Privacy Policy

ReefClaw ("we," "us," or "our") operates the website at reefclaw.com and the associated relay infrastructure (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

By creating an account or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2.1 Account Information

When you create an account, we collect information provided through our authentication provider (Clerk), which may include:

• Email address
• Name (if provided)
• Profile picture (if provided)
• Authentication identifiers

2.2 Connection Tokens

When you generate a connection token to link your trading agent, we store a cryptographic hash of the token (using argon2 and SHA-256). We never store your plaintext token. The token is displayed to you once at creation and cannot be recovered.

2.3 Relay Data (Transient)

When your trading agent connects to our relay, the following data passes through our infrastructure in real time:

• Market data (price ticks, candlestick data)
• Trade events (order submissions, fills, cancellations)
• Agent state information (mode, strategy, health metrics)
• Chat messages between you and your agent
• Commands you send (kill, flatten, pause, resume)

This data is transient — it flows through the relay in real time and is not persisted on our servers. The relay acts as a pass-through proxy. We do not store your trading data, positions, balances, or trade history.

2.4 Audit Log Metadata

We log connection events (connect, disconnect, token validation attempts) and emergency commands (kill, flatten, pause) for security and operational purposes. These logs contain timestamps, user identifiers, and event types — not the content of your trading data.

2.5 Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent
• Referral source

This information is collected through standard web server logs and analytics tools to improve the Service.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your identity and manage your account
• Facilitate the connection between your trading agent and your dashboard
• Detect, prevent, and respond to security incidents
• Enforce our Terms of Service and prevent abuse
• Communicate with you about the Service (account notifications, security alerts)
• Comply with legal obligations

We do not use your trading data, agent communications, or financial information for any purpose other than facilitating the real-time relay between your agent and your dashboard.

We do not sell, rent, or trade your personal information. We may share information with:

4.1 Service Providers

• Clerk — authentication and identity management
• Cloudflare — relay infrastructure (Durable Objects / PartyKit) and CDN
• Vercel — web application hosting
• Neon — database hosting (PostgreSQL)

These providers process data solely to provide their services to us and are bound by their own privacy policies and data processing agreements.

4.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

If ReefClaw is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

We implement industry-standard security measures to protect your information:

• Connection tokens are hashed with argon2 (server-side) and SHA-256 (edge) — never stored in plaintext
• All data in transit is encrypted via TLS (HTTPS/WSS)
• Each user is isolated in a dedicated relay room (Cloudflare Durable Objects)
• Authentication is managed by Clerk with industry-standard session security
• Database credentials are rotated and access is restricted

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

• Account data is retained for as long as your account is active. You may request account deletion at any time.
• Connection tokens (hashed) are retained until you revoke them or delete your account.
• Audit log metadata is retained for up to 90 days for security purposes.
• Relay data is not retained — it exists only in memory during active sessions.

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Object to or restrict processing of your information
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

Our Service infrastructure is distributed globally via Cloudflare's edge network and Vercel's hosting platform. Your data may be processed in countries other than your country of residence. By using the Service, you consent to the transfer of your information to these locations, which may have different data protection laws than your jurisdiction.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

We use cookies and similar technologies for:

• Authentication — session cookies managed by Clerk to keep you signed in
• Preferences — storing your dashboard layout and UI settings locally in your browser (localStorage)

We do not use third-party advertising cookies or cross-site tracking pixels. You can configure your browser to reject cookies, but this may affect the functionality of the Service.

The Service may contain links to third-party websites or services (such as OpenClaw documentation or exchange websites). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: privacy@reefclaw.com