Privacy Policy

Last updated: March 31, 2026

1. Information We Collect

SafeClaw collects minimal information necessary to provide our service: your email address for authentication, and encrypted vault data. We do not collect, store, or have access to your plaintext credentials, API keys, or biometric data. All sensitive data is encrypted on your device before transmission using AES-GCM-256.

2. How We Use Your Information

Your email is used solely for account authentication and service notifications. Encrypted vault data is stored only to provide the SafeClaw service. We do not sell, share, or use your data for advertising or analytics purposes.

3. Data Security

SafeClaw employs end-to-end encryption (AES-GCM-256) with keys derived from your biometric via WebAuthn PRF. Our servers store only ciphertext — we cannot decrypt your data. Each vault runs in an isolated virtual machine with restricted network egress. Stopping a VM instantly destroys all decrypted state.

4. Third-Party Services

We use Google OAuth for authentication. When you sign in, Google's privacy policy applies to the authentication process. SafeClaw does not share your vault data with any third party.

5. Data Retention & Deletion

You can delete your account and all associated encrypted data at any time. VM instances are ephemeral — all runtime data is destroyed when a vault is stopped.

6. Contact

For privacy-related questions, contact us at privacy@safeclaw.com.