Privacy Policy

Effective Date: April 14, 2026 · Last Updated: April 14, 2026

Office Claws ("we," "us," or "our") operates the Office Claws desktop application and the website at officeclaws.com(together, the "Service"). This Privacy Policy explains what personal data we collect, how we use it, and the choices you have.

By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information— When you create an account or join our waitlist, we collect your email address.
  • Billing Information— When you subscribe to a paid plan, payment details (credit card number, billing address) are collected and processed by our third-party payment processor. We do not store full credit card numbers on our servers.
  • Support Communications— If you contact us for support, we retain the correspondence and any information you voluntarily provide.

1.2 Information Collected Automatically

  • Usage Telemetry— The desktop application may collect anonymous usage telemetry such as feature usage frequency, session duration, and error reports. This telemetry contains no personally identifiable information and can be disabled in the application settings.
  • Agent Status Metadata— We receive operational metadata about your agents (e.g., online/offline status, provisioning state). This does not include the content of your conversations or files.
  • Website Analytics— Our website may use cookies or similar technologies to collect standard log information and visitor behavior data (pages visited, referral source, browser type). See Section 7 for details.

1.3 Information We Do NOT Collect

Office Claws is designed with a local-first security architecture. The following data is never transmitted to or stored on our servers:

  • Your AI provider API keys (OpenAI, Anthropic, etc.) — these are stored locally on your device
  • Your agent conversations and chat messages
  • Files or data on your agent's VPS
  • Tailscale network traffic between your desktop app and your agents
  • Your DigitalOcean or Contabo resources (Self-Hosted plan users)

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process payments and manage your subscription
  • Send transactional communications (account confirmations, billing receipts, security alerts)
  • Send product updates and marketing communications (only with your consent; you may opt out at any time)
  • Monitor and improve application stability and performance
  • Respond to your support requests and provide customer service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

3. Legal Bases for Processing (EEA/UK Users)

If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

  • Contract— Processing necessary to provide the Service you subscribed to (Article 6(1)(b) GDPR).
  • Legitimate Interest— Processing for product improvement, security, and fraud prevention, where our interests do not override your fundamental rights (Article 6(1)(f) GDPR).
  • Consent— Processing based on your explicit consent, such as marketing emails or optional telemetry (Article 6(1)(a) GDPR). You may withdraw consent at any time.
  • Legal Obligation— Processing required to comply with applicable laws (Article 6(1)(c) GDPR).

4. Data Sharing and Third-Party Services

We do not sell your personal data. We share information only in the following circumstances:

4.1 Service Providers

We use trusted third-party providers to operate the Service. These providers process data on our behalf and are contractually bound to protect it:

  • Payment Processor— Processes subscription payments. Receives billing information necessary to complete transactions.
  • Infrastructure Providers— For Managed plan users, we provision VPS instances on cloud providers (e.g., DigitalOcean, Contabo) to run your agents.
  • Tailscale— Provides encrypted networking between your desktop app and your agent VPS. Tailscale handles network coordination; it does not have access to the contents of your traffic.
  • Email Service Provider— Sends transactional and, where you have opted in, marketing emails on our behalf.

4.2 Legal Requirements

We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to:

  • Comply with a legal obligation or valid legal process
  • Protect and defend our rights or property
  • Prevent fraud or protect the safety of users and the public

4.3 Business Transfers

If Office Claws is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

5. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

  • Account data is retained for the lifetime of your account and deleted within 30 days of account deletion, unless retention is required by law.
  • Billing recordsare retained as required by applicable tax and accounting laws (typically 5–7 years).
  • Usage telemetry is aggregated and anonymized. Raw telemetry data is deleted within 90 days of collection.
  • Support correspondence is retained for up to 2 years after resolution to provide continuity of service.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All connections between the desktop app and agent VPS instances are encrypted end-to-end via Tailscale (WireGuard-based).
  • API keys are stored exclusively on your local device and are never transmitted to our servers.
  • Each agent runs on an isolated VPS with no shared infrastructure between users.
  • Agent VPS instances have no public-facing ports; all access is via authenticated Tailscale tunnels.
  • We use encryption in transit (TLS) for all web and API communications.

While we take reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Cookies and Tracking Technologies

Our website may use the following types of cookies:

  • Essential Cookies— Required for the website to function (e.g., session management, language preference). These cannot be disabled.
  • Analytics Cookies— Help us understand how visitors interact with the website. You can opt out of analytics cookies through your browser settings or our cookie banner.

We do not use advertising cookies or third-party tracking pixels. We do not engage in cross-site tracking.

8. Your Rights

8.1 Rights Under GDPR (EEA/UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have the following rights:

  • Access— Request a copy of the personal data we hold about you.
  • Rectification— Request correction of inaccurate or incomplete data.
  • Erasure— Request deletion of your personal data ("right to be forgotten").
  • Restriction— Request that we restrict processing of your data in certain circumstances.
  • Portability— Request your data in a structured, commonly used, machine-readable format.
  • Objection— Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent— Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with your local data protection authority.

8.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know— Request details about the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the third parties with whom we share it.
  • Right to Delete— Request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale— We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" mechanism.
  • Right to Non-Discrimination— We will not discriminate against you for exercising your CCPA rights.

8.3 Exercising Your Rights

To exercise any of the above rights, contact us at privacy@officeclaws.com. We will respond within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. When we transfer personal data outside the EEA/UK, we ensure adequate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with an adequacy decision from the European Commission
  • Other appropriate safeguards as required by applicable data protection law

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at privacy@officeclaws.com and we will promptly delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, providing additional notice (such as an in-app notification or email).

We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: