Skip to content

$ man privacyLegal · Privacy Policy

privacy.md
readonly

Privacy Policy

Last updated: May 1, 2026 · Effective: May 1, 2026

ClaudeSkill (“ClaudeSkill”, “we”, “us”, or “our”) operates the website at claudeskil.com and its subdomains (the “Service”). This Privacy Policy describes the personal information we collect, how we use and share it, the legal bases on which we rely, the rights you have, and how to exercise them.

Reading this policy is not legal advice and does not create an attorney-client relationship. If you do not agree with this policy, please do not use the Service. By using the Service you confirm that you have read and understood this policy.

1. Who is the data controller

The data controller for personal information processed under this policy is the operator of ClaudeSkill. You can reach us at info@claudeskil.com. We do not currently have a designated EU/UK representative or Data Protection Officer; if either becomes legally required, this section will be updated with their contact details.

2. Information we collect

2.1 Information you provide directly

  • Account data — when you sign in with Google or GitHub, we receive your email address, display name, public profile fields, and avatar URL. We do not receive your password.
  • Profile data — handle, display name, tagline, biography, location, occupation, company, pronouns, interests, and links you choose to add (GitHub, X, website).
  • User-generated content — skills you submit, reviews, ratings, comments, bookmarks, follows, and any other content you post to the Service.
  • Communications — the contents of any email or support message you send us, including attachments.

2.2 Information collected automatically

  • Device and log data — IP address, browser type and version, operating system, language preference, referring URL, and timestamps. Used for security, abuse prevention, and debugging.
  • Usage data — pages viewed, navigation paths, search queries, install events for skills, click-throughs, and approximate session duration.
  • Cookies and similar technologies — see our Cookie Policy for the full list, categories, durations, and opt-out controls.

2.3 Information from third parties

  • OAuth providers — Google and GitHub send the profile fields you authorise during sign-in. You can revoke this access from the provider's account settings at any time.
  • Public GitHub repositories — the indexer fetches publicly available repository metadata (README, stars, license) for skills surfaced in the directory. This data is governed by GitHub's terms.

3. How we use your information

We process personal information for the following purposes and on the following legal bases (under GDPR / UK GDPR):

  • Operating the Service (legal basis: performance of a contract) — authenticating you, hosting your content, displaying skills, and providing requested features.
  • Communicating with you (legal basis: legitimate interests / consent) — replying to support requests, sending transactional emails about your account.
  • Improving the Service (legal basis: legitimate interests) — analysing aggregated usage to improve search, ranking, and discovery.
  • Security and fraud prevention (legal basis: legal obligation / legitimate interests) — detecting abuse, scraping, and spam.
  • Personalised advertising (legal basis: consent in the EU/UK; opt-out in the US) — when enabled, Google AdSense uses identifiers to serve and measure ads.
  • Legal compliance (legal basis: legal obligation) — responding to lawful requests and enforcing our Terms of Service.

We do not use your personal information to make decisions producing legal or similarly significant effects without human review. We do not engage in the “sale” of personal information for monetary consideration as defined under most US state privacy laws. Some ad partners may treat sharing of identifiers for cross-context behavioural advertising as a “sale” or “share” under California, Colorado, Connecticut, Virginia, and similar US laws — you can opt out via our Cookie Policy consent controls or the Global Privacy Control (GPC) signal, which we honour.

4. How we share information

We do not sell or rent your personal information. We share limited information with the following categories of recipients, strictly to operate the Service:

  • Service providers (processors) — vendors that process data on our behalf under contract:
    • Supabase (database, auth, storage) — operated by Supabase Inc., hosted in AWS regions we configure.
    • Vercel (hosting, edge runtime, analytics) — operated by Vercel Inc.
    • Resend (transactional email) — operated by Resend Inc.
    • Google (OAuth sign-in, AdSense, Analytics 4 if enabled) — operated by Google LLC and affiliates.
    • GitHub (OAuth sign-in, repository indexing) — operated by GitHub, Inc.
    • Sentry (error monitoring, if enabled) — operated by Functional Software, Inc.
  • Legal and safety — law enforcement, regulators, or other parties when required by law or to protect rights, property, or safety.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of all or part of the business, with notice to you where required.
  • With your consent — for any other purpose you authorise.

5. International transfers

Personal information may be transferred to, and processed in, countries other than your own — including the United States and India — which may have different data-protection laws than your country. Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK International Data Transfer Addendum, plus supplementary measures such as encryption in transit and at rest.

6. How long we keep information

  • Account data — kept while your account is active and for up to 90 days after deletion to allow recovery and fraud investigation.
  • Submitted skills, reviews, comments — kept while the Service displays them; deleted on your request unless we have a legal obligation to retain them.
  • Log and analytics data — typically aggregated within 14 months and deleted thereafter, unless required for security or legal reasons.
  • Email correspondence — retained for up to 24 months to preserve context for follow-up support requests.

7. Security

We take reasonable administrative, technical, and physical safeguards to protect personal information, including TLS in transit, encryption at rest, principle-of-least-privilege access controls, audit logging, and routine dependency review. No method of transmission or storage is 100% secure; we cannot guarantee absolute security. If we become aware of a personal-data breach affecting your information, we will notify you and regulators where required by law within applicable deadlines (e.g., 72 hours under GDPR Article 33).

To report a suspected vulnerability, see our Security & Responsible Disclosure page.

8. Your rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) — request deletion of your data, subject to lawful retention.
  • Restriction / Objection — restrict or object to certain processing, including profiling and direct marketing.
  • Portability — receive your data in a machine-readable format or have it transmitted to another controller, where technically feasible.
  • Withdraw consent — where processing relies on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint — with your local data-protection authority. Within the EU you can find your authority at edpb.europa.eu; in the UK, the Information Commissioner's Office at ico.org.uk.

8.1 California (CCPA / CPRA) rights

California residents have the right to know what personal information we collect, the categories of sources and recipients, and the business purposes; to delete personal information; to correct inaccurate personal information; to opt out of “sale” or “sharing” for cross-context behavioural advertising; and to limit use of sensitive personal information. We do not collect sensitive personal information beyond what is reasonably necessary to operate the Service. We honour the Global Privacy Control (GPC) signal as a valid opt-out request. We do not discriminate against users who exercise their privacy rights.

8.2 How to exercise your rights

Email info@claudeskil.com with the right you wish to exercise and enough information for us to verify your identity (e.g., the email address tied to your account). We will respond within the timeframes required by applicable law (typically 30 days under GDPR; 45 days under the CCPA, extendable once).

9. Children

The Service is not directed to children under 16 (under 13 in the United States). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please email info@claudeskil.com and we will delete it promptly.

10. Cookies and tracking technologies

We use cookies and similar technologies for authentication, preferences, analytics, and (where consented) advertising. See the Cookie Policy for the full list, durations, and opt-out controls. We respect Do Not Track and Global Privacy Control signals.

11. Third-party links and content

The Service contains links to third-party websites, including GitHub repositories. We are not responsible for the privacy practices of those sites. Review their policies before sharing personal information.

12. Automated indexing

Our indexer fetches publicly available repository metadata to surface skills. If you are the rights holder of a public repository indexed by ClaudeSkill and want it removed, see the DMCA takedown procedure or email info@claudeskil.com.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced on the homepage at least seven days before they become effective, and the “Last updated” date above will change. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact

Privacy enquiries: info@claudeskil.com
Legal enquiries: info@claudeskil.com
Abuse reports: info@claudeskil.com