This Privacy Policy explains how IRON ADS LLC ("we", "us", "Company"), the operator of Claw4Growth, collects, uses, stores, and protects your personal data when you use our service at claw4growth.com.
IRON ADS LLC is incorporated in Delaware, USA (EIN 30-1388743), with registered address at 1207 Delaware Ave, Suite 2208, Wilmington, DE 19806.
If you are located in the European Economic Area (EEA) or United Kingdom, IRON ADS LLC acts as the data controller for your personal data.
1. Data We Collect
We collect the following categories of data:
Account data
- Email address and name (provided at registration via Supabase Auth)
- Billing information (processed by Stripe — we do not store card numbers)
- Subscription status and plan
Onboarding data
- Business name, industry, target audience, and other marketing context you provide during setup
Usage data
- Messages sent to your AI Operator via Telegram or dashboard
- Conversation history stored on your dedicated instance (volume)
- Agent session logs and actions taken on connected platforms
Third-party integration credentials
- OAuth tokens for connected platforms (Google, Meta, LinkedIn, etc.) — stored encrypted using AES-256-GCM
- API keys you optionally provide (stored encrypted)
- Telegram user ID for bot routing
Technical data
- IP address and browser type (via Vercel and Supabase infrastructure logs)
- Fly.io machine identifiers associated with your account
2. How We Use Your Data
We use your data to:
- Provision and operate your dedicated AI agent instance
- Process payments and manage your subscription
- Route messages between Telegram and your Operator
- Connect to third-party platforms on your behalf when you request actions
- Send service-related communications (billing, updates, security alerts)
- Diagnose technical issues and improve the service
- Comply with legal obligations
We do not sell your personal data. We do not use your data to train AI models without your explicit consent.
3. Legal Basis for Processing (EU/UK Users)
For users in the EEA and UK, our legal bases under GDPR are:
- Contract performance — processing necessary to provide the service you subscribed to
- Legitimate interests — security, fraud prevention, service improvement
- Legal obligation — compliance with applicable laws
- Consent — where you have given explicit consent (e.g., marketing communications)
4. Third-Party Service Providers
We share data with the following sub-processors to operate the service:
| Provider |
Purpose |
Data shared |
Location |
| Supabase |
Database, authentication |
Account data, instance config |
EU (Frankfurt) |
| Fly.io |
AI agent hosting |
Agent data, conversation history |
EU (Frankfurt) |
| Vercel |
Web hosting, API |
Request logs, IP |
USA / EU |
| Stripe |
Payment processing |
Email, billing data |
USA / EU |
| OpenRouter |
AI model routing |
Conversation content (prompts) |
USA |
| Composio |
Third-party app integrations |
OAuth tokens, API requests |
USA |
| Meta Platforms |
Facebook, Instagram, Meta Ads integration |
OAuth token, ad account data, page data (user-authorized) |
USA / EU |
| LinkedIn (Microsoft) |
LinkedIn profile and posting integration |
OAuth token, profile data, company page data (user-authorized) |
USA / EU |
| Telegram |
Messaging channel |
Telegram user ID, messages |
International |
Each provider is bound by their own privacy policy and, where applicable, data processing agreements with us. For EU/UK users, transfers to countries outside the EEA are covered by Standard Contractual Clauses (SCCs) or equivalent mechanisms.
5. Third-Party Platform Data
When you connect external platforms (Google, Meta, LinkedIn, etc.), your AI Operator accesses those platforms using the permissions you authorize via OAuth. This means:
- We access only the data and actions you explicitly authorize
- OAuth tokens are stored encrypted in our database
- You can revoke access at any time — from the Claw4Growth dashboard or directly from the third-party platform's security settings
- Your use of those platforms remains subject to their own privacy policies
Social media and advertising data
When you connect social media or advertising platforms (Meta, LinkedIn, X/Twitter, etc.), we may access:
- Profile information (name, profile picture, account identifiers)
- Page and company data you manage (posts, analytics, insights)
- Advertising data (campaigns, ad sets, performance metrics, spend)
This data is used solely to provide the Claw4Growth service to you. We do not:
- Aggregate, sell, or share your social media data with any third party for independent purposes
- Use social media data for surveillance, profiling, or recruitment purposes
- Retain social media data after you disconnect the platform — tokens and cached data are deleted immediately upon revocation
6. Data Retention
- Active accounts: Data retained for the duration of your subscription
- After cancellation: Account data retained for 30 days, then deleted
- Conversation history: Stored on your dedicated volume; deleted when your instance is removed
- Billing records: Retained for 7 years as required by applicable law
- Backups: May persist for up to 90 days in encrypted backup systems
You can request deletion of your data at any time by contacting us (see Section 9). Deletion requests are processed within 30 days.
7. Security
We implement appropriate technical and organizational measures to protect your data, including:
- AES-256-GCM encryption for all OAuth tokens and API keys at rest
- TLS encryption for all data in transit
- Encrypted volumes for agent instance data (Fly.io)
- Access controls limiting employee access to customer data
- Bearer token authentication for agent gateway communication
No system is 100% secure. In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law.
8. Cookies
Claw4Growth uses minimal cookies, limited to:
- Authentication cookies: Required to keep you logged in (Supabase session)
- Functional cookies: To remember your preferences
We do not use tracking cookies or third-party advertising cookies. Our landing pages do not set cookies.
9. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Restriction: Request that we limit processing of your data
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at hello@claw4growth.com. We will respond within 30 days. EU/UK users who are not satisfied with our response may lodge a complaint with their national data protection authority.
10. Children's Privacy
Claw4Growth is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, contact us immediately and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 14 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent version.
12. Contact & Data Requests
IRON ADS LLC
1207 Delaware Ave, Suite 2208
Wilmington, DE 19806, USA
EIN: 30-1388743
Privacy inquiries:
hello@claw4growth.com
Response time: within 30 days