Legal

Privacy Policy

Last updated: April 7, 2026

GrabClaw is built on a local-first principle: your conversations, files, and personal data stay on your own machine. We do not operate cloud servers that store your AI conversations. This policy explains what limited data we do collect through our website and optional API channels.

1. Information We Collect

1.1 Information You Provide

  • Account registration. If you create a GrabClaw account to access our API channels, we collect your email address and a hashed password. We do not require your real name.
  • Payment information. When you top up API credits, payment details are processed directly by our payment processor. We receive only a transaction reference, the last four digits of your card, and billing country — never your full card number.
  • Support communications. If you contact us via email or our support channels, we retain the content of those messages to resolve your issue.
  • Feedback and surveys. Any feedback you voluntarily submit to help us improve the product.

1.2 Information Collected Automatically (Website Only)

  • Server logs. Standard web server logs including IP address, browser type, referring URL, and page visit timestamps. Logs are retained for 30 days for security purposes.
  • Analytics. Aggregate, anonymized usage statistics about which pages are visited. We do not use cross-site tracking or fingerprinting.
  • Approximate location. Inferred from IP address at the country level only. We do not collect GPS or precise location data.

1.3 What We Do NOT Collect

  • The content of your AI conversations — these never leave your device.
  • Your local files, documents, or workspace data.
  • Keystrokes, screenshots, or clipboard contents.
  • Any data from paired devices beyond what is necessary to establish the encrypted connection.

2. How We Use Your Information

2.1 To Operate the Service

  • Authenticate your account and manage API key access.
  • Process payments and maintain billing records.
  • Respond to support requests and resolve technical issues.
  • Send transactional emails such as receipts, security alerts, and service notices.

2.2 To Improve GrabClaw

  • Analyze anonymized, aggregate usage patterns on our website.
  • Identify and fix bugs and performance issues.
  • Develop new features based on user feedback.

2.3 To Ensure Security

  • Detect and prevent unauthorized access, fraud, and abuse of our API channels.
  • Monitor for unusual API usage patterns that may indicate compromised credentials.
  • Comply with legal obligations and enforce our Terms of Service.

2.4 Marketing Communications

We may send you product updates and announcements if you have opted in. You can unsubscribe at any time via the link in any email or by contacting us directly. We do not send unsolicited marketing emails.

3. Local-First Architecture

GrabClaw is a desktop application that runs entirely on your machine. Your AI conversations, memory files, skill configurations, and workspace data are stored locally in your user directory and are never transmitted to GrabClaw servers.

When you use GrabClaw's optional API channels to call AI models (e.g., GPT-5.4, Claude 4.6), your prompts are forwarded directly to the respective AI provider (OpenAI, Anthropic, Google) through our routing layer. GrabClaw's routing layer does not log or store the content of these API calls — it acts as a transparent proxy to provide you with discounted pricing.

If you use your own API keys directly with AI providers, your data is governed entirely by those providers' privacy policies. GrabClaw has no visibility into those calls.

4. Data Sharing and Disclosure

4.1 Service Providers

We share limited data with trusted third-party providers who help us operate our website and payment infrastructure:

  • Payment processor — for billing and fraud prevention.
  • Email delivery provider — for transactional and support emails.
  • Website hosting provider — for serving this website.

All service providers are contractually bound to use your data only as directed by us and to maintain appropriate security standards.

4.2 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of GrabClaw, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will provide notice of any such change and, where required by law, obtain your consent.

4.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to any third party for their own marketing or commercial purposes. Ever.

5. GrabClaw API Channels

When you use GrabClaw's API channels to access AI models at discounted rates, the following applies:

  • Your API requests are routed through GrabClaw's infrastructure to the AI provider.
  • We do not store the content of your prompts or model responses.
  • We log metadata such as timestamp, model name, token count, and your account ID for billing and abuse prevention purposes. This metadata is retained for 90 days.
  • Your prompts are subject to the terms and privacy policies of the underlying AI provider (OpenAI, Anthropic, Google, etc.).
  • You may alternatively use your own API keys directly, in which case GrabClaw has no involvement in those API calls.

6. Cookies and Tracking

Our website uses a minimal set of cookies:

  • Essential cookies — required for authentication and session management. Cannot be disabled.
  • Analytics cookies — anonymized, aggregate page view statistics. You can opt out via your browser settings.

We do not use advertising cookies, cross-site tracking pixels, or third-party behavioral tracking. The GrabClaw desktop application does not use cookies.

7. Security

We implement industry-standard security measures to protect your data, including:

  • TLS encryption for all data in transit between your browser and our servers.
  • Encrypted storage for sensitive account data at rest.
  • Access controls and authentication requirements for internal systems.
  • Regular security reviews and dependency audits.

No system is perfectly secure. If you discover a security vulnerability, please report it responsibly to [email protected].

8. Data Retention

We retain your data only as long as necessary:

  • Account data — retained while your account is active, plus 30 days after deletion to allow for recovery.
  • Billing records — retained for 7 years to comply with tax and accounting regulations.
  • API usage metadata — retained for 90 days for billing verification and abuse prevention.
  • Server logs — retained for 30 days.
  • Support communications — retained for 2 years after resolution.

When data is no longer needed, it is securely deleted or anonymized.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your account and associated personal data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to certain types of processing, including direct marketing.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

EEA / UK residents (GDPR): You have the right to lodge a complaint with your local data protection authority if you believe we have violated applicable law.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information (we do not sell personal information).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Children's Privacy

GrabClaw is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via a notice in the application. Your continued use of GrabClaw after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: