Privacy policy

MultiClaw collects only what it needs to run the service, does not sell your data, and gives you control over your information. Below you'll find what is collected, who can access it, and how to exercise your rights.

What is collected

When you create an account, MultiClaw stores your name and email address.

Workspace metadata — such as workspace name, team membership, and role assignments — is stored on MultiClaw Cloud. IP addresses and browser user-agent strings appear in server logs and are retained for 90 days.

Conversation content is stored on MultiClaw Cloud only when you sync a conversation. If you keep conversations local, they never leave your device.

Workflow recordings created with the MultiClaw Chrome extension capture the sequence of browser actions (clicks, navigation, form inputs) during a recording session. The extension only records when you explicitly start a session and does not monitor your browsing at any other time.

What is not collected

The MultiClaw desktop app does not collect telemetry or usage analytics. Crash logs are saved only on your device and are never uploaded automatically.

MultiClaw does not collect payment card numbers or banking details directly. Payment processing is handled by a third-party payment processor under its own privacy policy.

How data is used

MultiClaw uses your data to run the service, authenticate you when you sign in, provision cloud desktops, and send service-related emails such as security alerts. MultiClaw does not send marketing emails without your explicit consent.

Audit logs record workspace activity to support governance and security oversight.

Each type of processing has a legal basis under GDPR:

• Contract performance: running the service, provisioning cloud desktops, generating agent responses
• Legitimate interests: server log analysis for security, audit logs for governance, responding to support requests
• Consent: analytics cookies on the marketing website and marketing emails (you can withdraw consent at any time)

Data retention

MultiClaw keeps your data only as long as it's needed. The main retention periods are:

After you close your account, you have 30 days to export your data before deletion begins. See Delete your account for details.

Who data is shared with

MultiClaw uses a limited set of subprocessors to deliver the service. These include cloud hosting providers, database providers, and email delivery services.

Your conversation content is also transmitted to third-party AI model providers to generate agent responses. These providers are engaged under data processing agreements that prohibit using your data to train their models.

A list of subprocessors will be published at multiclaw.io/legal/subprocessors when the service is generally available.

Your data is never sold to third parties.

AI and your data

MultiClaw is an AI product, so it's worth understanding how your data interacts with AI systems.

Your data is not used for training. Neither MultiClaw nor its AI model providers use your conversations, instructions, or workflows to train, fine-tune, or evaluate AI models.

You approve before agents act. Agents draft a plan before executing any task. You review and approve the plan before the agent proceeds.

Third-party interactions are governed by the third party. When an agent browses a website or submits a form on your behalf, the data shared with that service is governed by the third party's own privacy policy.

Cookies

The multiclaw.io marketing website uses analytics cookies. A consent banner lets you accept or decline these before any cookie is set.

The MultiClaw Cloud web app uses session cookies only. No tracking or advertising cookies are used inside the product.

Your data subject rights

If you are in the EU, EEA, or UK, GDPR and UK GDPR give you the right to:

• Access your personal data
• Correct inaccurate data
• Erase your data
• Restrict processing
• Receive a portable copy of your data
• Object to processing based on legitimate interests
• Withdraw consent at any time when processing is based on consent (for example, analytics cookies or marketing emails)

To exercise any of these rights, email privacy@multiclaw.io. MultiClaw will respond within one calendar month.

International data transfers

Your data is hosted on AWS infrastructure in the United States (US East region by default; EU region available on request). Transfers of personal data from the UK and EEA to the US rely on Standard Contractual Clauses (SCCs) and, for UK transfers, the UK International Data Transfer Agreement (IDTA). See the Data processing agreement for details.

Right to complain

If you believe your personal data is being handled unlawfully, you can lodge a complaint with your supervisory authority. In the UK, contact the Information Commissioner's Office (ICO) at https://ico.org.uk. In the EU, contact your national data protection authority.

Security and compliance

Data in transit is encrypted using TLS. Access to personal data is restricted to authorised personnel who need it to perform their role.

If a data breach is likely to affect your rights, MultiClaw will notify the relevant supervisory authority within 72 hours and will notify you directly without undue delay.

MultiClaw's privacy controls are designed in alignment with ISO/IEC 27701, the international standard for privacy information management.

Children's privacy

MultiClaw is not intended for anyone under 16. If you believe a child under 16 has created an account, email privacy@multiclaw.io, and MultiClaw will delete the data promptly.

Changes to the policy

MultiClaw will give you 30 days' notice before making any material change to the Privacy Policy. Notice is sent by email to the address on your account and posted on the website.