Your Privacy, Our Priority
We collect the minimum data needed to operate claw.zip. Your prompts are never stored, logged, or used for training. Here's exactly what we do with your data.
// data collection
What We Collect
Only what's necessary to authenticate you and operate the proxy.
Email Address
Used for authentication via magic links. We never share your email with third parties or send marketing without consent.
Hashed Tokens
Session tokens and API key identifiers are stored as SHA-256 hashes. The original values are never persisted β even we can't see them.
Encrypted API Keys
Your upstream Anthropic keys are encrypted with AES-256-GCM before storage. Decrypted in memory only at request time, then immediately discarded.
Usage Metrics
Aggregate token counts and savings percentages. Never the content of your prompts or responses β only how many tokens were processed.
// data processing
How We Process Data
Your prompts pass through our proxy in memory and are never persisted.
In-Memory Processing
Prompts are compressed and forwarded in memory. After the response is returned, all request data is discarded. No logs, no storage, no retention.
Zero Content Logging
We do not log the content of your API requests or responses. Server logs contain only metadata: timestamps, status codes, and token counts.
No AI Training
Your data is never used to train, fine-tune, or improve any AI model. Not by us, and we use Anthropic's API settings that opt out of training on your behalf.
// third parties
Third-Party Services
Services that process your data as part of operating claw.zip.
Anthropic
Your prompts are forwarded to Anthropic's API using your own credentials. Subject to Anthropic's privacy policy and API terms.
Cloudflare
Our infrastructure runs on Cloudflare Workers and D1. Cloudflare processes network traffic and stores encrypted data on our behalf.
Resend
Magic link emails are sent via Resend. They receive only your email address and the authentication link content.
// your rights
Your Rights (GDPR)
If you're in the EU/EEA, you have the following rights under GDPR.
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Request correction of any inaccurate personal data.
Right to Erasure
Request deletion of your account and all associated data.
Right to Portability
Request your data in a structured, machine-readable format.
// retention
Data Retention
Account data is retained as long as your account is active. Magic link tokens expire after 15 minutes. Session tokens expire after 30 days. Deactivated API keys are soft-deleted and fully purged after 30 days. You can delete your account and all data at any time from the dashboard.
// cookies
Cookies
We use a single essential cookie for session authentication. No tracking cookies, no analytics cookies, no third-party cookies. The session cookie is HttpOnly, Secure, and SameSite=Strict.
// updates
Policy Updates
We'll notify you of material changes to this policy via email. Continued use of claw.zip after notification constitutes acceptance of the updated policy.
Last updated: February 2026
For privacy-related questions, contact us at privacy@claw.zip.