Privacy Policy

Last updated: May 20, 2026

1. Overview

Clawvisor, Inc., a Delaware corporation ("Clawvisor," "we," "us," or "our"), is the data controller for information collected through the cloud service and the clawvisor.com website. Clawvisor is a credential-vaulting gateway for AI agents, available both as a hosted cloud service at app.clawvisor.com ("the Service") and as self-hosted software you run on your own infrastructure ("the Software"). This Privacy Policy covers the clawvisor.com website, the cloud service, and describes what data a self-hosted Clawvisor instance processes.

2. Cloud Service — Data We Collect

When you use the Clawvisor cloud service, we collect, store, or use the following data:

  • Account data: Email address and bcrypt-hashed password for authentication. If you sign in via SAML SSO, your email address is received from your organization's identity provider.
  • Authentication session data: We use strictly necessary authentication cookies, including an HttpOnly refresh-token cookie, to keep you signed in and protect account access. These cookies are not used for analytics, advertising, or cross-site tracking.
  • Credentials you store: API keys and OAuth tokens you add to the vault, encrypted with AES-256-GCM at rest.
  • Agent tokens: Stored as SHA-256 hashes. The raw token is shown once at creation and never stored. Agent tokens may also be issued to third-party applications (such as IDE plugins) through an OAuth 2.1 authorization flow that you explicitly approve.
  • OAuth client registrations: When a third-party application connects via OAuth, we store its client name and redirect URIs. Authorization codes are short-lived and deleted after use.
  • Chain context facts: When intent verification with chain context is enabled, structural references (such as email addresses, IDs, and phone numbers) may be extracted from API responses and stored temporarily to validate follow-up requests within the same task. These facts are automatically deleted when the task completes, expires, or is revoked.
  • Audit logs: Every gateway request is logged with the service, action, sanitized parameters, decision, and outcome. Raw credentials are never included in logs.
  • Notification configs: Telegram bot tokens and chat IDs for approval notifications, if configured.

3. Self-Hosted Instances

When you self-host Clawvisor, your credentials, audit logs, agent configurations, and all data processed by your instance remain under your control. The cloud relay is enabled by default for local daemon installations, and push notifications are enabled when you pair a mobile device; connection metadata for these services (described in Section 3a) is processed by Clawvisor's infrastructure. We do not collect telemetry or usage analytics from self-hosted instances unless you explicitly opt in. When enabled, anonymous telemetry includes aggregate event counts (tasks created, gateway requests processed, approvals issued) and is not linked to any user identity or credentials.

3a. Self-Hosted — Cloud Relay and Push Notifications

Local daemon installations connect to the Clawvisor cloud relay by default. The following data is transmitted to Clawvisor infrastructure:

  • Connection metadata: Daemon ID, Ed25519 public key, IP address, and connection/disconnection timestamps.
  • Tunnel traffic: All traffic between your daemon and connecting clients is encrypted in transit (TLS). A subset of security-sensitive routes — including agent gateway requests, task management, and connection requests — additionally enforce end-to-end encryption (X25519/HKDF + AES-256-GCM), making their contents unreadable by the relay server. Other routes, including the MCP protocol used by IDE plugins such as Claude Desktop, are protected by TLS in transit but are readable by the relay server. Credentials stored in your local vault are never transmitted through the relay.
  • Authentication: The relay stores your daemon's Ed25519 public key for challenge-response authentication.

When you pair a mobile device, push notifications are enabled. The following is transmitted:

  • Device tokens: Required to deliver notifications to your mobile device.
  • Notification payloads: Payloads include event type, task purpose, risk level, and action summary. They do not include credentials, API response bodies, or message contents.

Connection metadata and device tokens are retained while the relay connection or push subscription is active and are deleted upon de-registration or account removal.

4. How We Use Your Data

For the cloud service, we use your data to:

  • Operate and maintain the service
  • Execute agent requests against third-party APIs on your behalf
  • Enforce authorization policies (restrictions, task scopes, approvals)
  • Generate audit logs for your review

We do not sell your data or use it for advertising.

5. Website and Cookies

The clawvisor.com marketing site uses Plausible Analytics, a privacy-focused, cookie-free analytics tool. Plausible does not use cookies, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR. All data is aggregated and no individual visitors can be identified. Server logs may record IP addresses and request metadata as part of standard web hosting, which are retained for security purposes and automatically purged.

The hosted application at app.clawvisor.com uses strictly necessary cookies for authentication and security, such as an HttpOnly refresh-token cookie. These cookies are required to provide the Service and are not used for advertising or analytics.

6. Third-Party Services

Clawvisor interacts with third-party services only when you configure it to, whether on the cloud service or a self-hosted instance:

  • External APIs (Google, GitHub, Slack, etc.) are called on your behalf when agents make requests. You register your own API credentials with each provider. Data exchanged with these services is subject to their respective privacy policies.
  • SAML identity providers: If you configure SAML SSO, authentication requests are sent to your organization's identity provider. We store the IdP's entity ID, SSO URL, and signing certificate to validate responses. Your email address is extracted from the SAML assertion.
  • Telegram is used for approval notifications if you configure a bot. Message content includes service names, actions, and truncated parameters.
  • Resend is used for email verification on the cloud service. Your email address is shared with Resend to deliver verification messages.
  • Cloud relay and push: Local daemon installations connect to the Clawvisor cloud relay by default, and push notifications are enabled when you pair a mobile device. Data handling for these services is described in Section 3a.
  • AI models: If you enable optional intent verification or task risk assessment, Clawvisor uses AI models to evaluate agent requests. For intent verification, only request metadata (service, action, parameters, and agent-provided reason) is sent to the model. For task risk assessment, only the task purpose and authorized actions are sent. When chain context is enabled, the output of API calls executed on your behalf — which may include email bodies, message content, file contents, and other data returned by third-party APIs — is sent partially or in full to the configured LLM provider to extract structural references such as IDs and addresses. Credentials are never sent. On the cloud service, this processing occurs within Clawvisor's Google Cloud infrastructure. Self-hosted users select and configure their own LLM provider; data handling is governed by that provider's terms.
    • Cloud service: The cloud service uses Anthropic Claude Haiku 4.5 (or newer), Claude Sonnet 4.6 (or newer), and Google Gemini 2.5 Flash-Lite (or newer), hosted on Google Cloud Vertex AI within Clawvisor's own GCP project. Google processes this data as a sub-processor under its Cloud Data Processing Addendum. No user data is sent to Anthropic or any other model provider directly, and no user data is used for model training.
    • Self-hosted: You choose and configure your own LLM provider (Anthropic, OpenAI, Ollama, Groq, or Vertex AI). Data handling is governed by your chosen provider's terms.

7. Data Retention

Cloud service: Your data is retained while your account is active. Upon account deletion, all associated data — including credentials, audit logs, agent configurations, and account information — is permanently purged within thirty (30) days, except where retention is required by applicable law. You may request deletion at any time by contacting support@clawvisor.com.

Audit logs: Audit logs on the cloud service are retained for the lifetime of your account. You may export or request deletion of your audit history at any time.

Authentication sessions: Authentication session cookies expire according to the configured session lifetime, and are cleared or invalidated when you log out or when the session is revoked or expires.

Self-hosted: You control data retention entirely. Expired sessions, pending approvals, and chain context facts are cleaned up automatically by background processes within your instance.

8. Data Security

Credentials are encrypted at rest with AES-256-GCM. The vault key is stored separately from the database. Passwords are hashed with bcrypt. Agent tokens are stored as one-way hashes. No credentials appear in logs, error messages, or API responses. The cloud service infrastructure is hosted on Google Cloud Platform (GCP).

9. Your Rights

For the cloud service, you may request access to, correction of, or deletion of your personal data by emailing support@clawvisor.com. For self-hosted instances, you have direct access to all your data.

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. Our legal bases for processing are: performance of our contract with you (providing the Service), and legitimate interests (security, fraud prevention, and service improvement). The cloud service infrastructure is hosted in the United States on Google Cloud Platform. Transfers of personal data from the EEA/UK to the United States are governed by Google's Data Processing Addendum, which incorporates Standard Contractual Clauses (SCCs) approved by the European Commission. To exercise your rights, contact support@clawvisor.com.

10. Children's Privacy

Clawvisor is not directed at individuals under the age of 13. We do not knowingly collect personal information from children.

11. Sub-Processors

The cloud service uses the following sub-processors to deliver the Service:

  • Google Cloud Platform — Cloud infrastructure and data processing.
  • Resend — Email delivery.
  • Telegram — Notification delivery.
  • Plausible Analytics — Website analytics.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you at least thirty (30) days in advance by email or through a prominent notice within the Service. Changes will be posted on this page with an updated date.

13. Contact

For questions about this Privacy Policy, contact us at support@clawvisor.com.