Legal
Privacy Policy
Last updated: April 8, 2026
The short version (plain English)
ClawVault is built so we can't read your sensitive data even if we wanted to. Your vault contents (passwords, IDs, payment info) are encrypted in Google Cloud Secret Manager with per-user IAM scoping. Our database stores references and labels — never the values. We don't sell, rent, or share your data with anyone for marketing. We keep the smallest amount of personal info needed to run the service. Here's the long version.
1. Who runs ClawVault
ClawVault is the consumer life-admin agent at go-claw.com. The operator is contactable via the contact form on the homepage. We're a small team, not a multinational ad business.
2. What we collect — the full list
We try hard to collect the minimum data needed. Here's everything:
| Category | Why we have it | Where it lives |
|---|---|---|
| Email address | So you can log in (passwordless OTP) and we can email receipts + alerts | Postgres `users` table |
| Display name (optional) | What we call you in the UI | Postgres `users` table |
| Vault entries (passwords, IDs, addresses, etc) | So the agent can fill them into web forms on your behalf | GCP Secret Manager only, AES-256 encrypted, IAM-scoped to your user ID. Postgres only stores metadata: a label like "SIN" and a reference path. Never the value. |
| Payment method token | So you can pay for your subscription | Stripe. We never see or store your full card number — only a tokenised reference Stripe gives us. |
| Subscription tracking data (Netflix, Spotify, etc) | So we can alert you before trials end and renewals hit | Postgres `subscriptions` table. You enter this manually, or (Week 5+) we read it from Plaid if you connect your bank. |
| Agent action history | So you have an audit trail of every action the agent took on your behalf — and so we can enforce your monthly action quota | Postgres `agent_actions` table. Includes timestamps, target URLs, action types, status. Screenshot data is deleted after 24 hours. |
| Auth events | Security audit log — every login, every secret access, every plan change | Postgres `audit_log` table |
| IP address + User-Agent | To detect suspicious logins and rate-limit abuse | Postgres `audit_log` and `sessions` tables, kept for 90 days |
| Stripe customer ID | To link your ClawVault account to your subscription billing in Stripe | Postgres `users` table. The actual billing details live at Stripe. |
What we do NOT collect:
- We don't run third-party analytics (no Google Analytics, no Mixpanel, no Hotjar, no Facebook Pixel)
- We don't fingerprint your browser or device
- We don't sell or share data with advertisers, brokers, or "data partners"
- We don't track you across other websites
- We don't read or store the contents of pages the agent visits beyond the screenshot needed for your audit trail
3. How your vault is protected
The vault is the most sensitive part of ClawVault, so we built the architecture so that even our own engineers can't read it:
- AES-256 encryption at rest via Google Cloud Secret Manager
- Per-user IAM scoping — each user's secrets live at a path like
projects/go-claw-prod/secrets/user-{your-uuid}-vault-{field}. The agent container that runs your tasks has IAM access to only secrets prefixed with your user ID — nothing else. - Per-user container isolation — each user gets their own Cloud Run container instance. Credentials never cross user boundaries. The container scales to zero when idle, so most of the time it doesn't even exist.
- The Postgres database stores only labels and references, never values. If our database leaked tomorrow, the leaked data would be: emails, display names, encrypted secret references (which are useless without the corresponding Secret Manager access), and subscription metadata (Netflix renewal dates, etc). No passwords. No card numbers. No government IDs.
- Audit logging — every secret read is recorded in GCP's audit log and our own
audit_logtable.
4. Two-factor authentication
Strongly recommended. From the Vault settings page you can enable TOTP (RFC 6238) authenticator-app 2FA. Once enabled, every login requires both your email OTP and a current code from your authenticator app. The TOTP secret is encrypted at the column level in Postgres using pgp_sym_encrypt with a key stored in Secret Manager — even other rows in the same database can't read it. You also get 8 single-use backup codes for the case where you lose your phone.
5. Who we share data with (very short list)
ClawVault uses a small number of third-party services to operate. None of them get access to your vault contents. Here's the complete list:
| Service | What they see |
|---|---|
| Google Cloud Platform | Hosts everything (Cloud Run, Cloud SQL, Secret Manager). Standard cloud infrastructure provider — they don't read your application data. |
| Stripe | Your name, email, payment method (card token), and billing history. PCI-DSS Level 1 certified. Their privacy policy: stripe.com/privacy |
| Resend | Your email address (so we can send you OTP login codes and bill alerts). They process emails, they don't store your content beyond delivery confirmation. Their privacy policy: resend.com/legal/privacy-policy |
| Cloudflare | DNS only — Cloudflare resolves go-claw.com to our Cloud Run service. We don't run them as a CDN proxy, so they don't see your traffic content. (Setting we deliberately picked: "DNS only" / grey cloud, not orange.) |
| Plaid (Week 5+, opt-in only) | Only if you choose to connect your bank for the bills feature. Plaid reads your transaction history to detect recurring subscriptions. Their privacy policy: plaid.com/legal. You can disconnect any time from the Bills page. |
We do not share your data with any other third party for marketing, analytics, advertising, or any other purpose. We do not sell data to data brokers. We do not participate in advertising networks.
6. AI / large language models
ClawVault uses Anthropic's Claude models (Haiku for routine actions, Sonnet for complex reasoning) to power the agent's decision-making — recognising form fields, deciding which vault entries to use, drafting email replies. Per Anthropic's commercial terms, your data is not used to train their models. We send only the minimum context needed for each action (the task description, the relevant vault field labels, the current page snippet — never your full vault).
7. How long we keep things
| Data type | Retention |
|---|---|
| Vault contents | Until you delete them or close your account |
| Account profile | Until you delete your account, then within 30 days everywhere |
| Audit log | 2 years (legal/compliance retention) |
| Agent action screenshots | 24 hours, then deleted automatically |
| Billing records (Stripe) | 7 years (tax law) |
| OTP login codes | 10 minutes (then they expire and become useless) |
| Session refresh tokens | 30 days from last use |
| Contact form messages | Until handled, then archived for 1 year |
8. Your rights
Depending on where you live, you may have specific legal rights under laws like the GDPR (EU/UK), PIPEDA (Canada), CCPA (California), or LGPD (Brazil). We honour the same rights for everyone regardless of jurisdiction:
- Access — Get a copy of all data we hold about you
- Export — Download your vault and audit log as encrypted JSON from the Settings page
- Correct — Update or fix anything that's wrong
- Delete — Wipe your account. We soft-delete immediately and hard-delete (Postgres rows + Secret Manager entries + screenshots + Stripe customer record) within 30 days
- Object — Tell us to stop processing your data for any specific reason
- Complain — If you think we're doing something wrong, contact us first via the contact form. If we don't resolve it to your satisfaction, you can complain to your local data protection authority.
9. Cookies and tracking
We use a single, essential cookie set: a session token after you log in, so you stay logged in across page loads. That's it. No analytics cookies, no advertising cookies, no third-party trackers, no consent banner needed.
10. International data transfers
ClawVault's primary infrastructure runs in Google Cloud's us-central1 region (Iowa, USA). If you're accessing the service from outside the US, your data is being processed in the US. We rely on Google Cloud's standard contractual clauses for international data transfers where applicable.
11. Children
ClawVault is not for anyone under 18. We don't knowingly collect data from children. If you believe a child has signed up, contact us via the contact form and we'll delete the account immediately.
12. Changes to this policy
We'll update this page if we change anything material. The "Last updated" date at the top reflects the most recent version. Significant changes get an email notification at least 30 days in advance to active users.
13. Contact
Use the contact form on the homepage for any privacy-related question or request. Every message reaches a human and we read them.