Privacy Policy

Clawd.au ("we", "us", "our") is operated by GreenThread AI (ABN 66 692 174 244). We are committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

This policy explains how we collect, use, disclose, and store your personal information when you use the Clawd.au service.

We collect the following categories of personal information:

• Account information — your name, email address, and profile picture, obtained through configured sign-in providers (such as Google, GitHub, or Microsoft) or directly from you when you use magic link sign-in.
• Billing information — payment details (card number, billing address) collected and processed exclusively by Stripe. We do not store your full card details.
• Usage and analytics data — aggregate metrics such as message counts, token usage, plan limits, page views, and product interaction events used to operate the service, display your dashboard, and understand service performance.
• Agent conversation data — messages exchanged between you (or your connected channels) and your AI agent. This data is stored within your isolated tenant environment and is not copied into a central platform prompt log.
• Technical data — IP address, browser type, and access logs collected automatically for security and diagnostics.

We use your personal information to:

• Provision and operate your Clawd.au tenant and AI agent.
• Authenticate your identity and manage your account.
• Process payments and manage your subscription.
• Send transactional communications (e.g. billing receipts, service alerts).
• Monitor and improve the security, performance, and reliability of the service.
• Measure site traffic and product interaction trends using aggregated analytics.
• Comply with our legal obligations.

We do not sell your personal information and do not use it for advertising or profiling purposes.

We share personal information with the following third-party service providers, solely to operate the Clawd.au service:

All Clawd.au infrastructure — including databases, application servers, model serving, and tenant microVMs — is hosted in Sydney, Australia. Production workloads run in Equinix Sydney facilities, and each tenant receives an isolated microVM powered by KVM via Kata Containers.

By default, all AI inference and data processing occurs entirely within Australia. If you choose to configure an external model provider using your own API key, prompts sent to that provider may leave Australia depending on that provider's infrastructure.

We use a single session cookie to authenticate your login. This cookie is strictly necessary for the operation of the service and is httpOnly, secure, and same-site.

When enabled, we also use Google Analytics to measure aggregate traffic and interaction patterns across the website. We do not use advertising or remarketing trackers.

We retain your personal information for as long as you maintain an active account. Specifically:

• Account data is retained for the duration of your account plus 30 days after deletion to allow for account recovery.
• Conversation data stored within your tenant microVM is deleted when your tenant is deprovisioned.
• Billing records are retained for 7 years as required by Australian tax law.
• Server logs are retained for 90 days for security and diagnostic purposes.

We comply with the 13 Australian Privacy Principles set out in Schedule 1 of the Privacy Act 1988 (Cth). In particular:

• We only collect information that is reasonably necessary for the service (APP 3).
• We take reasonable steps to notify you of the collection of personal information (APP 5).
• We only use or disclose personal information for the purpose for which it was collected, or a directly related purpose (APP 6).
• Before disclosing personal information to overseas recipients, we ensure you are informed and consent where required (APP 8).
• We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access (APP 11).

Under Australian privacy law, you have the right to:

• Request access to the personal information we hold about you.
• Request correction of inaccurate or incomplete personal information.
• Request deletion of your account and associated personal data.
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.

To exercise any of these rights, contact us at the details below.

We may update this privacy policy from time to time. Material changes will be communicated via the email address associated with your account. Continued use of the service after changes constitutes acceptance of the updated policy.

If you have questions or concerns about this privacy policy or our handling of your personal information, please contact: