Privacy Policy
Last updated: 26 March 2026
Introduction
Clawd.au ("we", "us", "our") is operated by The IT Dept Pty Ltd (ABN 12 665 405 505). We are committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
This policy explains how we collect, use, disclose, and store your personal information when you use the Clawd.au service.
Information We Collect
We collect the following categories of personal information:
- Account information — your name, email address, and profile picture, obtained through Google or GitHub OAuth when you sign in.
- Billing information — payment details (card number, billing address) collected and processed exclusively by Stripe. We do not store your full card details.
- Usage data — aggregate metrics such as message counts, token usage, and plan limits to operate the service and display your dashboard.
- Agent conversation data — messages exchanged between you (or your connected channels) and your AI agent. This data is stored within your isolated tenant environment.
- Technical data — IP address, browser type, and access logs collected automatically for security and diagnostics.
How We Use Your Information
We use your personal information to:
- Provision and operate your Clawd.au tenant and AI agent.
- Authenticate your identity and manage your account.
- Process payments and manage your subscription.
- Send transactional communications (e.g. billing receipts, service alerts).
- Monitor and improve the security, performance, and reliability of the service.
- Comply with our legal obligations.
We do not sell your personal information and do not use it for advertising or profiling purposes.
Third-Party Processors
We share personal information with the following third-party service providers, solely to operate the Clawd.au service:
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, billing details |
| OAuth authentication | Email, name, profile picture | |
| GitHub | OAuth authentication | Email, username, profile picture |
| Anthropic (Claude) | AI inference (Pro & Max plans) | Conversation messages |
| OpenAI | AI inference (Pro & Max plans) | Conversation messages |
Lite plan users: All AI inference is performed locally in Australia using the open-source gpt-oss-120b model. Your conversation data never leaves Australian infrastructure.
Pro & Max plan users: Conversation messages may be sent to Anthropic and/or OpenAI for AI inference. These providers are based in the United States. By selecting a Pro or Max plan, you consent to this cross-border data transfer.
Data Sovereignty
All Clawd.au infrastructure — including databases, application servers, and tenant microVMs — is hosted in Sydney, Australia. Each tenant receives an isolated microVM powered by KVM via Kata Containers, ensuring strong workload isolation.
For Lite plan users, all data processing (including AI inference) occurs entirely within Australia. For Pro and Max plan users, conversation data may be transmitted to overseas AI providers (Anthropic and OpenAI) for inference as described above. All other data remains in Australia.
Cookies
We use a single session cookie to authenticate your login. This cookie is strictly necessary for the operation of the service and is httpOnly, secure, and same-site.
We do not use analytics cookies, advertising trackers, or any third-party tracking scripts.
Data Retention
We retain your personal information for as long as you maintain an active account. Specifically:
- Account data is retained for the duration of your account plus 30 days after deletion to allow for account recovery.
- Conversation data stored within your tenant microVM is deleted when your tenant is deprovisioned.
- Billing records are retained for 7 years as required by Australian tax law.
- Server logs are retained for 90 days for security and diagnostic purposes.
Australian Privacy Principles Compliance
We comply with the 13 Australian Privacy Principles set out in Schedule 1 of the Privacy Act 1988 (Cth). In particular:
- We only collect information that is reasonably necessary for the service (APP 3).
- We take reasonable steps to notify you of the collection of personal information (APP 5).
- We only use or disclose personal information for the purpose for which it was collected, or a directly related purpose (APP 6).
- Before disclosing personal information to overseas recipients, we ensure you are informed and consent where required (APP 8).
- We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access (APP 11).
Your Rights
Under Australian privacy law, you have the right to:
- Request access to the personal information we hold about you.
- Request correction of inaccurate or incomplete personal information.
- Request deletion of your account and associated personal data.
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.
To exercise any of these rights, contact us at the details below.
Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via the email address associated with your account. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions or concerns about this privacy policy or our handling of your personal information, please contact: