Privacy Policy

Last updated: February 6, 2026

1. Introduction

ClawOcean ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI agent platform and related services (the "Service"). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

Account Information

Email address (required for account creation)
Name (optional)
Profile information you choose to provide
Authentication credentials (passwords are securely hashed using bcrypt)

Payment Information

Billing address
Payment method details (processed and stored by Stripe; we do not store full card numbers)
Transaction history and invoices

Usage Information

Instance configurations and settings
Token usage metrics (counts only, not content)
API request logs (timestamps, endpoints, status codes - not request bodies)
Feature usage analytics

Technical Information

IP address and approximate location
Browser type and version
Device information
Cookies and similar tracking technologies

Important: AI/LLM Data Privacy

We route AI/LLM requests through our proxy for usage metering purposes only. We do NOT log, store, analyze, or train on the content of your prompts or AI responses. For BYOK (Bring Your Own Key) users, requests are proxied for metering but content is never persisted. Your conversations remain private.

3. How We Use Your Information

Service Delivery: To provide, maintain, and improve the Service
Account Management: To create and manage your account
Billing: To process payments and manage subscriptions
Usage Tracking: To monitor and enforce usage limits and quotas
Communications: To send service-related notifications, updates, and support responses
Security: To detect, prevent, and respond to fraud, abuse, and security incidents
Legal Compliance: To comply with applicable laws and legal requests
Analytics: To understand how users interact with our Service and improve it

4. Information Sharing and Disclosure

We do not sell your personal information. We may share information with:

Service Providers: Third parties that help us operate the Service (see Section 5)
Legal Requirements: When required by law, subpoena, or legal process
Protection of Rights: To protect our rights, privacy, safety, or property
Business Transfers: In connection with a merger, acquisition, or sale of assets
With Consent: When you have given us explicit permission

5. Third-Party Services

We use the following third-party services:

Stripe - Payment processing (PCI-DSS compliant)
DigitalOcean - Cloud infrastructure hosting
Cloudflare - DNS, CDN, DDoS protection, and edge computing
Anthropic - AI model provider (for ClawOcean AI users)
OpenAI - AI model provider (for ClawOcean AI users)
Meta (WhatsApp) - Messaging integration
Google (Gmail, Google Docs) - Email and document integration
Telegram - Messaging integration

Each third-party service has its own privacy policy governing their use of your data.

5.1 Google API Services User Data Policy

ClawOcean's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What data we access

Gmail: Email messages, labels, and metadata - to enable AI-powered email management
Google Docs: Document content - to enable AI-powered document assistance
Google Drive: Files you create or open through ClawOcean only

How we use this data

To provide AI agent features you explicitly request (reading, summarizing, drafting emails/docs)
To send emails or modify documents only when you instruct your AI agent to do so
To receive real-time notifications of new emails (Gmail watch/push)

What we do NOT do with Google data

We do NOT store email content or document content permanently
We do NOT use Google data to train AI models
We do NOT share Google data with third parties for advertising
We do NOT sell Google user data
We do NOT use Google data for purposes unrelated to the features you use

Revoking access

You can disconnect your Google account from ClawOcean at any time via your dashboard settings or by visiting your Google Account permissions. Upon disconnection, we delete your OAuth tokens and any cached Google data.

6. Data Retention

Account Data: Retained while your account is active, plus 30 days after deletion
Usage Logs: Retained for 90 days for operational purposes
Billing Records: Retained for 7 years as required for tax and legal compliance
Security Logs: Retained for 1 year for security incident investigation

You may request deletion of your data at any time by contacting us or using the account deletion feature.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data (right to be forgotten)
Portability: Request your data in a machine-readable format
Restriction: Request restriction of processing
Objection: Object to certain types of processing
Withdraw Consent: Withdraw previously given consent

To exercise these rights, contact us at privacy@clawocean.com. We will respond within 30 days.

8. Security Measures

We implement industry-standard security measures:

TLS 1.3 encryption for all data in transit
AES-256 encryption for sensitive data at rest
Secure password hashing with bcrypt
Regular security audits and penetration testing
Isolated infrastructure per customer instance
DDoS protection via Cloudflare
Access controls and audit logging
Employee security training and background checks

9. Cookies and Tracking

We use cookies and similar technologies for:

Essential Cookies: Required for authentication and security
Functional Cookies: Remember your preferences
Analytics Cookies: Understand usage patterns (anonymized)

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features.

10. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for transfers from the EU/EEA, and compliance with applicable data protection laws.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will promptly delete it. If you believe a child has provided us with personal information, please contact us.

12. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to say no to the sale of personal information (we do not sell your data)
Right to equal service and price (no discrimination for exercising rights)

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the GDPR including those listed in Section 7. Our legal bases for processing are:

Contract: Processing necessary to provide the Service
Legitimate Interests: Security, fraud prevention, and service improvement
Legal Obligation: Compliance with applicable laws
Consent: Where you have provided explicit consent

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or dashboard notification at least 30 days before taking effect. The "Last updated" date at the top indicates when the policy was last revised. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions, concerns, or to exercise your rights, contact us at:

Email: privacy@clawocean.com
For EU residents, you may also contact your local data protection authority.

Back to Home