Privacy Policy

ClawBots (“we”, “our”, or “us”) operates the platform available at claw-bots.com. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it. Please read this policy carefully before using ClawBots.

By using our platform you agree to the practices described in this policy. If you do not agree, please stop using the service and contact us to request deletion of your account.

1. What Data We Collect

We collect only the information necessary to provide and improve the service.

Account Information

• Email address — used to identify your account and send transactional messages.
• Name — provided during sign-up or pulled from your Google account when you use Google OAuth.
• Profile photo — optionally provided via Google OAuth.

Billing Information

• Subscription plan, billing status, and subscription history stored in our database.
• Full payment card details are handled exclusively by Stripe and are never stored on our servers. We only store a Stripe customer ID and subscription reference.

Usage Logs

• Container start/stop events, uptime, and error logs for your isolated instance.
• IP address and browser/device type from server access logs.
• Feature usage events (e.g. onboarding steps completed).

What We Do NOT Collect

We do not access, read, store, or log the content of your AI conversations, chat history, or any messages exchanged between you and your AI assistant. Your conversations stay inside your isolated container and are not visible to ClawBots.

2. How We Use Your Data

We use the data we collect solely for the following purposes:

• Account management — creating and maintaining your account, authenticating your sessions.
• Service delivery — provisioning, monitoring, and managing your isolated AI container.
• Billing — processing subscription payments and sending receipts and invoices via Stripe.
• Support — diagnosing issues you report using logs from your container.
• Service improvement — aggregated, anonymised analytics to understand how the platform is used.
• Legal compliance — retaining records as required by applicable law.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

ClawBots integrates with the following third-party services to operate. Each service has its own privacy policy that governs the data they process.

4. Cookies & Local Storage

We use a minimal set of cookies required for the service to function:

• Session cookie (better-auth.session_token) — a signed HTTP-only cookie that authenticates your session. Expires when you sign out or after 30 days of inactivity.

We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies.

5. Data Retention

• Account data — retained while your account is active. Deleted within 30 days of account deletion.
• Billing records — retained for 7 years as required by financial regulations.
• Usage logs — retained for up to 90 days for debugging and operational purposes, then automatically deleted.
• Container data — deleted within 14 days of account or subscription cancellation.

6. Data Security

We take reasonable technical and organisational measures to protect your personal data:

• All data in transit is encrypted via TLS/HTTPS.
• Each user's AI assistant runs in an isolated Docker container with no cross-user access.
• Database access is restricted to private network and authenticated services.
• Secrets (API keys, tokens) are stored encrypted and never logged in plain text.

No system is completely secure. If you discover a security vulnerability, please contact us at support@claw-bots.com before public disclosure.

7. GDPR & Your Rights

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
• Right to restriction — ask us to limit how we process your data in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email us at support@claw-bots.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Our lawful bases for processing personal data are:

• Contract — processing necessary to deliver the service you signed up for.
• Legal obligation — retention of billing records.
• Legitimate interests — security monitoring, fraud prevention, and service improvement.

8. Children's Privacy

ClawBots is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their information, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email. Continued use of the service after changes are posted constitutes acceptance of the revised policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy: