Privacy Policy

1. What We Collect

Clawmont collects the minimum data required to operate the service:

• Account data: email address, hashed password, billing info (processed by Stripe).
• Alert metadata: threat type, timestamp, severity level, and rule matched. Alert payloads are encrypted at rest.
• Usage analytics: page views and feature usage (no PII, no tracking cookies).

2. What We Do Not Collect

Clawmont runs locally on your OpenClaw gateway. Your AI conversations, prompts, model responses, and source code never leave your machine. We do not have access to your chat content.

3. How We Use Your Data

• To operate and improve the Clawmont service.
• To send security alert notifications to your configured channels.
• To process payments via Stripe (we never store card numbers).
• To send transactional emails (receipts, security alerts, account notices).

4. Data Retention

Alert metadata is retained for 90 days by default on the optional Guardrails cloud layer. You can export or delete your data at any time by emailing support. Account data is deleted within 30 days of account closure.

5. Third-Party Services

• Stripe — payment processing.
• Supabase — authentication and database hosting.
• Resend — transactional email delivery.

6. Your Rights

You can request access to, correction of, or deletion of your personal data at any time by emailing hello@clawmont.com.

7. Contact

Questions about this policy? Email hello@clawmont.com.