Privacy Policy

Last updated: February 6, 2026

1. Who We Are

IronClaw is operated by Fifth of Fifth Technologies ("Company", "we", "us"). This policy explains how we collect, use, and protect your information when you use our service at ironclaw.app.

2. Information We Collect

Information you provide:

  • Email address (for account creation and magic link authentication)
  • Name (optional, from your account profile)
  • Payment information (processed by Stripe; we do not store card details)
  • OpenAI API key (if using BYOK; stored encrypted with AES-256-GCM)
  • Channel credentials (e.g., bot tokens; stored encrypted)
  • Messages sent through the Service
  • Custom AI instructions

Information collected automatically:

  • Usage data (message counts, token usage, per day)
  • Log data (IP address, browser type, access times)

3. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate your account via magic link emails
  • To process payments and manage your subscription
  • To connect and relay messages across your configured channels
  • To track usage against your plan limits
  • To send service-related communications (e.g., billing alerts)
  • To respond to support requests

4. What We Do NOT Do

  • We do not sell your personal data
  • We do not use your messages or data to train AI models
  • We do not share your data with advertisers
  • We do not read your messages except as needed for technical support you request

5. Data Storage and Security

Your data is stored in Supabase (hosted on AWS). Sensitive credentials (API keys, channel tokens) are encrypted at rest using AES-256-GCM. Each account receives an isolated AI gateway on dedicated infrastructure. We use HTTPS for all data in transit.

6. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase — database and authentication
  • Stripe — payment processing
  • OpenAI — AI responses (messages are sent to OpenAI's API)
  • Fly.io — gateway infrastructure hosting
  • Vercel — application hosting

Each provider has its own privacy policy. We encourage you to review them.

7. Data Retention

We retain your account data and message history while your account is active. Upon account deletion, we remove your data within 30 days. Usage logs may be retained in anonymized form for analytics.

8. Your Rights

You may at any time:

  • Access your data through the dashboard
  • Delete your account and all associated data from Settings
  • Request a copy of your data by contacting us
  • Withdraw consent for non-essential processing

If you are in the EU/EEA, you have additional rights under GDPR including the right to rectification, portability, and to lodge a complaint with a supervisory authority.

9. Cookies

We use essential cookies only for authentication (session tokens). We do not use tracking cookies or third-party analytics cookies.

10. Children

The Service is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email. The "last updated" date at the top reflects the most recent revision.

12. Contact

For privacy questions or data requests, contact us at hello@ironclaw.app.