Privacy Policy

Last Updated: March 1, 2026

ClawOps LLC ("ClawOps," "we," "us," or "our") operates theclawops.com (the "Site") and provides AI-powered services, including the AI Voice Receptionist, ClawOps Shield Security Scanner, and custom Automation Services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, retain, and protect your information when you visit our Site or use our Services.

By using our Site or Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services. For questions, contact us at legal@theclawops.com.

1. Information We Collect

1.1 Information You Provide

We collect information that you provide directly, including:

• Name, email address, and phone number
• Company name, industry, and business details
• Billing and payment information (processed by Stripe; we do not store full card numbers)
• Project requirements, timelines, and budget information submitted through intake forms
• Any other information you voluntarily provide via contact forms, emails, or consultations

1.2 Voice Call Data

When you or your customers interact with our AI Voice Receptionist, we collect:

• Call recordings: Audio recordings of inbound and outbound calls handled by the AI system (where permitted by law and with required consent)
• Call transcripts: Automated text transcriptions of recorded calls
• Call metadata: Timestamps, call duration, caller ID, called number, and call disposition
• SMS and messaging content: Text messages sent and received through the platform, including missed-call text-back messages
• Scheduling data: Appointment details, availability, and booking confirmations
• Lead information: Caller-provided details captured during qualification (name, service needed, urgency, location)

1.3 Business and Account Information

For clients using our managed services, we collect:

• Business hours, service offerings, and pricing information (used to configure AI responses)
• Staff names, roles, and scheduling preferences
• CRM credentials and integration settings (encrypted at rest)
• Branding guidelines and preferred call scripts

1.4 Usage and Technical Data

We automatically collect when you visit our Site:

• IP address and approximate geographic location
• Browser type, version, and operating system
• Pages visited, time on page, and referral URLs
• Device identifiers and screen resolution

1.5 Shield Scanner Data

When using the ClawOps Shield scanner:

• Authentication data: Email address and (if using Google Sign-In) your Google profile name and picture, processed by Firebase Authentication
• Usage data: Scan counts, subscription tier, and plan limits, stored in Google Firestore
• Scan data: File scanning runs entirely client-side in your browser. Your files are never uploaded to or stored on ClawOps servers.

1.6 Cookies

We use essential cookies for site functionality and analytics cookies (Google Analytics) to understand visitor behavior. You can manage cookie preferences through your browser settings. For visitors in the European Economic Area, we obtain consent before placing non-essential cookies.

2. How We Use Your Information

We use collected information to:

• Deliver, operate, and maintain our Services, including AI Voice Receptionist call handling, lead qualification, and appointment scheduling
• Process voice calls and generate transcripts through our AI pipeline
• Respond to inquiries and provide customer support
• Process payments and manage billing
• Sync data with your CRM, practice management, or scheduling systems
• Improve our AI models, services, and site experience (using aggregated, de-identified data only)
• Send service-related communications (billing notices, maintenance alerts, feature updates)
• Send marketing communications (only with your consent, where required)
• Detect, prevent, and address fraud, abuse, and security issues
• Comply with legal obligations

3. How We Process Your Data

3.1 AI and Voice Processing

To deliver our AI Voice Receptionist and automation services, your data is processed through the following pipeline:

• Twilio: Handles telephony infrastructure, including call routing, recording, and SMS delivery. Twilio processes call audio and metadata on our behalf.
• OpenAI: Processes call transcripts and text for natural language understanding, response generation, and intent classification. We use the OpenAI API with data processing agreements in place. Your data is not used to train OpenAI's general models.
• Fly.io: Hosts our application infrastructure, including the AI orchestration layer that connects telephony with language processing.

3.2 Payment Processing

Stripe processes all payment transactions. ClawOps does not store your full credit card number. Stripe's privacy practices are governed by their own privacy policy.

3.3 Authentication and Storage

Google Firebase (Authentication and Firestore) manages user accounts and application data for the Shield scanner service.

4. Sub-Processors

We use the following sub-processors to deliver our Services:

Sub-Processor	Purpose	Data Processed
Twilio	Telephony, SMS, call recording	Call audio, metadata, phone numbers, SMS content
OpenAI	Natural language processing	Call transcripts, text content for AI analysis
Fly.io	Application hosting	Application data, API requests, logs
Stripe	Payment processing	Billing details, transaction data
Google Firebase	Authentication and data storage	Email, profile info, usage metrics
Google Analytics	Website analytics	IP address, browsing behavior, device info

All sub-processors are bound by data processing agreements that require them to protect your data and use it only for the purposes we specify.

5. Data Retention

We retain your data according to the following schedule:

Data Type	Retention Period
Call recordings (audio files)	90 days from the date of recording
Call transcripts	12 months from the date of recording
Call metadata (timestamps, duration, caller ID)	24 months
Lead and contact information	Duration of active service + 12 months
Account and billing information	Duration of active service + 7 years (tax/legal requirements)
Website analytics data	26 months (Google Analytics default)
Shield scanner usage data	Duration of active account + 6 months

When data reaches the end of its retention period, it is securely deleted or anonymized. You may request early deletion of your data at any time (see Section 8).

Custom retention schedules may be arranged for enterprise clients through your service agreement. Contact legal@theclawops.com to discuss.

6. Data Sharing and Disclosure

We do not sell your personal information. We share data only in the following circumstances:

• Sub-processors: As described in Section 4, to deliver the Services
• CRM and integrations: When you instruct us to sync data with your CRM, practice management, or scheduling platform
• Legal compliance: When required by law, subpoena, court order, or government request
• Protection of rights: To enforce our Terms, protect our rights or safety, or investigate potential violations
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
• With your consent: In any other situation where you explicitly authorize sharing

7. TCPA Disclosure

Our AI Voice Receptionist and automated messaging services may send automated text messages and make automated calls on behalf of our clients. By providing your phone number to a ClawOps-powered service, you may receive automated messages related to your inquiry, appointment, or service request. Standard messaging and data rates may apply.

Our clients are responsible for obtaining proper consent before enabling automated communications. We provide tools to help clients comply with the Telephone Consumer Protection Act (TCPA), FCC regulations, and applicable state telemarketing laws.

8. Your Rights

Regardless of your location, you may exercise the following rights by contacting legal@theclawops.com:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Request your data in a structured, machine-readable format
• Opt-out of marketing: Unsubscribe from marketing emails at any time using the link in any marketing email, or by contacting us

We will respond to verified requests within 30 days (or within the timeframe required by applicable law).

9. GDPR Rights (European Economic Area Residents)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation:

• Right to Restrict Processing: Request that we limit how we process your data in certain circumstances
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Bases for Processing

We process personal data under the following legal bases:

• Contract performance: Processing necessary to deliver the Services you have engaged us to provide
• Legitimate interests: Processing necessary for our legitimate business interests (improving services, fraud prevention, security), balanced against your rights
• Consent: Where you have given clear, informed consent (marketing communications, non-essential cookies)
• Legal obligation: Processing required to comply with applicable laws

International Data Transfers

Your data may be transferred to and processed in the United States. When we transfer data from the EEA, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all sub-processors
• Appropriate technical and organizational safeguards

10. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell or share (as defined by CCPA/CPRA) your personal information for cross-context behavioral advertising
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights

Categories of Information Collected

Category	Examples
Identifiers	Name, email, phone number, IP address
Commercial information	Service history, transaction records, billing details
Internet or network activity	Browsing history on our Site, interaction with our Services
Professional or employment information	Company name, job title, industry
Audio and electronic data	Call recordings, voicemail, chat transcripts
Inferences	Lead qualification scores, service preferences

Do Not Sell My Personal Information

ClawOps does not sell your personal information to third parties. We have not sold personal information in the preceding 12 months. If you wish to submit a "Do Not Sell" request, email legal@theclawops.com with the subject line "Do Not Sell My Personal Information."

To submit any CCPA/CPRA request, contact legal@theclawops.com. We will verify your identity before processing. You may also designate an authorized agent to submit requests on your behalf.

11. Data Security

We implement technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Access controls with role-based permissions and multi-factor authentication for administrative access
• Regular security assessments and vulnerability scanning
• Secure API connections with all third-party services
• Employee confidentiality obligations and security training
• Incident response procedures with notification within 72 hours of confirmed breaches (as required by GDPR)

No system is completely secure. While we implement commercially reasonable safeguards, we cannot guarantee absolute security of your data.

12. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without verified parental consent, we will take steps to delete it promptly. If you believe we have collected information from a child, please contact legal@theclawops.com.

13. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. There is currently no industry standard for responding to DNT signals. Our Site does not currently alter its behavior in response to DNT signals.

14. Healthcare Data (HIPAA)

For healthcare clients who use our Services to process protected health information (PHI), ClawOps will enter into a Business Associate Agreement (BAA) before any PHI is transmitted or processed. We do not process PHI without a signed BAA in place. Healthcare clients should contact legal@theclawops.com to initiate a BAA.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For material changes affecting active clients, we will provide advance notice via email. Your continued use of the Services after changes become effective constitutes acceptance.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

ClawOps LLC
Email: legal@theclawops.com
Website: theclawops.com

For GDPR-related inquiries, you may also contact your local data protection authority.

For CCPA requests, you may call or email us. We aim to respond to all requests within 30 days.