← Back to ClawdSniper

Legal · Privacy

Privacy Policy

Short version: we keep what we need to make the bot work, we don't sell anything to anyone, and most of the data flowing through Telegram never touches our servers in the first place.

What we collect

When you use the bot, the following land in our database:

  • Telegram user ID — the numeric one. That's how the bot knows which inbox to reply to. Your username and display name come along when you message us, and we update them as they change.
  • Wallet addresses — public addresses only. These are already on-chain anyway.
  • Encrypted private keys — when you generate a wallet through the bot, the key is encrypted before it's written. We hold the encrypted blob; the encryption is bound to your account so neither we nor an attacker who steals the database can read it without the runtime key.
  • Settings — your language, notification preferences, custom referral code.
  • Trade activity — entries, exits, amounts, transaction hashes. All of this is on the public chain anyway; we cache it so the bot can show you a portfolio without re-querying every chain on every tap.
  • Bot interactions — the messages you send to the bot and the messages it sends back. We use these to debug issues and to spot abuse. They're never used for advertising and they're never sold.

What we don't collect

  • Your real name, address, phone, email, or photo. The bot never asks.
  • Your Telegram messages with anyone other than the bot itself. We literally cannot see those — Telegram doesn't share them.
  • Browser fingerprints, ad-tracking cookies, social pixels. The marketing site uses Vercel Analytics, which counts page-views without identifying individuals — admin pages are exempt from even that.
  • The contents of your phone, your other apps, or anything outside the bot's chat thread.

Where it lives

Operational data sits in a Supabase Postgres database hosted on AWS in EU-central. Encrypted-key blobs live in the same database but in a separate column with stricter access. Backups run nightly and are retained for 30 days, encrypted at rest. The marketing site and admin panel run on DigitalOcean droplets in NYC.

Who can see it

Inside the team: a single admin user with the credentials needed to debug issues and respond to support requests. We don't have a marketing team running queries against your activity, and nobody outside the project has read access to the database.

Outside the team: nobody, except as required to deliver the service:

  • Telegram, when the bot sends or receives a message — they see message metadata.
  • The blockchain, when the bot signs a transaction — every signed transaction is permanently public on the chain. We don't control that.
  • Our infrastructure providers (Supabase, DigitalOcean, Cloudflare) — they store the bytes but don't read them. Industry-standard data-processing agreements are in place.
  • A regulator with a valid legal order, if one were to ever land. We've never received one. If we did, we'd push back where we could and notify you where the law lets us.

Cookies on the marketing site

We use first-party cookies for two things:

  • Theme preference — remembers your light/dark choice across sessions.
  • Vercel Analytics — first-party, non-identifying, used to count page-views by route. No third-party tracking, no cross-site cookies, no ad networks.

We don't show a cookie banner because we don't think the cookies we use require one under GDPR. If your local interpretation differs, the only meaningful action is to use private browsing — there's nothing for you to opt out of in our setup.

How long we keep things

  • Active wallet records — for as long as you use the bot. Indefinite.
  • Inactive wallets — kept for 90 days after your last interaction, then archived. Encrypted keys are deleted at archive time; addresses remain so chain explorers can still resolve historical transactions.
  • Bot dialogues — 180 days rolling window for support context, then auto-pruned.
  • Audit log — 12 months. Records who did what on the admin side, useful if there's ever a dispute.
  • Backups — 30 days, then overwritten.

Your data, your moves

  • You can export the encrypted private key for any wallet the bot generated, any time, from the bot menu.
  • You can ask us to delete your account. Send a message from the bot's support flow; we'll confirm and delete within 14 days. On-chain transactions stay on-chain — that's outside our control.
  • You can request a copy of everything we hold about you. Same channel, same timeline.
  • You can stop using the bot at any time. Just don't send messages. We'll auto-archive after 90 days of silence.

Changes to this policy

If we materially change what we collect or how we use it, we'll update the "last reviewed" date at the bottom and announce the change in the bot. Older versions of this policy stay accessible by request.

Questions

Privacy questions are best directed through the bot's support flow. If it's an urgent legal matter and you'd rather email a human, you can reach the project at the address listed in our Telegram bio.

ClawdSniper · Last reviewed April 2026