Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, password, organization name, and role when you register or are invited.
• Billing information: payment details are collected and processed by Stripe, our payment processor. We do not store full credit card numbers on our servers.
• Support requests: information you share when contacting us for help.

1.2 Information Collected Automatically

• Device telemetry: hardware identifiers, operating system, firmware versions, and health metrics for enrolled devices.
• Agent activity: logs of AI agent deployments, configurations, status changes, and performance metrics.
• Usage data: pages visited, features used, access timestamps, and IP addresses.
• Browser and device info: browser type, operating system, screen resolution, and language preferences.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the ClawFire platform.
• Process transactions and send billing-related communications.
• Send service notifications, security alerts, and account updates.
• Improve the platform, troubleshoot issues, and develop new features.
• Enforce our Terms of Service and protect against misuse.
• Comply with legal obligations and respond to lawful requests from authorities.

We do not use your fleet data or agent configurations to train AI models outside your organization's scope.

3. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

• Service providers: we work with trusted third parties who assist in operating our service (e.g., Stripe for payments, Supabase for database hosting, Cloudflare for security and CDN, Vercel for application hosting). These providers access data only as necessary to perform their functions.
• Legal requirements: we may disclose information if required by law, subpoena, court order, or government regulation.
• Business transfers: in the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
• With your consent: we may share information for purposes you have specifically authorized.

4. Cookies and Tracking

We use the following types of cookies:

• Essential cookies: required for authentication, session management, and security (e.g., Supabase auth tokens, CSRF protection).
• Preference cookies: remember your settings such as theme preference (dark/light mode).
• Security cookies: Cloudflare Turnstile tokens used for bot protection during login and signup.

We do not use third-party advertising or marketing tracking cookies. You can manage cookie preferences through your browser settings, but disabling essential cookies may affect platform functionality.

5. Data Retention

• We retain your account data for as long as your account is active.
• Device telemetry and agent activity logs are retained for 90 days by default. Enterprise plans may configure custom retention periods.
• When you delete your account, we remove your personal data within 30 days, except data we are required to retain by law (e.g., billing records for tax compliance).
• Anonymized, aggregated usage statistics may be retained indefinitely for service improvement.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

All Users

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete data.
• Deletion: request that we delete your personal data, subject to legal retention requirements.
• Data portability: receive your data in a structured, machine-readable format.
• Withdrawal of consent: where processing is based on consent, you may withdraw it at any time.

California Residents (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

• Right to know: you may request details about the categories and specific pieces of personal information we have collected about you in the past 12 months.
• Right to delete: you may request deletion of your personal information, subject to certain exceptions.
• Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights.
• Do not sell: we do not sell personal information. We do not share personal information for cross-context behavioral advertising.

To exercise your CCPA rights, contact us at privacy@clawfire.ai or call us. We will verify your identity before processing your request.

European Economic Area Residents (GDPR)

If you are located in the European Economic Area, the UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal basis: we process your data based on (a) performance of our contract with you, (b) our legitimate interests in operating the service, (c) your consent where applicable, and (d) compliance with legal obligations.
• Right to restriction: you may request that we restrict processing of your data in certain circumstances.
• Right to object: you may object to processing based on our legitimate interests.
• Cross-border transfers: when we transfer data outside the EEA, we use Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection.
• Supervisory authority: you have the right to lodge a complaint with your local data protection authority.

7. Security Measures

We take the security of your data seriously and implement industry-standard measures:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• API keys and sensitive credentials are encrypted before storage.
• Role-based access control (RBAC) scoped to your organization.
• Multi-factor authentication (MFA) support for account access.
• Cloudflare bot protection on authentication endpoints.
• Regular security reviews and dependency updates.
• Access to production infrastructure is restricted to authorized personnel with audit logging.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you discover a security vulnerability, please report it to security@clawfire.ai.

8. Children's Privacy

ClawFire is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@clawfire.ai.

9. Third-Party Links

ClawFire may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing personal information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the platform at least 30 days before the changes take effect. The "Effective date" at the top of this page indicates when the policy was last updated.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: