Privacy Policy

Last updated: March 7, 2026

ClawCap ("we", "us", "our") operates the clawcap.co website and hosted proxy service. This policy explains what data we collect, how we use it, and your rights.

The short version: We never store your API keys. They pass through our proxy in memory and are immediately discarded. We track your spending totals to enforce caps, but we don't log your prompts or AI responses.

1. API Keys

Your LLM provider API keys (Anthropic, OpenAI, Google, etc.) are included in your request headers and forwarded directly to the provider. ClawCap never stores, logs, caches, or persists your API keys. They exist in server memory only for the duration of a single request and are discarded immediately after forwarding.

2. Information We Collect

When you create an account and use ClawCap, we collect:

Email address — used for account identification and checkout
Subscription and payment data — processed by Stripe; we store your Stripe customer ID and subscription status, not your payment card details
Spending summaries — daily and monthly cost totals, request counts, model names, and token counts per request
Proxy token — a unique identifier for routing your requests (format: cc_live_...)

3. What We Do NOT Collect

Your API keys (passthrough only, never stored)
The content of your prompts or AI responses
Your OpenClaw configuration files
IP addresses beyond standard server logs

4. How We Use Your Data

Spending enforcement — token counts and costs are recorded to enforce your daily and monthly caps
Loop and heartbeat detection — request metadata (model name, payload hash, timing) is analyzed in real-time to detect wasteful patterns; payload hashes are ephemeral and not stored
Account management — email and subscription status are used to manage your plan and proxy access
Alerts — if you configure Telegram, spending alerts are sent to your bot

5. Data Storage

Account and spending data is stored in Supabase (hosted in the US). Payment processing is handled by Stripe. We do not sell, share, or transfer your data to third parties except as required by these service providers to operate ClawCap.

6. Data Retention

Spending records are retained for the duration of your account. If you delete your account, all associated data (profile, spending history, proxy tokens) will be permanently deleted within 30 days.

7. Cookies

ClawCap does not use tracking cookies or third-party analytics. The setup page may use browser localStorage for session convenience only.

8. Your Rights

You can request access to, correction of, or deletion of your personal data at any time by emailing support@clawcap.co. If you are in the EU/EEA, you have additional rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.

9. Changes

We may update this policy from time to time. Material changes will be communicated via the email associated with your account. Continued use of ClawCap after changes constitutes acceptance.

10. Contact

For privacy questions or data requests, contact support@clawcap.co.