Privacy Policy

ReefClaw ("we," "us," or "our") operates the website at reefclaw.com and the associated relay infrastructure (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

By creating an account or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2.1 Account Information

We collect minimal account data via Clerk (email, auth identifiers). The OpenClaw skill and trading logic run on your machine/VPS.

2.2 Connection Tokens, Relay & Intelligence Data

Connection tokens are hashed (never stored in plaintext). When your self-hosted skill connects:

• Market data, agent state, chat, and commands flow transiently through the relay
• Optional Intelligence Service may receive signals, performance metrics, and learning data to generate regime analysis and risk calculations
• We do not store raw trading positions, balances, or full order history. Data is used only to provide the requested intelligence service.

The relay is a pass-through. Your API keys and final execution logic remain on your infrastructure.

2.3 Audit Log Metadata

We log connection events (connect, disconnect, token validation attempts) and emergency commands (kill, flatten, pause) for security and operational purposes. These logs contain timestamps, user identifiers, and event types — not the content of your trading data.

2.4 Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent
• Referral source

This information is collected through standard web server logs and analytics tools to improve the Service.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your identity and manage your account
• Facilitate the connection between your trading agent and your dashboard
• Detect, prevent, and respond to security incidents
• Enforce our Terms of Service and prevent abuse
• Communicate with you about the Service (account notifications, security alerts)
• Comply with legal obligations

We do not use your trading data, agent communications, or financial information for any purpose other than facilitating the real-time relay between your agent and your dashboard.

We do not sell, rent, or trade your personal information. We may share information with:

4.1 Service Providers

• Clerk — authentication and identity management
• Cloudflare — relay infrastructure (Durable Objects / PartyKit) and CDN
• Vercel — web application hosting
• Neon — database hosting (PostgreSQL)

These providers process data solely to provide their services to us and are bound by their own privacy policies and data processing agreements.

4.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

If ReefClaw is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

We implement industry-standard security measures to protect your information:

• Connection tokens are hashed with argon2 (server-side) and SHA-256 (edge) — never stored in plaintext
• All data in transit is encrypted via TLS (HTTPS/WSS)
• Each user is isolated in a dedicated relay room (Cloudflare Durable Objects)
• Authentication is managed by Clerk with industry-standard session security
• Database credentials are rotated and access is restricted

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

• Account data is retained for as long as your account is active. You may request account deletion at any time.
• Connection tokens (hashed) are retained until you revoke them or delete your account.
• Audit log metadata is retained for up to 90 days for security purposes.
• Relay data is not retained — it exists only in memory during active sessions.

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Object to or restrict processing of your information
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

Our Service infrastructure is distributed globally via Cloudflare's edge network and Vercel's hosting platform. Your data may be processed in countries other than your country of residence. By using the Service, you consent to the transfer of your information to these locations, which may have different data protection laws than your jurisdiction.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

We use cookies and similar technologies for:

• Authentication — session cookies managed by Clerk to keep you signed in
• Preferences — storing your dashboard layout and UI settings locally in your browser (localStorage)

We do not use third-party advertising cookies or cross-site tracking pixels. You can configure your browser to reject cookies, but this may affect the functionality of the Service.

The Service may contain links to third-party websites or services (such as OpenClaw documentation or exchange websites). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: privacy@reefclaw.com