Privacy Policy.

We collect information in the following categories:

Account Information

• — Email address (required for account creation)
• — Name or organization name (optional)
• — Billing information (processed by our payment provider)

Usage Data

• — API request metadata (endpoint, timestamp, response code, latency)
• — Page credit consumption and billing events
• — Feature usage patterns (formats requested, extraction options)

Technical Data

• — IP address and approximate geolocation
• — User-Agent string and client SDK version
• — Error logs and stack traces (for debugging)

We use your information to:

• — Provide, maintain, and improve the webclaw service
• — Authenticate API requests and enforce rate limits
• — Process payments and manage subscriptions
• — Send service-critical communications (outages, security alerts, billing)
• — Detect and prevent abuse, fraud, and security incidents
• — Generate aggregate, anonymized usage analytics

We do not use your data for advertising. We do not sell, rent, or trade your personal information to third parties. Ever.

This is important, so we're explicit: when you use the webclaw API to extract content from a URL, here is exactly what happens:

• — We fetch the target URL, process the HTML, and return the extraction result to you
• — Extracted content may be cached for up to 1 hour to improve performance for repeated requests
• — We log the target URL, response status, and processing time for billing and debugging
• — We do NOT persistently store the full content of extracted pages beyond the cache window
• — We do NOT analyze, index, or use extracted content for any purpose other than serving your request

If you use LLM features (summarization, JSON extraction), your content is sent to the configured LLM provider (Ollama, OpenAI, or Anthropic) subject to their respective privacy policies. When self-hosting, you control which providers are used.

Our website (webclaw.io) uses minimal cookies:

• — Essential cookies — authentication session, CSRF protection. Required for the dashboard to function.
• — Analytics — we use privacy-focused analytics (no cross-site tracking, no fingerprinting). We collect page views and referrers in aggregate.

We do not use third-party advertising trackers, social media pixels, or cross-site tracking cookies. The API itself uses no cookies — authentication is via API key in the request header.

We use a limited set of third-party services to operate webclaw:

• — Stripe — payment processing. Stripe handles all payment card data. We never see or store your full card number.
• — Infrastructure providers — cloud hosting for API servers and proxy infrastructure.
• — LLM providers — when using LLM features, requests are sent to OpenAI or Anthropic APIs (or your self-hosted Ollama instance).
• — Transactional email — for account verification and billing notifications.

Each third-party service is bound by their own privacy policies and our data processing agreements.

• — Account data — retained while your account is active, deleted within 30 days of account closure
• — API request logs — retained for 90 days, then automatically purged
• — Extraction cache — maximum 1 hour, automatically evicted
• — Error logs — retained for 30 days
• — Billing records — retained for 7 years as required by tax law

You can request early deletion of your data at any time (see Your Rights below).

We implement industry-standard security measures including:

• — TLS 1.3 encryption for all API traffic
• — API keys hashed at rest (bcrypt)
• — Infrastructure-level firewalls and intrusion detection
• — Regular security audits and dependency scanning
• — Principle of least privilege for internal access
• — Encrypted backups with restricted access

No system is 100% secure. If we discover a data breach affecting your personal information, we will notify you and any applicable regulatory authorities within 72 hours.

Depending on your jurisdiction, you may have the following rights:

GDPR (EU/EEA)

• — Right of access — request a copy of your data
• — Right to rectification — correct inaccurate data
• — Right to erasure — request deletion of your data
• — Right to portability — receive your data in a structured format
• — Right to restrict or object to processing
• — Right to withdraw consent at any time

CCPA (California)

• — Right to know what personal information we collect
• — Right to delete your personal information
• — Right to opt-out of the sale of personal information (we don't sell data)
• — Right to non-discrimination for exercising your rights

To exercise any of these rights, email privacy@webclaw.io. We will respond within 30 days.

Our servers are located in the United States. If you are accessing webclaw from outside the US, your data may be transferred to and processed in the US.

For EU/EEA users, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission for lawful data transfers.

webclaw is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

The self-hosted version of webclaw runs entirely on your infrastructure. When self-hosting:

• — We collect no data from your self-hosted instance
• — No telemetry, no phone-home, no usage reporting
• — You are the data controller for all data processed by your instance
• — LLM provider connections are configured and controlled by you

This privacy policy applies only to our hosted services at api.webclaw.io and webclaw.io.

We may update this privacy policy from time to time. Material changes will be communicated via email to registered users at least 30 days before they take effect.

Non-material changes (clarifications, formatting) may be made without notice. The "Effective" date at the top always reflects the latest version.

For privacy-related questions or data requests:

• — Email: privacy@webclaw.io
• — General: hello@webclaw.io

We aim to respond to all privacy inquiries within 30 days.