Privacy Policy

Last updated: May 11, 2026

For compliance-sensitive evaluations or to request the current registered business entity and statutory data-controller details, email support@clawmont.com.

0. Data Controller

For purposes of EU/EEA GDPR and equivalent regimes, the data controller is Clawmont, operated by a sole proprietor established in Lithuania (EU). Reach the controller at support@clawmont.com for the full registered business name and address.

1. What We Collect

Clawmont collects the minimum data required to operate the service:

  • Account data: email address, hashed credentials, and billing metadata (processed by Stripe).
  • Alert metadata: threat type, timestamp, severity level, and rule matched. Alert payloads are encrypted at rest.
  • Usage analytics: page views and feature usage (no PII, no tracking cookies).

2. What We Do Not Collect

Clawmont is a security proxy that runs locally on your OpenClaw gateway. Your AI conversations, prompts, model responses, and source code never leave your machine. We do not have access to your chat content.

3. How We Use Your Data

  • To operate and improve the Clawmont service.
  • To send security alert notifications to your configured channels.
  • To process payments via Stripe (we never see or store card numbers).
  • To send transactional emails (receipts, security alerts, account notices).

4. Data Retention

Alert metadata is retained for 90 days by default on the optional Guardrails cloud service. You can export or delete your data at any time by emailing support. Account data is deleted within 30 days of account closure.

5. Third-Party Services

  • Stripe — payment processing and tax compliance.
  • Supabase — authentication and database hosting.
  • Resend — transactional email delivery.

6. Your Rights

You can request access to, correction of, or deletion of your personal data at any time by emailing support@clawmont.com.

7. Cookies and Local Storage

The Clawmont marketing site (clawmont.com) loads Google Analytics 4 and PostHog for aggregate usage analytics — page views, button clicks, and time-on-page. Neither tool is configured with cross-site identifiers or advertising IDs; session replay, surveys, exception capture, heatmaps, and dead-click capture are explicitly disabled on PostHog. Stripe sets its own strictly-necessary cookie on the checkout page (see Stripe's privacy policy). No third-party advertising or social-media trackers are loaded. The plugin itself runs offline by default and does not set cookies. To opt out, use your browser's standard analytics-blocking controls or an extension such as uBlock Origin.

8. Governing Law

This policy and the underlying processing activities are governed by the laws of the Republic of Lithuania and applicable EU law (notably the GDPR, Regulation (EU) 2016/679). Statutory rights for EU/EEA residents (access, rectification, erasure, restriction, portability, objection, and lodging a complaint with the Lithuanian State Data Protection Inspectorate — Valstybinė duomenų apsaugos inspekcija) apply in full.

9. Contact

Questions about this policy? Email support@clawmont.com.