Privacy Policy
1. Introduction and Scope
StoreClaw Inc. ("StoreClaw," "we," "our," or "us") is a Delaware corporation that operates an AI Agent platform designed for ecommerce sellers. This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you access or use our website, platform, mobile applications, Skills, Connectors, and related services (collectively, the "Services").
This Privacy Policy applies to:
- Business operators and ecommerce sellers who register for and use the StoreClaw platform ("Users");
- Visitors to our website at storeclaw.ai; and
- Any individual whose information we process in connection with providing the Services.
This Privacy Policy does not apply to the personal data of end-consumers that our Users collect through their own stores or platforms (e.g., their Shopify customers). In such cases, our Users are the data controllers, and StoreClaw acts as a service provider on their behalf pursuant to our Data Processing Agreement.
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Services.
2. Who We Are
StoreClaw Inc. is responsible for the personal information collected through the Services. Our registered address is:
StoreClaw Inc., 8 The Green, STE B, Dover, Delaware 19901, USA
For privacy-related inquiries, please contact us at: customer.support@storeclaw.ai
3. Information We Collect
3.1 Account and Identity Information
When you create an account, we collect:
- Email address and password (for direct registration);
- Third-party OAuth identifiers and linked email address when you register or log in via Google, Apple, or Facebook; and
- Contact information you choose to provide.
We use this information for account creation, identity verification, login authentication, and account management.
3.2 User-Generated Content and Input
When you use the AI Agent, we collect all text, prompts, and instructions you enter into conversations; files and attachments you upload; scheduled task instructions; and AI-generated outputs created in response to your instructions.
We use this information to power AI Agent functionality, generate responses, execute tasks, maintain session continuity, and display your task history.
Important: Your input content — including conversation messages and file contents — is transmitted to third-party AI providers acting as our service providers to generate responses. See Section 5.1 for details.
3.3 Third-Party Platform Connection Data
Our services allow you to connect third-party platforms ("Connectors") that you choose to enable. When you activate a Connector, we may access and process data from the authorized platform to provide the requested functionality.
The types of platforms that may be connected include, for example, e-commerce platforms, marketplaces, social media services, and communication tools. Depending on the Connector you enable, we may access data such as store information, product listings, orders, inventory, account content, engagement data, messages, and related communications data.
You can view and manage the specific Connectors you have enabled within your account settings. We only access data from platforms that you have explicitly authorized.
We use this data solely to perform the tasks you direct us to carry out on your behalf and do not use it for unrelated purposes.
Custom MCP Connectors: When you configure a Custom MCP Connector to an external server of your choosing, you act as an independent controller of any data transmitted to that server. StoreClaw functions solely as a technical conduit and does not participate in or control the data processing logic of any external server you configure. Server addresses and request headers (which may include API keys) you provide are collected only to execute your instructions.
API Key Security: Credentials you provide are encrypted at rest using AES-256 and in transit using TLS 1.2 or higher, and accessed only to the extent necessary to carry out your authorized tasks.
3.4 Device and Network Information
We automatically collect IP address, browser type and version, operating system, device identifiers, and log data (access times, pages visited, error logs). We use this information for security monitoring, fraud prevention, service stability, and audit logging.
3.5 Usage Data
We collect records of how you use the Services, including session history, Skills usage, Connector activity, scheduled task execution records, and file output history. We use this to provide session continuity and history display features, and may use aggregated, de-identified data for product improvement.
3.6 Payment Information
Payment processing is handled by our third-party payment processor. We do not store your full credit card number. We receive only the last four digits, transaction date, amount, and card type for billing and support purposes.
4. How We Use Your Information
| Purpose | Information Used | Basis |
|---|---|---|
| Account registration & authentication | Account & identity information | Contract performance |
| Providing AI Agent functionality | User input, connector data | Contract performance |
| Executing scheduled tasks & automations | Task instructions, connector data | Contract performance |
| Session continuity & history display | Session logs, usage data | Contract performance |
| Security & fraud prevention | Device & network info, usage data | Legitimate interests |
| Customer support | Account info, session context | Contract performance |
| Product improvement (aggregated only) | De-identified usage data | Legitimate interests |
| Legal compliance | As required by law | Legal obligation |
We will not use your personal information for purposes materially different from those described above without providing you prior notice and, where required, obtaining your consent.
5. How We Share Your Information
We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising. We disclose your information only as described below.
5.1 AI Service Providers
We use third-party service providers, including cloud infrastructure providers and artificial intelligence service providers, to operate our services.
When you use AI-powered features, your inputs may be transmitted to and processed by these service providers for the purpose of generating responses and delivering requested functionality.
We do not authorize these service providers to use your data for purposes other than providing services to us.
5.2 OAuth Login Providers
If you log in via Google, Apple, or Facebook, we exchange identity tokens with those platforms solely to authenticate you. We do not use information from these providers for advertising and do not share your StoreClaw data back to them.
5.3 User-Authorized Connectors
When you enable a Connector, we access the authorized platform data solely to carry out your instructions. We do not proactively transmit your data to those platforms beyond what is required to complete your authorized tasks.
5.4 Custom MCP Connectors
StoreClaw disclaims all responsibility for Custom MCP Connectors you configure. By connecting to an external server, you transmit data to systems outside StoreClaw's control. You are solely responsible for ensuring that your use of any Custom MCP Connector complies with applicable law and the terms of service of the external server operator. StoreClaw shall have no liability for any loss, damage, or breach arising from your use of Custom MCP Connectors.
5.5 Other Service Providers
We engage service providers for cloud hosting, analytics (aggregated data only), and customer support. All are bound by contractual data protection obligations consistent with this Privacy Policy.
5.6 Legal Requirements and Business Transfers
We may disclose your information: (a) when required by applicable law or court order; (b) to enforce our Terms of Service or protect our rights; (c) to prevent fraud or harm; or (d) in connection with a merger, acquisition, or asset sale, provided the acquiring entity is bound by obligations at least as protective as this Privacy Policy.
6. AI Model Training
We do not use your conversation data, uploaded files, or task instructions to train any AI model. Our AI service providers are contractually prohibited from using your data for model training. Your data is used solely to provide the Services to you.
If we decide in the future to use customer data for AI training, we will: (a) update this Privacy Policy and provide you prior notice; (b) operate any such program on an opt-in basis only; (c) provide a clear opt-in control in your account Settings; and (d) upon withdrawal of consent, exclude your historical data from future training datasets.
7. Data Retention
We retain your personal information only as long as necessary to fulfill the purposes in this Privacy Policy or as required by law.
| Data Category | Retention Period |
|---|---|
| Account information | Duration of your account, plus 30 days after deletion |
| Conversation sessions & file outputs | Duration of your account, or until you delete them |
| Scheduled task records | Duration of your account, or until you delete them |
| Connector config & credentials | Until you disconnect the Connector or delete your account |
| Device & network logs | 90 days from collection |
| System backup copies | Up to 90 days from deletion of the underlying data |
| Billing records | As required by applicable law (typically 7 years) |
Legal Hold: We may retain data beyond the periods above where required to comply with a legal obligation, establish or defend legal claims, or respond to a regulatory inquiry or preservation order. Data subject to a legal hold will be retained only for the duration required by the applicable legal requirement.
You may request deletion of your data or account at any time (see Section 8). We will purge or anonymize your personal information within 30 days of account deletion, subject to backup rotation and legal hold exceptions above.
8. Your Privacy Rights
You have the following rights with respect to your personal information:
| Right | Description |
|---|---|
| Access | Request a copy of the personal information we hold about you. |
| Correction | Request correction of inaccurate or incomplete information. |
| Deletion | Request deletion of your personal information, subject to legal hold and other exceptions. |
| Portability | Receive your data in a structured, machine-readable format. |
| Objection | Object to processing for direct marketing or based on legitimate interests. |
| Withdraw Consent | Where we rely on consent, withdraw it at any time without affecting prior processing. |
| Non-Discrimination | We will not discriminate against you for exercising your privacy rights. |
To exercise any right, contact us at customer.support@storeclaw.ai or through the Privacy Rights section of your account Settings. We will respond within 45 days. We may verify your identity before processing your request.
8.1 California Residents (CCPA / CPRA)
If you are a California resident, you additionally have the right to:
- Know the categories of personal information collected, the sources, our business purpose, and the categories of third parties with whom we share it; and
- Opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. We do not currently engage in such sales or sharing. If our practices change, we will provide a "Do Not Sell or Share My Personal Information" link on our website before doing so.
To submit a CCPA request, contact us at customer.support@storeclaw.ai.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit using TLS 1.2 or higher;
- Encryption of sensitive credentials at rest using AES-256;
- Access controls and least-privilege principles;
- Regular security assessments and vulnerability monitoring; and
- Incident response and breach notification procedures.
No method of electronic transmission or storage is 100% secure. In the event of a breach triggering notification obligations under applicable law, we will notify affected individuals and regulators as required.
10. Children's Privacy
The Services are intended solely for business operators aged 18 or older. We do not knowingly collect personal information from individuals under 18. If we learn we have done so, we will promptly delete it. Please contact us at customer.support@storeclaw.ai if you believe we have collected information from a minor.
11. Third-Party Links
The Services may contain links to or integrate with third-party platforms. This Privacy Policy does not apply to those services. We encourage you to review their privacy policies.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. For material changes, we will notify registered Users via email or in-product notification at least 14 days before the changes take effect and update the "Last Updated" date above. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.
13. Contact Us
| customer.support@storeclaw.ai | |
| StoreClaw Inc., Attn: Privacy Team, 8 The Green, STE B, Dover, Delaware 19901, USA | |
| Response Time | Within 45 days of receipt |