Clawpilot
Back

Privacy Policy

Last updated: June 2026

FR

1. Introduction

Clawpilot ("we", "us", "our") operates the Clawpilot platform (app.clawpilot.com), a social media management service for agencies and brands. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.

By using Clawpilot, you agree to the practices described in this policy. If you do not agree, please do not use the service.

2. Data Controller

Clawpilot is the data controller for personal data of its direct customers (registered platform users).

  • Trade name: CLAWPILOT
  • Company Registration: SIRET 95301986600029
  • Address: 59 Rue de Ponthieu, Bureau 326, 75008 Paris, France
  • Contact: legal@clawpilot.com

3. Our Role — Controller and Processor

Clawpilot operates in two distinct capacities depending on the data processed:

Data Controller

For platform user data (accounts, teams, subscription preferences).

Data Processor

For end-user data from connected social media accounts (messages, comments, audience demographics) processed on behalf of our customers. In this context, our customers (agencies and brands) remain the data controllers under GDPR.

4. Data We Collect

4.1 Account Data

  • Email address and name provided at registration
  • Authentication credentials (stored securely via Supabase Auth)
  • Organisation name and team member information

4.2 Connected Social Accounts (Facebook, Instagram)

  • OAuth access tokens required to access platform APIs on your behalf
  • Account identifiers (page IDs, account IDs)
  • Account names and profile metadata

Tokens are stored encrypted and are never shared with third parties beyond the platform APIs they authenticate against.

4.3 Social Media Content & Analytics

  • Posts, reels, stories and their engagement metrics (likes, comments, reach, impressions)
  • Account and page-level analytics and demographic data (age, gender, city, country breakdowns)
  • Meta advertising data (Facebook campaigns, ad sets, ads, spend, creatives)

This data belongs to you and your clients. It is processed solely to display insights, manage communications, and generate reports within the platform.

4.4 Messages & Comments

  • Direct messages (Facebook Messenger and Instagram Direct) exchanged with connected pages
  • Comments on connected page posts
  • Author identifiers and public usernames (as provided by the Meta API)

This data belongs to your audiences. It is processed on behalf of our customers (as data processor) and never used for any other purpose.

4.5 Usage Data

  • Log files, IP addresses, browser type, and access timestamps
  • Functional usage patterns for product improvement (no behavioural profiling)

6. What We Do Not Do

We do not sell your data, use it for advertising purposes, or share it with third parties for their own commercial use. We do not conduct behavioural profiling for targeting purposes.

7. Sub-processors & International Transfers

We rely on the following sub-processors to operate the platform:

ServicePurposeRegionTransfer Safeguard
SupabaseDatabase & authenticationEU (Frankfurt)
OVH SASApplication server hostingEU (France)
ResendTransactional emailEU
Meta PlatformsFacebook & Instagram APIsUSAEU-US DPF / SCCs
AnthropicAI summary generationUSAStandard Contractual Clauses

Transfers to the United States rely on Standard Contractual Clauses (SCCs) adopted by the European Commission and/or the EU-US Data Privacy Framework (DPF).

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate or incomplete data
  • Erasure:request deletion of your data ("right to be forgotten")
  • Portability: receive your data in a structured, machine-readable format
  • Restriction: request that we limit how we process your data
  • Objection: object to certain types of processing
  • Post-mortem instructions: define how your data should be handled after your death

To exercise any of these rights, email us at legal@clawpilot.com. We will respond within 30 days.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with the French data protection authority (CNIL) if you believe our processing of your personal data does not comply with applicable law.

CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
www.cnil.fr

10. Data Deletion Instructions

In compliance with Meta platform requirements, you may request deletion of data collected via Facebook or Instagram in two ways:

Via Clawpilot

  1. Sign in to your Clawpilot account
  2. Navigate to Settings → Security & Privacy
  3. Click "Delete my account and data"
  4. Confirm deletion — your data will be erased within 72 hours

Via Meta

  1. Go to Facebook Settings → Apps and Websites
  2. Find "Clawpilot" and revoke access
  3. Send a deletion request to legal@clawpilot.com specifying the Facebook or Instagram account ID

11. Cookies

We use strictly necessary cookies for authentication (session management). We do not use advertising or tracking cookies. No third-party analytics scripts are loaded on the platform.

12. Security

All data is encrypted in transit (TLS) and at rest. Our infrastructure is hosted in the European Union. Access to production systems is restricted to authorised personnel only. For full details of our security measures, see our Security page.

13. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page.

14. Contact

For any privacy-related questions or requests, contact us at: legal@clawpilot.com