Legal

Privacy Policy

Effective date: March 30, 2026

ClawWatch (“we”, “our”, or “us”) operates the ClawWatch observability platform (the “Service”). This Privacy Policy explains how we collect, use, and protect information about you when you use our Service.

1. Information We Collect

  • Account information: When you create an account, we collect your email address, name, and organization name via Clerk, our authentication provider.
  • Event data: The ClawWatch CLI sends agent event telemetry (action types, outcomes, inference costs, network destinations) from your NemoClaw sandboxes to our API. This data is associated with your organization.
  • Usage data: We collect standard web analytics including page views, feature usage, and session duration to improve the product.
  • Payment data: Billing is processed by Stripe. We never store your full card number — only the last 4 digits and expiry, which Stripe provides.

2. How We Use Your Information

  • To provide, operate, and maintain the Service.
  • To process payments and manage your subscription.
  • To send transactional emails (account creation, billing receipts, policy breach alerts).
  • To analyze aggregate usage patterns and improve the product.
  • To comply with legal obligations.

3. Data Storage and Security

  • All event data is stored in Supabase (PostgreSQL) with row-level security enforced — your organization's data is logically isolated from other tenants.
  • Data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • API tokens are stored as plaintext identifiers and can be revoked at any time from the Settings page.
  • We retain event data for the duration of your plan's retention window (7 days, 90 days, or 1 year) and delete it automatically after that period.

4. Data Sharing

  • We do not sell your data to third parties.
  • We share data with sub-processors: Supabase (database), Clerk (authentication), Stripe (payments), and Vercel (hosting). Each is GDPR-compliant.
  • We may disclose data when required by law or to protect our legal rights.

5. Your Rights (GDPR / CCPA)

  • Access: You can export your event data at any time from the Audit Log page.
  • Deletion: Contact us to delete your account and all associated data. We will complete this within 30 days.
  • Portability: Export your events as CSV from the Audit Log page.
  • Correction: Update your account information via the Clerk user portal.
  • Opt-out of marketing: Use the unsubscribe link in any marketing email.

6. Cookies

  • We use session cookies for authentication (managed by Clerk) and minimal analytics cookies.
  • We do not use advertising or tracking cookies.

7. Children's Privacy

  • The Service is not directed to children under 16. We do not knowingly collect information from minors.

8. Changes to This Policy

  • We may update this Privacy Policy. We will notify you of material changes by email or in-app notification. Continued use of the Service after changes constitutes acceptance.

9. Contact Us

  • For privacy questions or requests, email us at privacy@clawwatch.app.
HomeTerms of ServiceDocs
ClawWatch — NemoClaw Observability & Policy Control