Data may be processed in the EU and the United States with appropriate safeguards in place.

5. Retention

Account data: kept while your account is active.
VM disks and snapshots: deleted when you destroy the VM. Destroy means destroy.
Account deletion: personal data removed within 30 days, except records we must keep for tax and accounting law.
Operational logs: kept for roughly 30 days.

6. Security

Traffic is encrypted in transit. Every customer VM is an isolated machine with its own disk, reachable only with your SSH keys. Access to production systems on our side is restricted and credentialed. No system is perfectly secure, but we take this seriously and keep the attack surface small.

7. Cookies

One session cookie, to keep you signed in. No advertising trackers, no third-party analytics cookies, no banner asking you about either.

8. Your rights

Under the GDPR (and similar laws elsewhere) you can request access to, correction of, deletion of, or a copy of your personal data, and you can object to certain processing. Write to bonjour@jeanclaude.sh and we will sort it out. You also have the right to complain to your local supervisory authority.

9. Changes

If this policy changes in a way that matters, we will tell you by email or in the dashboard before the change takes effect.