StockClaw AI (“we”, “us”) operates StockClaw, a service that turns financial news and market data into structured signals for your own watchlist. This page explains what information we collect, how we use it, and the choices you have.
StockClaw is an information and research tool. The signals, summaries, and AI-generated answers it produces are not financial advice, are not a recommendation to buy or sell any security, and must not be relied upon as the sole basis for an investment decision.
1. What we collect
a. Account identity
Your email address, display name, and profile photo URL — received from your identity provider (Google) or typed in directly (email magic-link sign-in).
A randomly-generated user id issued by our auth provider (Supabase) that we use internally to separate your data from other users'.
b. Content you create
The tickers you add to your watchlist, and derived search aliases (e.g. company names).
The Claw rules (natural-language alert definitions) you create.
Your chat history with Claw (query text, our response, retrieved signal ids, latency), stored so we can compute retrieval quality metrics and show you your own history.
Notification preferences (language, quiet hours, Telegram chat id if you link one, Web Push subscription keys if you enable browser notifications).
c. Generated data
Signals (news summaries, impact/confidence scores, per-agent breakdowns) that our five-agent pipeline produces by running against public news sources filtered by your watchlist.
Vector embeddings of those signals, stored locally for semantic search.
d. Technical logs
Standard web-server logs (IP address, user agent, timestamp, path) — kept for up to 30 days for debugging and abuse mitigation.
Application logs with no personally identifying information beyond the user id already mentioned.
We do not collect payment info, device contact lists, precise location, biometric data, or content from any service you haven't explicitly connected.
2. How we use it
To provide the service: match incoming news to your watchlist, produce signals, deliver them to your dashboard, Telegram chat (if linked), or browser (if subscribed).
To personalise results: ground Claw chat answers in your own signal history via retrieval-augmented generation.
To measure quality: aggregate metrics such as retrieval precision and notification open rate — always in aggregate, never published individually.
To comply with the law: respond to legitimate legal requests, investigate fraud, enforce our Terms.
We do not sell your data. We do not share your data with advertisers. We do not train any model on your private content.
3. Third parties that process your data on our behalf
Supabase (authentication + Postgres database + realtime). See their privacy policy.
OpenRouter / Anthropic — we send news article text plus your watchlist context to an AI model (Claude Sonnet 4.6 via OpenRouter) for summarisation. Chat queries go through the same path. OpenRouter's and Anthropic's retention policies apply.
Telegram Bot API — only if you link a Telegram chat id; we send signal summaries to that chat.
Web Push services (Google FCM, Mozilla autopush, Apple, etc.) — only if you enable browser notifications; they relay encrypted payloads to your device.
yfinance (Yahoo Finance) and other public news / data sources — we read from them; they do not receive your personal data.
Hosting provider for the backend (AWS/Railway/Vercel, depending on deployment) — receives standard web traffic metadata.
4. Where your data lives
Our primary database is hosted in Supabase's infrastructure (AWS region configurable per project). Vector embeddings for retrieval live on our application server's disk. Third-party processors may operate from different regions as disclosed in their own privacy policies.
5. Retention
Signals, watchlist entries, Claw rules, settings: kept until you delete them or your account.
Chat history: kept until you delete your account.
Web-server logs: up to 30 days.
On account deletion: all user-scoped rows are purged within 30 days (some aggregate, non-identifiable metrics may persist).
6. Your rights
You can, at any time:
Access your data through the app (Settings → Export my data — JSON export, planned).
Correct it by editing in the app.
Delete your account by emailing us at the support address below. We complete deletion within 30 days.
Unsubscribe from Telegram or browser notifications at any time from Settings.
If you are in the EU/UK, you additionally have the rights under GDPR to data portability, restriction of processing, and lodging a complaint with your supervisory authority.
7. Cookies and similar technologies
StockClaw uses one type of persistent client-side storage: your browser's localStorage to remember your sign-in token and a cache for the progressive-web-app shell. We do not use third-party analytics cookies.
8. Children
StockClaw is not intended for users under 18. We do not knowingly collect data from minors. If you believe we have, contact us to delete it.
9. Changes
We will update this page when we change our practices. Material changes will be announced via in-app notification and via Telegram to users who've linked a chat.
10. Contact
For privacy questions, data access requests, or account deletion: privacy@stockclaw.co