Privacy Policy

1. Information We Collect

When you join our waitlist or use ClawCoil, we collect the information you provide directly, such as your email address. We also collect basic usage analytics (page views, feature usage) through privacy-respecting analytics tools.

ClawCoil processes OAuth tokens and API credentials on your behalf. We store encrypted tokens for connected services (Gmail, Slack, GitHub, etc.) to provide automatic token rotation and credential management.

2. How We Use Your Information

We use your information to operate and improve ClawCoil, manage your OAuth connections, rotate tokens automatically, and provide customer support. We do not sell your personal data to third parties. We never access the content of your connected accounts — we only manage authentication credentials.

3. Data Storage and Security

All tokens and credentials are encrypted at rest using AES-256 and in transit using TLS 1.3. We never store raw credentials — only encrypted tokens that are decrypted on demand when skills request access. Access tokens are short-lived and rotated automatically before expiry.

4. Third-Party Services

ClawCoil connects to third-party services (Gmail, GitHub, Slack, etc.) on your behalf using OAuth 2.0 or API key authentication. We only request the minimum permissions required for each integration. We use privacy-respecting analytics (Umami) and do not use advertising trackers.

5. Your Rights

You may disconnect any linked account at any time, which immediately revokes our access and deletes stored tokens. You may also request access to, correction of, or deletion of your personal data by contacting us. If you are in the EU, you have additional rights under GDPR.

6. Contact

For privacy-related questions, contact us at privacy@clawcoil.com.