Legal / Privacy

Privacy Policy

This policy explains how Clawdbot handles information when it retrieves newsletter PDF attachments from Gmail, uses AI to rename and organize them, and imports their content into a searchable knowledge base.

EFFECTIVE DATE: JULY 11, 2026LAST UPDATED: JULY 11, 2026
Deployment notice: This policy is a product-ready template, but the operator must replace all highlighted placeholders and confirm that the described practices match the production implementation before publishing.
01

Scope and purpose

This Privacy Policy applies to Clawdbot and its automated briefing workflow (the “Service”). The purpose of the Service is to help users capture, organize, and retrieve information contained in newsletter PDF briefings that they receive through Gmail.

By connecting a Google account or otherwise using the Service, you acknowledge the practices described here. If you do not agree, do not connect an account or use the Service.

02

Information we collect and process

Depending on your configuration and use of Clawdbot, the Service may process the following categories of information:

Account and authorization dataYour name, email address, Google account identifier, OAuth tokens, granted permissions, and connection status.
Email dataMessage metadata such as sender, subject, date, message identifiers, labels, and the parts needed to locate relevant newsletters.
PDF and briefing contentPDF attachments, filenames, extracted text, document titles, publication dates, source names, topics, and generated organizational metadata.
Knowledge base dataContent, metadata, destination identifiers, and synchronization status used to import and maintain processed briefings.
Service and diagnostic dataConfiguration, processing status, error records, timestamps, and security or audit logs needed to operate and protect the Service.
CommunicationsInformation you provide when requesting support, exercising privacy rights, or contacting the Service operator.

Clawdbot is designed to process relevant newsletter messages and PDF attachments. The exact access scope must be disclosed in the Google authorization screen and should be limited to what is necessary for the configured workflow.

03

How we use information

We use information only as reasonably necessary to:

  • authenticate you, connect the accounts you authorize, and maintain those connections;
  • identify emails that match your configured newsletter or briefing workflow;
  • retrieve and process relevant PDF attachments;
  • extract document text and metadata and use AI to create meaningful filenames or organizational fields;
  • organize files and import their content into the knowledge base destination you configure;
  • prevent duplicate processing and report synchronization status;
  • operate, troubleshoot, secure, and improve the reliability of the Service;
  • respond to support, privacy, and data-deletion requests; and
  • comply with applicable law and enforce our terms.

We do not use Gmail message content or PDF content for advertising. We do not sell your personal information.

04

Google user data

When you connect Gmail, Clawdbot uses Google OAuth to request permission to access data needed for the workflow. Depending on the implementation and the permissions shown during authorization, this may include access to Gmail messages, metadata, and attachments.

Limited use

Clawdbot’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including its Limited Use requirements. Google user data is used to provide and improve user-facing features that are prominent in the Service, maintain security, and comply with applicable law.

Google user data will not be used for personalized advertising, sold, or transferred for advertising, creditworthiness, lending, or other purposes prohibited by Google policy. Human access to Google user data is limited to situations where you provide affirmative consent, it is necessary for security or abuse investigation, it is required by law, or the data has been aggregated and anonymized for internal operations where permitted.

Your control

You may revoke Clawdbot’s access at any time through your Google Account connections. Revoking access prevents future access but does not by itself delete data already processed or stored by Clawdbot or a connected knowledge base; see “Data deletion” below.

05

Storage and retention

Information may be stored in Clawdbot’s systems and in the storage or knowledge base services you configure. OAuth credentials should be encrypted at rest. Temporary PDF files and extracted content should be retained only as long as needed to complete processing, recover from errors, and meet the retention settings described to users.

Account configuration, synchronization records, and security logs may be kept while your account is active and for a limited period afterward for backup, fraud prevention, legal compliance, and service integrity. Content imported into a third-party knowledge base remains subject to that provider’s settings and retention policy.

Operator action required: Replace this paragraph with specific production retention periods for temporary files, extracted content, logs, backups, and deleted-account data before launch.

We may retain information longer where required by law, necessary to resolve disputes, or needed to enforce agreements. When retention is no longer necessary, information is deleted or anonymized using commercially reasonable methods.

06

Third-party services and disclosure

Clawdbot may share or transfer information only as needed to operate the requested workflow, including with:

  • Google: for authentication and access to the Gmail data you authorize;
  • AI processing providers: to analyze PDF text or metadata and generate filenames or organizational information;
  • knowledge base and storage providers: to import and store the content at your chosen destination;
  • infrastructure and security providers: for hosting, logging, monitoring, and protection of the Service;
  • professional advisers or authorities: where necessary to comply with law, protect rights and safety, or investigate misuse; and
  • a successor entity: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate notice and safeguards.

Service providers are authorized to process information only for contracted purposes and must protect it appropriately. The operator should publish or make available a current list of material subprocessors used in production.

07

Data security

We use reasonable administrative, technical, and organizational safeguards appropriate to the nature of the information processed. These may include encrypted transmission, encryption of credentials at rest, access controls, least-privilege permissions, secret management, logging, monitoring, dependency maintenance, and incident-response procedures.

No method of transmission or storage is completely secure. We cannot guarantee absolute security. If we become aware of a data incident, we will investigate and provide notices as required by applicable law.

08

Your privacy rights

Subject to your location and applicable law, you may have rights to request access to, correction of, deletion of, or a copy of your personal information; to object to or restrict certain processing; to withdraw consent; and to lodge a complaint with a data-protection authority.

To exercise a right, contact us using the information below. We may need to verify your identity and authority before fulfilling a request. Authorized agents may submit requests where permitted by law. We will respond within the timeframe required by applicable law.

09

Deleting your data

You may request deletion of Clawdbot account data and processed content by contacting us using the placeholder address below. Your request should identify the Google account connected to the Service and state whether you also want the Clawdbot connection disabled.

You should separately delete imported content from your connected knowledge base if it is not managed by Clawdbot, and revoke Google access through your Google Account connections. After a verified request, we will delete or de-identify information controlled by Clawdbot, subject to backup cycles and information we must retain for security, legal, or fraud-prevention purposes.

Operator action required: Before publishing, add the actual in-product deletion route or a dedicated data-deletion request URL, plus a concrete completion timeframe.
10

Children’s privacy

Clawdbot is not directed to children under 13, or the minimum age required to consent to data processing in their jurisdiction. We do not knowingly collect personal information from children. If you believe a child has provided information to the Service, contact us so we can investigate and delete it as appropriate.

11

Changes to this policy

We may update this Privacy Policy to reflect changes to the Service, our data practices, or legal requirements. We will post the revised policy with a new “Last updated” date. If a change materially affects your rights or how we use information, we will provide additional notice where required.

12

Contact us

For privacy questions, rights requests, or data-deletion requests, contact the operator of Clawdbot:

Operator/legal name: [REPLACE WITH OPERATOR LEGAL NAME]
Privacy email: [REPLACE WITH PRIVACY CONTACT EMAIL]
Privacy request page: [REPLACE WITH PRIVACY REQUEST URL, IF AVAILABLE]

These are intentional placeholders. Replace them with valid contact details before making this policy public.