ColdClaw

Legal

Privacy Policy

Last updated April 16, 2026

ColdClaw (“we”, “us”) provides an outbound automation engine. This policy explains what data we collect, how we store it, and what choices you have. We keep this short on purpose.

1. What we collect

When you sign up, we collect your name, work email, and (if you choose the BYOK plan) the API keys you supply for third-party services like Apollo, Groq, OpenAI, Lemlist, and ZeroBounce. When you launch campaigns, we process the lead data you import or source — names, roles, companies, public LinkedIn signals, and email addresses.

2. How we store secrets

BYOK API keys are encrypted server-side with AES-256-GCM using a per-tenant key derived via HKDF. Plaintext keys never persist to disk. Firestore rules block client SDK reads of the encrypted key collection entirely — only the server can decrypt them, and only at the moment they are needed to call a third-party API.

3. Tenant isolation

Every Firestore document is stamped with a tenant identifier. Every API route enforces tenant scoping at the request boundary. Two tenants cannot see each other’s leads, campaigns, scoring rules, templates, or activity logs.

4. What we share

We share data with a narrow set of processors required to operate the engine:

  • Firebase / Google Cloud (auth, Firestore, hosting)
  • Vercel (web hosting)
  • Stripe (billing, when payments go live)
  • The third-party providers you connect (Apollo, Lemlist, etc.)

We do not sell your data. We do not share lead data between tenants. We do not train models on your tenant’s data.

5. Retention

Lead, campaign, and pipeline data is retained while your account is active. You can request deletion at any time by contacting privacy@coldclaw.app. We honor deletion requests within 30 days, except where law requires us to retain billing or audit records.

6. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete the personal data we hold about you. Send a request to privacy@coldclaw.app and we will respond within 30 days.

7. Changes

If we materially change this policy we will email account owners and update the “Last updated” date above. Continued use of ColdClaw after a change constitutes acceptance.

8. Contact

Questions: privacy@coldclaw.app.