Privacy Policy

Last updated: April 4, 2026

1. Who we are

Clawshift is operated by Dennis Rolea, Geffelbachstr. 1, 79576 Weil am Rhein, Germany ("we", "us", "our"). We are the data controller for the personal data collected through our website and services.

Contact: [email protected]

2. What data we collect

2.1 Account data

When you sign up, we collect your email address, name, and payment information (processed by Stripe).

2.2 Service data

When you use Clawshift, your AI agent processes data on your behalf, which may include:

Email messages and calendar events (if you connect these services)
Chat conversations with your AI agent
Files and documents you upload to your agent workspace
Integration data from connected tools (CRM, invoicing, etc.)

2.3 Usage data

We collect anonymized usage metrics: pages visited, features used, AI token consumption, and error logs. We use self-hosted analytics (Umami) that does not use cookies and does not track you across websites.

2.4 Payment data

Payment processing is handled entirely by Stripe. We do not store your credit card number, CVV, or full card details on our servers. See Stripe's Privacy Policy.

3. How we use your data

To provide and operate the Clawshift AI assistant service
To process your payments and manage your subscription
To send transactional emails (account confirmation, invoices, security alerts)
To improve our service (using anonymized, aggregated data only)

We do not use your data for advertising. We do not sell your data. We do not use your data to train AI models.

4. Where your data is stored

All data is stored on dedicated servers operated by Hetzner Online GmbH in the European Union. Your data never leaves the EU.

Server location: Hetzner data centers in Germany/Finland
Encryption at rest: AES-256-GCM with per-user encryption keys
Encryption in transit: TLS 1.3

5. Sub-processors

We use the following third-party services to operate Clawshift:

Hetzner Online GmbH (Germany) — Server hosting
Stripe, Inc. (USA, EU data processing) — Payment processing
Anthropic (USA) — AI model provider (API only, no training on your data)
OpenAI (USA) — AI model provider (API only, no training on your data)
Google (USA) — AI model provider (Gemini API only, no training on your data)
Cloudflare, Inc. (USA, EU data processing) — CDN, DNS, and security

AI model providers process your prompts and responses via their APIs. Per their API terms, this data is not used for model training.

6. Your rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

Access — Request a copy of all personal data we hold about you
Rectification — Correct inaccurate personal data
Erasure — Request deletion of your personal data ("right to be forgotten")
Data portability — Receive your data in a machine-readable format
Restriction — Restrict processing of your data
Objection — Object to processing based on legitimate interests
Withdraw consent — Where processing is based on consent

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

7. Data retention

Active accounts: Data retained while your account is active
After cancellation: Account data deleted within 30 days
After account deletion: All data (including agent workspace, conversations, and connected service data) permanently deleted within 7 days
Invoices and tax records: Retained for 10 years as required by German tax law (§ 147 AO)

8. Cookies

We use only strictly necessary cookies for authentication (session cookies). We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Our analytics tool (Umami) is cookieless.

9. Children

Clawshift is not intended for use by individuals under 16 years of age. We do not knowingly collect data from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email. The "Last updated" date at the top indicates the most recent revision.

11. Contact & complaints

If you have questions about this Privacy Policy or wish to exercise your rights:

Email: [email protected]

You also have the right to lodge a complaint with your local data protection authority. In Germany, this is the Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg.