Privacy Policy

1. Introduction

This Privacy Policy describes how AutoRev AI LLC, doing business as ClawTrust (“ClawTrust,” “we,” “us,” or “our”), collects, uses, and protects your personal information when you use our service at clawtrust.ai.

ClawTrust is a B2B SaaS platform that provides autonomous AI agents to businesses. We operate in two capacities:

• Data Processor: For data processed by your AI agent (emails sent/received, agent actions), we process this data on your behalf under your instruction.
• Data Controller: For account information, billing data, and website usage, we determine how this data is processed.

By using ClawTrust, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Data

When you create an account, we collect your email address and name through our authentication provider. This information is necessary to create and manage your account.

2.2 Billing Data

Payment processing is handled by a PCI-compliant third-party payment processor. We do not store credit card numbers or payment details. We only store a customer identifier and subscription status to manage your service tier and billing relationship.

2.3 Agent Configuration

You provide configuration data for your AI agent, including:

• Agent name and email address (@deskoperations.com)
• Email preferences and routing rules
• Service tier selection (Starter, Pro, or Enterprise)
• Integration settings (if enabled)

2.4 Agent Email Content

All emails sent to and from your agent's email address are stored in our database. This includes:

• Email headers (from, to, subject, date)
• Email body content (plaintext and HTML)
• Attachments (if any)
• Metadata (read status, thread IDs)

2.5 Usage Data

We collect data about how you and your agent use the service:

• API calls and requests to your agent
• Agent actions and tasks performed
• Login history and session data
• Error logs and debugging information
• Performance metrics

2.6 Technical Data

We automatically collect standard web analytics data:

• IP address
• Browser type and version
• Device type and operating system
• Pages visited and time spent
• Referral source

2.7 Cookies

We use essential cookies only:

• Authentication session cookies: Required for authentication and maintaining your logged-in state

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

3. How We Use Your Data

We use the collected information for the following purposes:

• Provide and operate the service: Deliver AI agent functionality, process emails, execute tasks
• Process payments: Manage subscriptions, billing cycles, and invoices
• Deliver agent email services: Route emails to/from your agent, store conversation history
• Monitor for abuse: Detect and prevent violations of our Acceptable Use Policy
• Send transactional emails: Account confirmations, receipts, service alerts, provisioning updates
• Improve service reliability: Debug errors, optimize performance, develop new features
• Ensure security: Protect against unauthorized access, fraud, and malicious activity
• Comply with legal obligations: Respond to law enforcement requests, enforce terms, maintain tax records

We do not use your data for marketing purposes without explicit opt-in consent.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for processing your personal data includes:

• Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the service you subscribed to
• Legitimate interests (Art. 6(1)(f) GDPR): Fraud prevention, security monitoring, service improvement, and business analytics
• Legal obligation (Art. 6(1)(c) GDPR): Tax record retention, compliance with law enforcement requests
• Consent (Art. 6(1)(a) GDPR): Marketing emails (opt-in only)

5. Data Sharing

We use third-party service providers to operate the Service, including providers for infrastructure hosting, database hosting, payment processing, email delivery, authentication, and background processing. These providers process data on our behalf under contractual obligations that require them to protect your data.

A detailed list of sub-processors and their roles is available upon request by emailing privacy@clawtrust.ai, or as part of our Data Processing Agreement at /dpa.

AI model providers accessed via our inference routing service may process prompt and completion data according to their own privacy policies. We route requests through a model aggregation service to provide flexibility while minimizing direct integrations.

6. Data Retention

We retain different types of data for varying periods:

• Account data: Retained for the duration of your subscription plus 90 days after termination
• Agent email content: User-controlled deletion available in the dashboard; automatically deleted 30 days after account termination
• Billing records: Retained for 7 years to comply with tax and accounting regulations
• Audit logs: Retained for 2 years for security and compliance purposes
• Server logs: Retained for 90 days for debugging and security monitoring

You may request deletion of your data at any time by contacting privacy@clawtrust.ai. We will delete your data within 30 days, except where retention is required by law.

7. International Data Transfers

ClawTrust is based in the United States. Your data is primarily stored and processed in the United States:

• Agent infrastructure: Hosted on dedicated servers in the United States
• Account and billing data: Processed in the United States

For customers in the European Economic Area (EEA), we ensure adequate protection for international transfers using:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Subprocessor agreements requiring equivalent data protection

For more details on data transfer safeguards, see our Data Processing Agreement at /dpa.

8. Your Rights

8.1 GDPR Rights (EU/EEA Residents)

If you are located in the European Economic Area, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure (“right to be forgotten”): Request deletion of your data
• Right to restriction of processing: Limit how we use your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Rights related to automated decision-making: Opt out of automated decisions with legal or significant effects (not currently applicable)

8.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know: Request disclosure of the categories and specific pieces of personal information we collect
• Right to delete: Request deletion of your personal information
• Right to opt-out of sale: We do not sell personal information
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

8.3 How to Exercise Your Rights

To exercise any of these rights, email us at privacy@clawtrust.ai with:

• Your full name and account email
• The specific right you wish to exercise
• Any additional details to help us locate your data

We will respond to your request within:

• 30 days for GDPR requests
• 45 days for CCPA requests (with possible 45-day extension if needed)

We may ask you to verify your identity before processing your request.

9. Data Security

We implement industry-standard security measures to protect your data:

• Encryption at rest: AES-256-GCM encryption for sensitive database fields
• Encryption in transit: Modern encryption protocols (TLS 1.2+, encrypted tunnels) for all network communication
• Zero-trust networking: Outbound-only encrypted tunnels for secure agent-to-control-plane communication
• Dedicated infrastructure: Each tenant receives a dedicated server (no shared compute)
• Secure authentication: Enterprise-grade identity management with session protection
• Rate limiting: Protection against brute force and abuse
• Security headers: CSP, HSTS, X-Frame-Options, and CSRF protection

For more details on our security architecture, visit clawtrust.ai/#security.

While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@clawtrust.ai, and we will delete such information from our systems.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the “Effective Date” at the top of this policy
• Notify you by email at least 30 days before the changes take effect
• For significant changes, request your explicit consent where required by law

Your continued use of the service after the effective date constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection inquiries specific to GDPR, you may also contact your local data protection authority.