Back to home

Privacy Policy

Last updated: 8 February 2026

1. Introduction

Claw ("we", "our", "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services.

We are registered with the UK Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

Account Information

  • Name and email address
  • Business name and industry
  • Password (stored securely using PBKDF2 hashing)

Integration Data

When you connect third-party services (e.g., Xero, QuickBooks, Shopify), we store OAuth2 tokens encrypted with AES-256-GCM. We access your data in these services only as directed by your interactions with the AI assistant.

Conversation Data

Messages you send to the AI assistant and responses are stored to provide conversation history. This data is isolated per tenant and stored in your dedicated storage.

Usage Data

We collect anonymised usage metrics such as message counts and feature usage to improve our service.

3. How We Use Your Information

  • To provide and maintain our service
  • To process your requests via the AI assistant
  • To manage your account and subscriptions
  • To communicate with you about service updates
  • To comply with legal obligations

4. Data Storage and Security

Your data is processed on Cloudflare's global edge network. Each business tenant has isolated storage (database and file storage). OAuth tokens are encrypted at rest using AES-256-GCM.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Cloudflare (infrastructure provider) — under their data processing agreement
  • AI model providers (Anthropic/OpenAI) — conversation content is sent to generate AI responses
  • Stripe — for payment processing
  • Third-party integrations you explicitly connect

6. Your Rights (UK GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability (export your data)
  • Object to processing
  • Lodge a complaint with the ICO (ico.org.uk)

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, all personal data and conversation history is permanently deleted within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

9. Contact

For privacy enquiries or to exercise your rights, contact us at: [email protected]