Legal

Privacy Policy

How Claw Design collects, uses, shares, and protects information when you use the website and app.

Effective date: May 5, 2026

Introduction

Claw Design is a web workspace for buying usage credits, managing projects, and generating design work with AI-assisted tools. This Privacy Policy explains what information we collect, why we collect it, and how we protect it when you use claudedesign.cc, the app workspace, and related services.

By using Claw Design, you agree to the practices described in this policy.

Claw Design is independent and is not affiliated with, endorsed by, or sponsored by Anthropic.

Information we collect

We collect information needed to operate the product, keep accounts secure, process payments, and improve the service.

  • Account information, such as name, email address, password authentication state, profile image, and account identifiers.
  • Project and generation information, such as prompts, uploaded files, selected design settings, generated outputs, project history, and publishing state.
  • Usage information, such as pages visited, actions taken, feature usage, generation status, error logs, and service performance data.
  • Device and request information, such as browser type, operating system, IP address, referrer, timestamps, and approximate region.
  • Payment and billing information needed to process purchases, subscriptions, usage credits, receipts, refunds, fraud prevention, and tax or compliance records.
  • Cookie and local storage information used for login sessions, preferences, analytics, security, and product reliability.

How we use information

We use collected information to provide, maintain, and improve Claw Design.

  • Create and manage user accounts.
  • Operate the app workspace, project history, generation flow, billing, and credit balance.
  • Process payments and keep billing records.
  • Respond to support requests and product issues.
  • Detect abuse, unauthorized access, fraud, spam, and security incidents.
  • Improve product quality, reliability, user experience, and performance.
  • Comply with legal, accounting, tax, and regulatory obligations.

Generated content and publishing

Generated work is private by default inside your workspace. Publishing or sharing a generated output is a separate action that you choose.

If you publish or share an output, the published page or preview URL may be accessible to anyone who receives the link. You are responsible for reviewing generated content before sharing it.

Third-party services

Claw Design may use trusted third-party providers for hosting, authentication, storage, payments, analytics, email, AI model access, and security operations. These providers process information only as needed to provide their services to us.

Payment method details may be collected and processed directly by payment providers. Claw Design does not need to store full card numbers to operate normal billing flows.

Subprocessors

We rely on the following subprocessors to operate Claw Design. Each entry lists the provider, its role, and the primary processing region. We update this list when we add or remove a subprocessor.

  • Cloudflare (United States, global edge) — hosting, CDN, DNS, and DDoS protection for the website and app workspace.
  • Cloudflare D1 and R2 (United States, global edge) — primary database and object storage for projects, generations, and account data.
  • Stripe (United States) — payment processing, subscription management, refunds, and tax records.
  • Creem (United States) — alternative payment processing for selected regions and merchant-of-record billing.
  • Anthropic API (United States) — AI model inference for generation requests submitted from the app workspace.
  • Microsoft Clarity (United States) — product analytics, session replay, and heatmaps for the marketing site and app.
  • Google Analytics (United States) — aggregate traffic analytics for the marketing site.
  • Email delivery provider (United States) — transactional and account email such as sign-in links, billing receipts, and security notices.

Information sharing

We do not sell personal information. We may share information only in limited cases.

  • With the subprocessors listed above that help operate Claw Design.
  • When required by law, court order, subpoena, or lawful request.
  • To protect the rights, safety, property, or security of Claw Design, users, or the public.
  • In connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to reasonable confidentiality protections.
  • With your direction or consent, such as when you publish or share generated work.

Legal basis for processing (GDPR Article 6)

For users in the European Economic Area, the United Kingdom, and Switzerland, we process personal data only when we have a lawful basis to do so under GDPR Article 6.

  • Performance of a contract — to create your account, deliver the app workspace, run generations you request, fulfill paid plans and usage credits, and provide customer support.
  • Legitimate interests — to keep the service secure, prevent fraud and abuse, monitor reliability and performance, and improve product quality, where these interests are not overridden by your rights.
  • Compliance with a legal obligation — to keep billing, tax, accounting, and security records, and to respond to lawful requests from authorities.
  • Consent — for optional analytics, marketing communications, and any processing where consent is the most appropriate basis. You may withdraw consent at any time without affecting prior processing.

Your rights (GDPR and CCPA)

Depending on where you live, you may have rights under the GDPR, the UK GDPR, the California Consumer Privacy Act (CCPA / CPRA), or other applicable privacy laws. We honor these rights for all users where it is technically reasonable to do so.

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate or incomplete data.
  • Right to erasure — ask us to delete your account and associated data, subject to legal retention requirements.
  • Right to restrict or object to processing — including the right to object to processing based on legitimate interests and to opt out of profiling that produces legal or similarly significant effects.
  • Right to data portability — receive your data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent — for any processing based on consent, with no effect on prior lawful processing.
  • CCPA rights — the right to know what personal information is collected, used, shared, or sold; the right to delete personal information; the right to correct inaccurate personal information; the right to limit the use of sensitive personal information; and the right not to be discriminated against for exercising these rights. Claw Design does not sell personal information as defined by the CCPA.
  • Right not to be subject to solely automated decision-making that produces legal or similarly significant effects without human review.
  • To exercise any of these rights, email privacy@claudedesign.cc from the address on your account. We will respond within the timeframe required by applicable law (generally 30 days under GDPR and 45 days under CCPA). You also have the right to lodge a complaint with your local data protection authority.

Data storage and security

We use technical and organizational safeguards such as access controls, secure transport, limited permissions, and operational monitoring to protect information.

No internet service can guarantee absolute security. You are responsible for keeping your login credentials confidential and for using a secure device and network.

Data retention

We keep information only as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods are listed below.

  • Account information (profile, email, authentication state) — retained while the account is active and deleted within 30 days after the account is closed or deletion is requested.
  • Generated artifacts and project history (prompts, uploads, outputs, share links) — deleted within 30 days after the account is closed or the project is deleted, except where you have explicitly published a link that remains live.
  • Billing, payment, tax, and accounting records — retained for 7 years to meet financial, tax, and audit obligations, even after account deletion.
  • Server access logs, security logs, and abuse-detection records — retained for 90 days, then deleted or aggregated.
  • Email delivery logs (bounces, complaints, sign-in link audit) — retained for 90 days.
  • Backups — purged on a rolling 35-day cycle; deletion requests are honored on next backup rotation if the live data has already been deleted.

International data transfers

Claw Design operates from infrastructure located primarily in the United States and on Cloudflare's global edge network. If you access the service from the European Economic Area, the United Kingdom, Switzerland, or another region, your personal data may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home jurisdiction.

For transfers out of the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or an applicable adequacy decision, together with supplementary technical and organizational measures where appropriate.

Children

Claw Design is not intended for children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has provided information to us, contact privacy@claudedesign.cc and we will delete the data and close the account.

Changes to this policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a new effective date. Your continued use of Claw Design after an update means you accept the updated policy.

Privacy contact

For privacy questions, data subject access requests (DSARs), or to exercise any of the rights described above, email privacy@claudedesign.cc. For general support, email support@claudedesign.cc.