Legal
Privacy Policy
Effective date: April 24, 2026 — Last updated: April 24, 2026
1. Who we are
Klaw is operated by APPLYZ SAS, a French simplified joint-stock company (SAS) registered under SIREN 939 867 248, with its registered office at 60 Rue François 1er, 75008 Paris, France.
For any privacy-related question, contact us at: support@getklaw.ai
2. Data we collect
- Account data: your email address and display name, provided at registration.
- LLM API keys: keys you provide to connect your own AI models (Anthropic, OpenAI, xAI, Google). Stored encrypted — see section 4.
- Google connector tokens: OAuth access and refresh tokens for services you voluntarily connect (Gmail, Calendar, Drive, Sheets, Docs). Stored encrypted. Never shared with third parties.
- Chat history: conversation transcripts between you and your agent, stored on your agent's persistent volume on Fly.io.
- Billing data: subscription tier, billing status. Payment details (card number, etc.) are handled exclusively by Stripe — we never store them.
- Usage data: audit logs (actions performed, timestamps, IP addresses) for security and debugging purposes.
3. How we use your data
- Provide, operate, and maintain the Klaw service
- Process subscription payments via Stripe
- Send transactional emails (account confirmation, password reset, billing notifications) via Resend
- Detect and prevent abuse, fraud, or security incidents
- Improve the service (aggregate, anonymised usage analysis)
We do not sell your personal data. We do not use your data to train AI models.
4. Security
All sensitive data (API keys, OAuth tokens) is encrypted at rest before being stored. Each user's agent runs in an isolated environment — no shared storage between users.
As the operator of Klaw, APPLYZ SAS has administrative access to the infrastructure. We will never access your agent's data except when required to resolve a support issue you have explicitly requested, or when legally compelled.
5. Third-party sub-processors
We use the following categories of third-party service providers to operate Klaw:
| Category | Purpose |
|---|---|
| Cloud infrastructure | Database, application hosting, and agent execution environments |
| Payment processor | Subscription billing and payment management |
| Email delivery | Transactional emails (account, billing notifications) |
Some providers may process data outside the European Economic Area (EEA). Where this is the case, transfers are governed by appropriate safeguards including standard contractual clauses (SCCs) as required by GDPR.
6. Data retention
Your data is retained for as long as your account is active. When you delete an agent, its container, volume, and chat history are permanently destroyed. When you close your account, all personal data is deleted within 30 days, except where retention is required by law (e.g. billing records, which are kept for 10 years under French accounting law).
7. Your rights (GDPR)
If you are located in the European Union, you have the following rights:
- Right of access: request a copy of your personal data.
- Right of rectification: request correction of inaccurate data.
- Right of erasure: request deletion of your personal data.
- Right to portability: receive your data in a machine-readable format.
- Right to object: object to processing based on legitimate interest.
To exercise any of these rights, contact support@getklaw.ai. We will respond within 30 days.
You also have the right to lodge a complaint with the French data protection authority: CNIL — www.cnil.fr.
8. Cookies
Klaw uses strictly necessary cookies only (session authentication). No third-party tracking or advertising cookies are used.
9. Changes to this policy
We may update this policy from time to time. Material changes will be communicated by email. Continued use of the service after the effective date constitutes acceptance of the updated policy.
10. Contact
APPLYZ SAS
60 Rue François 1er, 75008 Paris, France
support@getklaw.ai