claw foo

Claw Foo — Privacy Policy

Last Updated: February 15, 2026
Effective Date: February 15, 2026

This Privacy Policy describes how Phantastic Apps, LLC ("Company," "we," "us," or "our") collects, uses, stores, and protects information when you use Claw Foo (the "Service"). By using the Service, you consent to the practices described in this policy.

1. Overview

Claw Foo is a managed AI assistant that connects to your personal productivity accounts (Gmail, Google Calendar, Slack, Notion) via Telegram. Because of the nature of the Service, we necessarily process data from those accounts on your behalf. This policy explains exactly what data we access, why, how it is handled, and your rights.

2. Information We Collect

2.1 Account Information

When you sign up, we collect:

  • Email address
  • Name (if provided)
  • Payment information (processed and stored by Stripe; we do not store full credit card numbers)
  • Telegram user ID and chat ID (when you connect via Telegram)

2.2 Third-Party Account Data

When you authorize integrations, the AI agent accesses data from your connected accounts to provide the Service. This includes:

  • Gmail: Email messages (subjects, bodies, senders, recipients, timestamps) for the purpose of triage, summarization, and draft composition.
  • Google Calendar: Calendar events (titles, times, attendees, descriptions) for scheduling and daily briefings.
  • Slack: Messages in channels and threads you grant access to, for task capture and summarization.
  • Notion: Pages, databases, and tasks for task creation and management.

We access this data solely to operate the Service on your behalf. The AI agent processes this data in your isolated container environment in real time. We do not aggregate, mine, or analyze your third-party account data for our own purposes.

2.3 Conversation Data

Messages you send to the AI agent via Telegram and the agent's responses are stored as part of your agent's session state. This data is used to maintain conversation context and provide continuity of service.

2.4 Usage and Operational Data

We collect:

  • AI model usage metrics (token counts, model identifiers, timestamps) for billing and cost management.
  • Agent action audit logs (what actions the agent took and when) for your transparency and our operational monitoring.
  • Service performance data (container lifecycle events, error logs) for reliability and debugging.
  • Basic analytics (feature usage patterns, session frequency) to improve the Service.

2.5 Information We Do NOT Collect

  • We do not read or store your passwords to any third-party service. All integrations use OAuth tokens.
  • We do not store your full payment card details. All payment processing is handled by Stripe.
  • We do not collect biometric data, precise geolocation, or device identifiers beyond what is standard in web and Telegram interactions.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Process your messages, access your connected accounts, generate AI responses, execute tasks, and deliver daily briefings.
  • Maintain your agent state: Store conversation history and agent memory to provide continuity across sessions.
  • Billing and account management: Process payments, enforce usage limits, and manage your subscription.
  • Security and abuse prevention: Detect unauthorized access, enforce tool restrictions, and maintain audit logs.
  • Service improvement: Analyze operational data (not your personal content) to improve reliability, performance, and features.
  • Communication: Send service-related notifications (billing alerts, usage warnings, maintenance notices).

4. How We Do NOT Use Your Information

  • We do not sell your personal data to any third party.
  • We do not use your data to train AI models. Your content is processed by third-party AI models (e.g., Anthropic's Claude) in real time to generate responses but is not retained by us or by AI model providers for model training purposes.
  • We do not serve advertisements or use your data for ad targeting.
  • We do not share your personal content with other Claw Foo users. Each user has a fully isolated environment.

5. Data Architecture and Isolation

5.1 Tenant Isolation

Each user receives a dedicated, isolated container environment. Your data — including conversation history, agent state, and cached content — is stored separately from all other users. There is no shared database of user content.

5.2 Credential Security

Your third-party OAuth tokens are managed through a credential proxy system. The AI agent container does not have direct access to OAuth tokens or AI model API keys. Credentials are injected at the infrastructure level and are not accessible to the agent runtime.

5.3 Encryption

  • Data in transit is encrypted using TLS.
  • Data at rest (stored in cloud object storage) is encrypted using the storage provider's encryption.

5.4 AI Model Processing

When the AI agent processes your data, it sends content to third-party AI model providers (currently Anthropic) via our credential proxy. This transmission occurs over encrypted connections. We rely on our AI model providers' data handling commitments, which currently include not using API input/output data for model training. We select providers whose data practices align with protecting your privacy, but we cannot guarantee that providers will not change their policies.

6. Data Retention

6.1 Active Accounts

While your account is active, we retain your account information, agent state, conversation history, and usage logs as necessary to provide the Service.

6.2 After Cancellation

Upon account cancellation:

  • Your container and agent state will be deleted within 30 days.
  • Account information (email, billing records) may be retained for up to 12 months for legal, tax, and accounting purposes.
  • Usage logs and audit logs may be retained in anonymized or aggregated form.
  • Backups containing your data will be purged as they naturally rotate out of our backup cycle, generally within 90 days.

6.3 Account Deletion Requests

You may request full deletion of your data by contacting us at [email protected]. We will process deletion requests within 30 days, subject to legal retention requirements.

7. Third-Party Services

7.1 Integrations

The Service connects to third-party platforms (Google, Slack, Notion, Telegram) via their APIs. Your use of those platforms is governed by their respective privacy policies. We encourage you to review:

7.2 AI Model Providers

We use third-party AI model providers to power the agent's intelligence. Currently, we use Anthropic's Claude models. Content from your conversations is sent to these providers for processing. We rely on our providers' commitments not to use API data for training, but we encourage you to review their policies:

7.3 Payment Processor

Payments are processed by Stripe. Your payment information is handled according to Stripe's privacy policy and PCI-DSS standards. We do not have access to your full payment card details.

7.4 Infrastructure Provider

The Service is hosted on Cloudflare's infrastructure. Your data is processed and stored on Cloudflare's global network. Cloudflare's privacy policy applies to infrastructure-level data handling.

8. Data Transfers

Your data may be processed in jurisdictions outside your country of residence, including the United States, as part of our use of cloud infrastructure and AI model providers. By using the Service, you consent to such transfers. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

9. Your Rights and Choices

9.1 Access and Export

You may request a copy of the personal data we hold about you by contacting us at [email protected].

9.2 Disconnecting Integrations

You may disconnect any third-party integration at any time through the Claw Foo dashboard or by revoking OAuth access through the third-party platform's settings. Disconnecting an integration will disable related features but will not delete previously processed data from your agent state.

9.3 Pausing the Agent

You can pause or disable your AI agent at any time via the dashboard's kill switch. While paused, the agent will not access your accounts or process messages.

9.4 Deletion

You may request deletion of your account and personal data as described in Section 6.3.

9.5 Audit Log

You have access to a full audit log of all actions taken by your AI agent, viewable through the Service.

9.6 Rights Under Applicable Law

Depending on your jurisdiction, you may have additional rights under data protection laws (such as the GDPR or CCPA), including rights to rectification, restriction of processing, data portability, or the right to lodge a complaint with a supervisory authority. Contact us at [email protected] to exercise these rights.

10. Security

We implement technical and organizational measures to protect your data, including:

  • Isolated per-user container environments.
  • Credential proxy architecture (agent containers never possess raw OAuth or API credentials).
  • Curated integration set (four authorized integrations only; no third-party plugins or marketplace skills).
  • Periodic encrypted backups of agent state.
  • Audit logging of all agent actions.
  • Conservative tool restrictions on the AI agent (no arbitrary code execution, no browser automation).

However, no system is 100% secure. We cannot guarantee absolute security and are not liable for breaches resulting from factors beyond our reasonable control, including but not limited to zero-day vulnerabilities, third-party provider compromises, or actions you take that compromise your account security.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from minors. If we learn that we have collected data from a minor, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or dashboard notification at least 14 days before taking effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at:

Phantastic Apps, LLC
Email: [email protected]
Website: https://claw.foo