Do I need to know how to code?

Absolutely not. Claude Code or OpenAI Codex knows everything about code - you just need to describe what you want to build.

Do I need a Claude Code / OpenAI Codex subscription?

Yes - you need a subscription to use craaft. We currently support Claude Code and OpenAI Codex and will soon support Google Gemini and Kimi.

What apps can I build?

You can build any type of software you want: websites, web apps, mobile apps (iOS & Android), and desktop apps (Mac & Windows).

How is my setup different from real developers?

You have the exact same setup as a real dev team at big companies. The only difference is that instead of writing code yourself, you ask craaft's AI to write everything for you.

craaft - The dream setup to vibe code real apps

1 - Introduction

Welcome to Craaft ("Craaft", "we", "us" and "our").

Craaft provides a Chrome extension and associated web application that enhance your AI coding workflow, helping developers work better with AI assistants.

The "Websites" means Craaft websites (including without limitation www.craaft.ai, app.craaft.ai and any successor URLs, mobile or localized versions and related domains and subdomains), and the "Services" means Craaft products, applications and services, in each case in whatever format they may be offered now or in the future.

This Privacy Policy explains what information we collect, how we use it, and what choices you have. We are committed to protecting your privacy and being transparent about our data practices.

2 - Local-First Architecture

Craaft is designed with a local-first architecture. Your conversations, prompts, todo lists, code content, and other workspace data are stored exclusively on your local device. This data is never transmitted to or stored on Craaft servers.

The Craaft Chrome extension operates directly within your browser. The following data remains entirely on your device and is never sent to our servers:

Conversations and chat history with AI assistants
Todo lists and task management data
Code content, files, and project data
Screenshots and screen captures
Branch management and workspace settings
Prompt queue and prompt history

Because this data never leaves your device, Craaft has no ability to access, read, or process it. You retain full and exclusive control over this data at all times.

3 - Applicability of this Privacy Policy

This policy (the "Privacy Policy") applies to your use of the Services and other interactions (e.g., customer service inquiries) you may have with Craaft. If you do not agree with this Privacy Policy, do not access or use our Services.

A separate agreement (the "Customer Agreement") may be in place between your organization and Craaft that governs delivery, access and use of the Service by users who are authorized by your organization to use its instance of the Service (such Customer-specific instance of the Service is referred to herein as the "Customer Workspace").

If you have questions about your organization's specific Service settings and practices you should contact them directly.

4 - Personal Data We Collect

Given our local-first architecture (see Section 2), the personal data we collect is limited to what is strictly necessary to provide the Service.

Account Registration Data

When you register for a Craaft account you are required to provide certain personal information (the "Personal Data"), such as your name and email address, as well as other information that you voluntarily choose to add to your account profile.

If you choose to register for an account using your credentials from a third party service (such as Google), then your name and email address will be provided to us as permitted by your profile settings within that third party service.

If you are registering for a paid account you will also be required to provide payment information. Payment card details are collected and processed directly by our payment service provider Stripe and are never stored on Craaft servers.

Data From Third Party Services

We receive information about you when you or your administrator integrate or link a third-party service with our Services. For example, if you create an account or log into our Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you.

Customer Support Data

We also collect the information that you may choose to submit to our customer support team, for example regarding a question you have or a problem you are experiencing with our Services. This may include your contact information, a summary of the problem you are experiencing and any other documentation or information that would be helpful in resolving the issue.

5 - What We Do Not Collect

We believe in collecting only what is necessary. To be explicit:

No analytics tracking. We do not use any analytics services (such as Google Analytics or similar) on our website or in our extension.
No advertising cookies. We do not use third-party advertising or marketing cookies.
No behavioral tracking. We do not track your browsing behavior, interests, or activity across websites.
No data selling. We do not sell, rent, or trade your personal data to any third party for any purpose, including marketing or advertising.
No content collection. As described in Section 2, your conversations, code, prompts, and workspace data are never transmitted to our servers.

6 - Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), we process your personal data on the following legal bases under Article 6 of the GDPR:

Performance of a contract (Article 6(1)(b)): Processing necessary to provide you with the Services, manage your account, and process payments.
Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as preventing fraud, ensuring security, and improving our Services, provided these interests are not overridden by your rights.
Legal obligation (Article 6(1)(c)): Processing necessary to comply with applicable laws and regulations.
Consent (Article 6(1)(a)): Where we rely on your consent for specific processing activities (e.g., marketing communications), you may withdraw your consent at any time by contacting us at hello@craaft.ai.

7 - How We Use Your Personal Data

We collect Personal Data for the following purposes:

To Provide the Services

We use information about you to provide the Services to you, including to register you for the Services, process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services.

To Communicate With You

We use your contact information to communicate with you about the Services, respond to your customer support questions and requests, and to provide you notices regarding the Services (including notices about your account, product update announcements, security alerts, and administrative notifications).

For Safety And Security

We use information about you and the way in which you use the Services to verify and authenticate accounts and activity, monitor for suspicious or fraudulent activity and identify violations of our Services policies.

To Protect Our Legal Rights

Where required by law, or where we think it is necessary to protect our legal rights and interests or the legal rights and interests of others, we use information about you in connection with legal claims, compliance and regulatory functions.

8 - How We Share Your Personal Data

We share your Personal Data only with the following categories of third parties, and only to the extent necessary:

Service Providers (Sub-Processors)

We use the following third-party service providers to operate the Services:

Supabase — Authentication and user account management. Processes your email address and authentication credentials.
Stripe — Payment processing. Processes your payment card details and billing information. Craaft does not store your card details.
Vercel — Website and application hosting. May process IP addresses and request metadata in server logs.

These service providers are bound by contractual obligations to process Personal Data only as instructed by Craaft and to maintain appropriate security measures.

For Legal Purposes

We may disclose your Personal Data if required to do so by law or if we have a good faith belief that such action is necessary to (i) comply with a legal obligation or lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) protect and defend the rights or property of Craaft, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.

In Connection With a Sale or Merger

As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets. We will notify you of any such change in ownership or control of your Personal Data.

9 - International Data Transfers

Craaft is based in France. Some of our service providers (Supabase, Stripe, Vercel) may process data in the United States or other countries outside the European Economic Area (EEA).

Where Personal Data is transferred outside the EEA, we ensure that appropriate safeguards are in place, including the European Commission's Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework, as applicable. You may request a copy of these safeguards by contacting us at hello@craaft.ai.

10 - Data Retention

Craaft retains your Personal Data for as long as your account is active or as needed to provide you the Services. We may also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Your payment information is processed and stored by Stripe for the duration of your subscription. Data relating to the visual cryptogram or CVV2 on the back of your credit card is never stored. Upon account deletion, we will delete your Personal Data within thirty (30) days, except where retention is required by law.

11 - Data Security and Breach Notification

We implement industry-standard technical and organizational measures to protect the Personal Data we process. These measures include encryption in transit (TLS), secure authentication mechanisms, and access controls.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (CNIL in France) within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

12 - Cookies

Our use of cookies is minimal and limited to what is strictly necessary for the functioning of the Services:

Authentication cookies: Used to keep you logged in to the Craaft web application. These are essential cookies required for the Service to function.

We do not use any analytics cookies, advertising cookies, or third-party tracking cookies. Because we only use strictly necessary cookies, no cookie consent banner is required under the ePrivacy Directive.

13 - European Union (EU) Individuals

Scope

This section applies if you are an individual in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, to the extent applicable, Switzerland).

Data Controller

Craaft SAS, a company registered in France, is the data controller for processing of your Personal Data. We act as a data processor (or service provider) in relation to the Services we provide to our Customers.

Your Rights

Subject to EU data protection law, you have the following rights in relation to your Personal Data:

Right of Access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details.
Right to Rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it.
Right to Erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent.
Right to Restrict Processing: You may ask us to restrict or 'block' the processing of your Personal Data in certain circumstances.
Right to Data Portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you.
Right to Object: You may ask us at any time to stop processing your Personal Data.
Right to Withdraw Consent: If you have consented to our use of your Personal Data for a specific purpose, you have the right to change your mind at any time.
Right to Lodge a Complaint: You have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) or any other competent supervisory authority.

To exercise any of these rights, please contact us at hello@craaft.ai. We will respond to your request within one (1) month, as required by the GDPR.

14 - California Residents

Scope

This section applies only if you are a resident of California and describes the rights granted to you pursuant to the California Consumer Privacy Act of 2018 ("CCPA").

Your California Rights

Right to Know: You can request information about how we have collected and used your Personal Information during the past 12 months.
Right of Access: You can request a copy of the personal information that we have collected about you during the past 12 months.
Right to Delete: You can ask us to delete the personal information we have collected from you.
Opt-out of Sales: We do not sell your personal information. We have not sold personal information in the preceding 12 months.
Nondiscrimination: You are entitled to exercise the rights described above free from discrimination.

How to Exercise Your California Privacy Rights

You may exercise your California privacy rights by contacting us at hello@craaft.ai. We do not sell your Personal Information.

15 - Age Restrictions

The Services are not intended for use by individuals under the age of 16. We do not knowingly collect Personal Data from children under 16. If we become aware that we have collected Personal Data from a child under 16, we will take steps to promptly delete such data. If you believe that a child under 16 has provided us with Personal Data, please contact us at hello@craaft.ai.

16 - Modifications

We reserve the right, at our sole discretion, to modify this Privacy Policy or any portion thereof. Any changes will be effective from the time of publication of the new privacy policy. If we believe that the changes are material, we will let you know by doing one (or more) of the following: (i) posting the changes on or through the Services, (ii) sending you an email or message about the changes. Your continued use of the Services after the changes have been implemented shall indicate your agreement with the terms of such revised privacy policy.

17 - Contact

Have questions or concerns about Craaft and privacy?

Craaft SAS, Paris, France