This Privacy Policy describes how Cheapclaws ("we," "us," or "our") collects, uses, and protects your personal information when you use our platform and services.
1. Information We Collect
Account information:
- Email address (used for passwordless authentication via magic link)
- Session tokens (JWT via NextAuth)
Instance configuration:
- Bot name, persona, channel settings, and other configuration you provide through the setup wizard
- Encrypted secrets (LLM API keys, channel bot tokens, Tailscale auth keys) — encrypted at rest using AES-256-GCM
Payment information:
- Stripe customer and subscription IDs (payment metadata only — we never receive or store credit card numbers)
Usage data:
- Analytics data collected via Google Analytics (GA4) on our marketing site
2. Information We Do Not Collect
- Message content: User conversations flow directly from the channel platform (Telegram, Discord, Slack, etc.) to your instance to your LLM provider. Cheapclaws infrastructure never intercepts, reads, or stores message content.
- Credit card numbers: All payment processing is handled entirely by Stripe Checkout. We never receive your card details.
3. How We Use Your Information
- Authentication: To verify your identity and manage your session
- Service delivery: To provision, configure, and operate your AI assistant instance
- Billing: To process payments and manage your subscription
- Support: To respond to your inquiries and provide technical assistance
4. Third-Party Services
We share data with the following service providers:
- Stripe — payment processing (receives your email and subscription data)
- Fly.io — instance hosting in US East (Virginia,
iad region); receives instance configuration as environment variables - Resend — transactional magic link emails for authentication
- Google Analytics — usage tracking on the marketing site
We do not sell your personal data to third parties.
5. Data Storage & Security
- Secrets (API keys, bot tokens) are encrypted at rest using AES-256-GCM. They are decrypted at provision time and injected as environment variables on your Fly.io machine.
- All infrastructure is hosted in the US East (Virginia) region via Fly.io.
- We implement reasonable technical and organizational measures to protect your data.
6. Data Lifecycle
- Active instance: Configuration and encrypted secrets are retained in our database for the duration of your subscription.
- Cancellation: At the end of your billing period, the Fly.io machine and volume are deleted, all secrets are removed from the database, and your instance is marked as deleted.
- Factory reset: Prior configuration and volume data are destroyed. A new setup wizard creates fresh configuration on the same subscription.
- Payment failure: Your instance is suspended (machine stopped) and secrets are retained. If the subscription is eventually canceled by Stripe, full deletion occurs.
7. Cookies & Tracking
We use the following cookies:
- Essential cookies: Authentication session cookies required for the platform to function
- Analytics cookies: Google Analytics (GA4) on the marketing site for understanding usage patterns
8. Your Rights
For EU residents (GDPR):
You have the right to access, rectify, erase, port, restrict processing, object to processing, and withdraw consent regarding your personal data.
For California residents (CCPA):
You have the right to know what personal information we collect, to request deletion of your data, to opt out of the sale of personal information (we do not sell your data), and to non-discrimination for exercising your rights.
To exercise any of these rights, contact us at privacy@cheapclaws.com.
9. International Data Transfers
Your data is processed and stored in the United States. If you are located outside the US, your data will be transferred to and processed in the US. By using our services, you consent to this transfer.
10. Children's Privacy
We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@cheapclaws.com and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on our website. Your continued use of the service after such notice constitutes acceptance of the updated policy.
12. Contact
For privacy-related inquiries, contact us at privacy@cheapclaws.com.
For general inquiries, contact us at contact@cheapclaws.com.