Effective: March 30, 2026
This policy explains what data we collect, how we use it, and your rights regarding that data. SixtyClaw is committed to data minimization — we collect only what is strictly necessary to provide the service. We do not sell your data or share it with advertising networks.
Account data: Your name, email address, and a bcrypt-hashed password.
Billing data: Stripe customer ID and subscription status. We never store card numbers — all payment data is handled exclusively by Stripe under PCI DSS Level 1 compliance.
Team data: Team name and membership records (which accounts belong to which team).
License data: License key, activated machine fingerprints, platform, and hostname for machine-limit enforcement.
Consent records: Timestamps of Terms of Service and Privacy Policy acceptance, and your marketing email preference.
SixtyClaw is local-first by design. We do not collect, transmit, or have access to: project files, source code, git repositories, AI conversation content, API keys (BYOK — keys are stored locally in the desktop app only), clipboard data, screen recordings, or keystroke data. Your work stays on your machine.
Your data is used exclusively for: account management and authentication; license key generation and machine-limit validation; billing and subscription management via Stripe; transactional emails via Resend (license key delivery, payment alerts, password resets, security notifications); marketing communications — only with your explicit opt-in consent; and product improvement through anonymized, aggregated usage analytics.
Stripe: Payment processing. PCI DSS Level 1 compliant. See stripe.com/privacy.
Resend: Transactional email delivery. See resend.com/legal/privacy-policy.
Railway: Application hosting in EU/US regions.
We do not use advertising networks, analytics trackers, or data brokers.
Transactional emails (license keys, payment confirmations, password resets, security alerts) are always sent — these are essential to the service and cannot be opted out of.
Marketing emails (product updates, feature announcements, promotional offers) are only sent if you explicitly opt in during signup. Every marketing email includes an unsubscribe link. You can change your preference at any time from your account settings.
We use a single session cookie (sixtyclaw-billing.session) for authentication purposes only. It is HttpOnly, SameSite=Lax, and Secure in production. We do not use third-party cookies, tracking pixels, or analytics cookies.
Account data is retained while your account is active. You can request account deletion at any time by contacting support. Billing records are retained for 7 years to comply with financial regulatory requirements. License activation logs are retained for 90 days after deactivation. Audit logs are retained for 1 year.
You have the right to: access your personal data; rectification of inaccurate data; erasure ("right to be forgotten"); data portability; object to processing; and withdraw consent at any time. To exercise any of these rights, email [email protected]. We respond within 30 days.
Passwords are hashed with bcrypt (cost factor 12). All connections use TLS 1.3. API keys are never transmitted to or stored on our servers. Database access is restricted and encrypted at rest. We conduct regular security audits to maintain the integrity of your data.
SixtyClaw is not intended for use by anyone under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
Our servers are hosted on Railway in the US and EU. If you are located in the European Union, your data may be processed in the United States under standard contractual clauses in compliance with GDPR requirements.
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days in advance. The effective date at the top of this page will be updated to reflect when the latest version took effect.
For privacy inquiries: [email protected]
For general support: [email protected]