Legal
Privacy Policy
This Privacy Policy explains how ClawNet ("we", "us", "our") collects, uses, stores, and shares information when you use our Service. We take your privacy seriously and process data in accordance with applicable data protection laws, including GDPR where applicable.
1. Data We Collect
| Category | Examples | Source |
|---|---|---|
| Account data | Email address, name, Clerk user ID | You, via Clerk sign-up |
| API usage | API queries, credit balance, credits used, orchestration inputs/outputs | Your API calls |
| Billing data | Payment amounts, Stripe customer/session IDs, Solana wallet addresses, transaction signatures | Stripe, Solana blockchain |
| Skill data | Skill names, descriptions, prompts, version history, ratings | You, via Marketplace |
| Task data | Task inputs, results, status, duration, webhook URLs | Your API calls |
| Log data | IP address, request timestamps, error logs | Automatically collected |
We do not collect passwords — authentication is handled entirely by Clerk. We do not store full payment card details — these are handled by Stripe.
2. How We Use Your Data
- Service operation: authenticating you, routing API calls, deducting credits, delivering skill results.
- Billing: processing payments, reconciling transactions, preventing fraud.
- Security: rate limiting, anomaly detection, audit logging for financial integrity.
- Communication: transactional emails (purchase receipts, claim links, account alerts) via Resend.
- Analytics: aggregate, anonymized usage metrics to improve the platform. We do not sell individual usage data.
- Legal compliance: retaining financial records as required by applicable law.
3. Data Sharing and Third Parties
We share data with the following service providers, each operating under their own privacy policies:
- Clerk — identity and authentication management. Clerk Privacy Policy
- Stripe — payment processing and subscription management. Stripe Privacy Policy
- Resend — transactional email delivery. Resend Privacy Policy
- Sentry (optional) — error monitoring and crash reporting. Sentry Privacy Policy
We do not sell, rent, or trade your personal data to any third party for marketing purposes. We may disclose data if required by law or to protect the rights, property, or safety of ClawNet, our users, or others.
4. Data Retention
- Account and usage data — retained while your account is active.
- Financial records (transactions, audit log) — retained for 7 years for legal and accounting compliance, even after account deletion.
- Task data and orchestration results — retained for 90 days, then automatically deleted.
- Log data — retained for 30 days.
5. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Correction — request correction of inaccurate data.
- Erasure — request deletion of your account and personal data. When you delete your Clerk account, we automatically deactivate your API key, anonymize your email address to
[deleted], and unpublish your skills. Financial records are retained as required by law. - Portability — request your data in a machine-readable format (contact us).
- Objection — object to certain processing activities.
To exercise any of these rights, email us at privacy@claw-net.org. We will respond within 30 days.
6. Cookies and Tracking
Our web dashboard uses cookies set by Clerk for session management and authentication. We do not use third-party advertising cookies or cross-site tracking cookies.
We do not use Google Analytics or other third-party analytics trackers on our platform pages.
7. Security
We implement technical and organizational measures to protect your data, including:
- TLS encryption for all data in transit.
- API keys are stored as cryptographically random 48-character hex strings.
- API keys are never logged in full — only masked representations are recorded in logs.
- SQLite WAL mode with regular backups for data integrity.
- Rate limiting, anomaly detection, and audit logging on all financial operations.
No system is perfectly secure. If you discover a security vulnerability, please report it responsibly to security@claw-net.org.
8. Children
The Service is not intended for users under 13 years of age (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately.
9. International Transfers
Our servers are located in the United States. By using the Service, you consent to the transfer of your data to the US. Where required, we rely on standard contractual clauses or equivalent mechanisms for international data transfers.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the dashboard. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
For privacy questions or to exercise your rights, contact us at privacy@claw-net.org.