Security and data boundary

How account, payment, and model request data are handled

ClaudeU uses email-code sign-in, controlled payment flows, and server-owned balance plus usage records. The site keeps records visible so users can review what happened.

Account and authorization

Sign-in and Desktop authorization serve the current user flow.

Email code

Sign-in uses a one-time email code instead of asking users to remember another password.

Desktop authorization

After the web account is confirmed, Desktop can continue with that account.

Session boundary

After logout or re-authorization, the user center follows the current session state.

Email reputation and anti-spoofing

support@claudeu.com is used for support communication, and domain mail policies reduce spoofed sender risk.

SPF

SPF records limit which servers may send mail for claudeu.com and reduce forged sender sources.

DKIM

DKIM signs message content with the domain so recipients can check whether mail was changed in transit.

DMARC

DMARC connects SPF and DKIM results to a domain policy so receivers can handle impersonation attempts.

Support mailbox boundary

Forward suspicious ClaudeU mail to support@claudeu.com for review; do not reply with login codes, full card details, or sensitive information.

Payment and content

Users should know which records are used for review.

Payment confirmation

Balance crediting depends on payment confirmation and account records, not only a browser redirect.

Usage records

The user center shows request ID, model, time, usage, and debit amount for review.

Model request content

Billing records center on request ID, model, usage, debit, and status. The MVP does not store raw questions and answers as billing records.

How account, payment, and model request data are handled | ClaudeU