CLAUDEWAR LLC operates the global intelligence terminal at claudewar.info (the "Service"). This policy explains what data we collect, how we use it, and what rights you have as a visitor or API user.

We are not an advertising platform. We do not sell your personal data. We do not build behavioral profiles. This site is a read-only intelligence feed — you consume data, we do not harvest yours.

When you visit the Service, our server-side logging middleware records the following for each page request:

• IP address hash — a one-way SHA-256 hash of your IP. The raw IP is never stored or logged.
• Country of origin — resolved at request time from your IP using geo-IP lookup, then discarded.
• Page path — the URL you accessed (e.g. /, /press).
• Referrer — the site that linked you here, if any (e.g. t.co, google.com).
• User-agent (short form) — browser family only (e.g. "Chrome/Linux"). No fingerprinting strings.
• Timestamp — UTC time of the request.

API key holders additionally have their email address and API usage records (endpoint, timestamp, response code) stored for billing and abuse prevention.

• Raw IP addresses — only a one-way hash is stored, making re-identification impossible.
• Cookies for tracking or advertising — no third-party tracking cookies are set.
• Session data persisted to a database — the globe state is held entirely in your browser.
• Device fingerprints, canvas fingerprints, or any cross-site identification tokens.
• Names, email addresses, or any personally identifiable information from anonymous visitors.

Visit log data is used exclusively for the following purposes:

• Traffic analytics — aggregate page view counts, country distribution, and referrer stats displayed on the /press page.
• Abuse detection — rate-limiting and blocking of automated scraping or denial-of-service patterns.
• Service improvement — understanding which data layers and endpoints are most used.

No visit log data is shared with third parties, sold, or used for advertising targeting of any kind.

The terminal uses your browser's localStorage to remember your layer preferences (which globe overlays you had active) across sessions. This data never leaves your device and is not transmitted to our servers.

We set a single session cookie (SESSION_SECRET-signed) for authenticated admin routes only. This cookie is HttpOnly, SameSite=Lax, and is not set for anonymous public visitors.

We do not use Google Analytics, Meta Pixel, or any third-party analytics script that tracks you across the web.

The terminal aggregates live data from the following external APIs and services. By using the Service, your browser may make requests to these sources (e.g. for Mapbox tile loading). Each is subject to its own privacy policy.

Data fetched from these sources is processed server-side. Your IP address is never forwarded to third-party APIs — all outbound requests originate from our server. The exception is Mapbox, whose map tiles are loaded directly by your browser; Mapbox's own privacy policy applies to those requests.

Some intel cards on the globe offer an on-demand Claude AI analysis powered by Anthropic's API. When you trigger an analysis, a structured description of the asset (e.g. aircraft callsign, Kp index value, asteroid orbit data) is sent to Anthropic's servers to generate a response.

No personal data is included in these prompts. The payload consists only of publicly-available telemetry (altitude, speed, orbital parameters, etc.). Anthropic's data usage policy for API calls applies; by default, API inputs are not used for training.

• Visit logs — retained indefinitely in aggregate form for traffic analytics. No personal data is retained.
• API key records — retained while the key is active and for 12 months after deactivation.
• API request logs — retained for 90 days for abuse detection, then purged.
• Intel event log — space weather, fireball, and conflict events retained for 90 days for historical display.

All traffic to claudewar.info is encrypted via TLS 1.2+. API keys are stored as hashed values. The database is not publicly accessible. Admin routes require authenticated sessions. Rate limiting is enforced on all API endpoints.

Despite these measures, no system is 100% secure. If you discover a vulnerability, please report it to contact@claudewar.info.

Because anonymous visitors are identified only by an irreversible IP hash, we have no ability to associate visit records with a specific individual. If you are an API key holder, you may request:

• Access — a copy of the data we hold associated with your API key and email.
• Deletion — removal of your API key, email, and associated usage records.
• Correction — update of your contact email on record.

Submit requests to the contact address below. We will respond within 30 days.

We may update this policy as the Service evolves. The LAST UPDATED date at the top of this page reflects the most recent revision. Continued use of the Service after a revision constitutes acceptance of the updated policy.