Last updated: March 11, 2026
We collect information you provide directly when creating an account, including your email address, display name, and profile photo (via Google OAuth). When you purchase a subscription or credits, PayPal processes your payment and shares your PayPal email and transaction IDs with us.
We automatically collect usage data including AI model usage (tokens consumed, models used, costs), device information for license binding (device ID hash, platform, architecture), and standard web analytics via Google Analytics (anonymized).
For Desktop app users, we collect local system information used for device fingerprinting (OS, CPU model, MAC address hash, public IP).
We use your information to: provide and maintain the ClawConnect service, process payments and manage licenses, track AI credit usage and billing, enforce license terms and device binding, and communicate important service updates.
Your account data is stored in Google Cloud Firestore (Firebase) with encryption at rest and in transit (TLS 1.3). All billing operations are server-side only — client applications cannot modify credits, plans, or payment data.
Platform Mode Security: When using platform-mode AI (shared provider keys), your conversation content flows through our proxy to third-party AI providers. We implement server-side logging and monitoring to prevent abuse, but content may be visible to ClawConnect infrastructure. Conversations are logged for 30 days for audit and security purposes.
Desktop App Security: Authentication tokens stored in the Electron app are encrypted using OS-native keystores: macOS Keychain, Windows DPAPI, or Linux libsecret. Tokens remain in your OS keystore and are never transmitted to third parties.
We use the following third-party services:
AI Provider Data Sharing: When using platform-mode AI credits, your conversation content is shared with the selected AI provider. This means:
If you have concerns about data sharing with AI providers, please review their respective privacy policies before using the service.
Account data is retained as long as your account is active. Chat conversations and message logs are stored in your user subcollection and can be deleted at any time from the Chat interface. Usage logs (token counts, costs, models used) are retained for 90 days for billing reconciliation and 12 months in aggregated form for analytics.
Device binding records (license fingerprints) are retained as long as the license is active.
If you request account deletion, all associated data including conversations, usage logs, API keys, and device binding records will be removed within 30 days. Billing records required for compliance with tax and regulatory requirements will be retained for 7 years as required by Australian law.
You have the right to: access your personal data, correct inaccurate data, request deletion of your data, export your data, and withdraw consent for data processing. To exercise these rights, contact us at support@clawconnect.co.
GDPR & CCPA Acknowledgment: While ClawConnect operates primarily under Australian Privacy Act principles, we respect the data rights of international users. If you are located in the EU, you have rights under GDPR (data access, portability, right to be forgotten, etc.). If you are located in California, you have rights under CCPA (access, deletion, opt-out of sale, etc.). Contact us to exercise these rights.
ClawConnect is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that a minor has created an account, we will immediately delete all associated data and contact the account owner. Parents or guardians who believe a minor has provided information to ClawConnect should contact us immediately at support@clawconnect.co.
For Desktop app license binding, we create a device fingerprint by hashing your hardware identifiers (OS type, CPU model, system architecture, MAC addresses, and public IP). This fingerprint is used to enforce seat limits and prevent unauthorized device transfers — it is not used for tracking or analytics.
The fingerprint itself (the SHA-256 hash) is stored in your account; the raw hardware values are discarded. This allows us to detect if your license is used on unauthorized devices while protecting your hardware privacy.
In the event of a confirmed data breach affecting user data, we will notify affected users as soon as practicable but no later than 30 days after discovery (or as required by law). Notifications will include:
We will also notify relevant regulators and law enforcement as required by law.
We use essential cookies for authentication (Firebase session). We use Google Analytics for anonymous usage statistics. No third-party advertising cookies are used.
We may update this policy from time to time. We will notify users of material changes via the in-app announcement system or email. Continued use of the service after changes constitutes acceptance of the updated policy.
For privacy, security, or data-related questions, email support@clawconnect.co.
