Privacy Policy
Last updated: March 8, 2026
1. Overview
ClawSight ("we", "us", "the Service") is an open-source, real-time monitoring platform for autonomous AI agents. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. We are committed to collecting only what is necessary to operate the Service.
2. Data We Collect
Account Data
- Email address — collected during magic link authentication via Supabase. Used solely for login and account identification.
- User ID — a unique identifier assigned by Supabase. Used to associate you with your tenant and API keys.
API Keys
- Key hash — an Argon2 hash of your API key. The raw key is shown once at creation and never stored.
- Key prefix — the first 12 characters of your key, stored for identification purposes.
- Key name — a label you assign when creating a key.
Agent Data
- Agent ID and name — identifiers you assign to your agents via the SDK.
- Logs — text messages sent by your agents. Stored in server memory only (up to 50 per agent). Not persisted to a database.
- Metrics — cost, revenue, and token counts reported by your agents. Stored in server memory only.
- Status — the operational state of your agents (working, idle, error, killed, offline).
Connection Data
- Socket connection metadata — socket IDs, connection timestamps, and tenant room assignments. Used for real-time communication routing.
3. Data We Do Not Collect
- We do not use cookies for tracking or advertising
- We do not collect IP addresses for analytics
- We do not use third-party analytics or tracking scripts
- We do not sell, rent, or share your data with third parties
- We do not store raw API keys after initial creation
- We do not access the content or behavior of your AI agents beyond what they report via the SDK
4. How We Use Your Data
- Authentication — your email is used to send magic link login emails via Supabase
- Tenant isolation — your user ID is linked to a tenant to ensure you only see your own agents and keys
- Real-time monitoring — agent data is routed to your dashboard via WebSocket rooms scoped to your tenant
- Shared reports — when you generate a share link, a point-in-time snapshot of agent data is served at a public URL
5. Data Storage and Retention
| Data Type | Storage | Retention |
|---|---|---|
| Email, User ID | Supabase (PostgreSQL) | Until account deletion |
| API key hashes | Supabase (PostgreSQL) | Until key revocation |
| Agent logs & metrics | Server memory only | Until server restart |
| Shared report snapshots | Server memory only | Until server restart |
Agent data is ephemeral. It exists only in server memory during your session and is lost when the server restarts or redeploys. We do not maintain long-term logs of your agent activity.
6. Third-Party Services
We use the following third-party services:
- Supabase — authentication and database. Subject to Supabase's Privacy Policy.
- Render — hosting and deployment. Subject to Render's Privacy Policy.
7. Your Rights
You have the right to:
- Access — view all API keys and agent data associated with your account via the dashboard
- Delete — revoke API keys at any time through the dashboard. Agent data is automatically purged on disconnect or server restart
- Portability — the SDK sends data in standard JSON format; you control what your agents report
- Withdraw consent — stop using the Service at any time by revoking your keys and signing out
To request full account deletion, open an issue on our GitHub repository or contact the maintainers.
8. Security
We take reasonable measures to protect your data:
- API keys are hashed with Argon2 before storage
- Authentication uses Supabase's secure magic link flow
- WebSocket connections are authenticated and scoped to tenant rooms
- Agent data is isolated per tenant; cross-tenant access is not possible
No system is 100% secure. If you discover a vulnerability, please report it via our GitHub repository.
9. Children's Privacy
ClawSight is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance.
11. Contact
For privacy-related questions or requests, open an issue on our GitHub repository or reach out to the maintainers.