Privacy Policy
Last updated: June 28, 2026
This Privacy Policy describes how SaaSClaw ("we", "us", "our") collects, uses, stores, and protects your personal information when you use SaaSClaw.ai ("the Service").
1. Information We Collect
Information You Provide
- Account information: email address, username, and password when you create an account
- Project content: code, configuration files, environment variables, and other files you upload or create through the Service
- Conversations: messages between you and the AI agent in the wizard and chat interfaces
- API keys: third-party LLM provider API keys you add to your account (stored encrypted)
- GitHub data: installation metadata when you connect a GitHub App (repository names, account names — not source code unless you explicitly ask the agent to work with it)
Information Collected Automatically
- Usage data: pages visited, features used, deploy history, and token usage statistics
- Server logs: IP address, user agent, request timestamps (retained for 30 days)
- Cookies: session cookies for authentication; no third-party tracking cookies
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide and operate the Service | Account info, project content, conversations, API keys |
| Process LLM requests on your behalf | Conversations, project files (sent to your chosen LLM provider) |
| Deploy and manage your applications | Project code, environment variables |
| Improve the Service | Aggregate usage statistics (not individual content) |
| Security and abuse prevention | Server logs, account activity |
| Communicate with you | Email address (for account notices only, never marketing) |
3. LLM Provider Data
When you use the AI agent, your prompts and relevant project context are sent to the LLM provider you've selected (Z.ai, OpenAI, Anthropic, or Groq). This is necessary for the Service to function. Each provider has their own privacy policy:
We do not send your data to any LLM provider you have not explicitly selected or configured.
4. Data Storage and Security
- Project data: stored on our infrastructure at the project level, accessible only to you and the agent
- API keys: encrypted at rest using Django's encrypted field storage
- Passwords: hashed using industry-standard algorithms (never stored in plaintext)
- Database: PostgreSQL, access-controlled
- Deploy logs: stored in MinIO object storage
- Server logs: retained for 30 days, then automatically purged
We implement reasonable technical and organizational measures to protect your data. However, no system is completely secure, and we cannot guarantee absolute security.
5. Data Sharing
We do not sell, rent, or trade your personal information. We share data only in the following circumstances:
- LLM providers: your prompts and project context are sent to your selected provider as described in Section 3
- GitHub: when you connect the GitHub App, we access repository metadata; source code is accessed only when you direct the agent to work with a specific repo
- Legal requirements: we may disclose data if required by law, court order, or governmental authority
- Service providers: infrastructure providers (hosting, CDN) as necessary to operate the Service, bound by confidentiality obligations
6. Your Rights
You have the right to:
- Access: view your personal data through the Service's UI
- Correction: update your account information at any time
- Deletion: delete your account and associated personal data. Project data and deployed applications will also be removed within 30 days
- Data export: export your project data and conversation history
- API key revocation: remove third-party API keys from your account at any time
- GitHub disconnection: uninstall the GitHub App to revoke our access to your repositories
To exercise any of these rights, contact us at privacy@saasclaw.ai.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Project files and code | Until project deletion + 30 days |
| Agent conversations | Until session deletion + 30 days |
| Deploy logs | Until project deletion + 30 days |
| API keys | Until you remove them |
| Server logs (IP, user agent) | 30 days |
| Token usage statistics | Until account deletion + 30 days |
8. Children's Privacy
The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
9. International Transfers
Your data may be processed on servers located in the United States. If you are accessing the Service from outside the US, your data may be transferred to and processed in the US. By using the Service, you consent to this transfer.
10. Security Incidents
In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of becoming aware of the breach, in accordance with applicable law.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. We may also send an email notification for significant changes.
12. Contact
For questions or concerns about this Privacy Policy or our data practices, contact us at privacy@saasclaw.ai.