1. Who we are
ClawTools is an open-source project developed and maintained by Arpit (GitHub: arpit0515). The software is available at github.com/arpit0515/claw-tools under the MIT license.
When we say "ClawTools", "we", "us", or "our" in this document, we mean the ClawTools open-source project and its maintainers.
2. The fundamental principle
ClawTools is self-hosted software. You download and run it on your own hardware (e.g. a Raspberry Pi, Linux server, or your own computer). This means:
- We have no servers that process your data
- We never receive your email or calendar content
- We never see your OAuth tokens or credentials
- We cannot access your data even if we wanted to
All data flows directly between your device and the third-party services you connect (Google, Microsoft). ClawTools is purely a local intermediary running on hardware you control.
3. Data we access on your behalf
When you connect Google or Microsoft accounts, ClawTools requests OAuth tokens that allow it to access the following data on your local device only:
| Scope / Permission | What it accesses | Why it's needed |
|---|---|---|
| gmail.readonly | Read Gmail messages and metadata | To list, search and summarise your emails for your AI agent |
| calendar.readonly | Read Google Calendar events | To fetch your schedule for morning briefings and planning |
| Microsoft Mail.Read | Read Outlook/Exchange email | Same as Gmail โ read-only access for your AI agent |
| Microsoft Calendars.Read | Read Outlook Calendar events | Same as Google Calendar โ schedule access for briefings |
We request read-only scopes only. ClawTools cannot send emails, create calendar events, delete data, or modify anything in your accounts. Ever.
4. How your credentials are stored
OAuth tokens are stored locally in the following location on your device:
~/.claw/tokens/google.json
~/.claw/tokens/microsoft.json
These files are owned by your user account on your device. We strongly recommend:
- Ensuring the token directory has permissions set to
700(owner read/write only) - Running ClawTools under a dedicated system user
- Enabling full-disk encryption on your device
Tokens are refreshed automatically and silently. Refresh tokens are stored alongside access tokens. You can revoke access at any time from your Google or Microsoft account settings.
5. What Google's data policies require us to disclose
ClawTools' use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- Data from Gmail APIs is used solely to display email summaries and content to you, the user who installed ClawTools
- Your email data is never transferred to third parties
- Your email data is never used for advertising or marketing purposes
- Your email data is never used to train AI or ML models
- Your email data is never sold or shared with data brokers
- Human access to your email content is not possible โ ClawTools has no human operators
ClawTools' use of Google user data is limited to the functionality described in this policy and the product itself.
6. Third-party services your data passes through
When your agent sends the results of tool calls to an LLM for summarisation, that data travels to whatever LLM provider you have configured (e.g. OpenRouter, Anthropic, Google Gemini, Groq). This is entirely your choice and is configured by you in the claw-setup-wizard.
You should review the privacy policies of whichever LLM provider you use:
ClawTools does not control, audit, or make any guarantees about how these providers handle data. We recommend using providers that offer zero-data-retention API plans for sensitive use cases.
7. Website analytics
The ClawTools website (clawtools.dev) does not use tracking cookies, third-party analytics, or advertising scripts. No personal data is collected when you visit this website.
Standard server access logs (IP address, request path, user agent) may be retained for up to 30 days for security and debugging purposes. These are never shared with third parties.
8. GitHub repository
The ClawTools source code is hosted on GitHub. If you interact with the repository (filing issues, submitting pull requests, leaving comments), your GitHub username and any content you post becomes visible to anyone on GitHub, subject to GitHub's Privacy Policy.
9. Children's privacy
ClawTools is a developer tool not intended for use by children under 13. We do not knowingly collect information from children. If you believe a child has used ClawTools to connect a Google or Microsoft account, you can revoke access via the respective account's security settings.
10. Changes to this policy
We may update this privacy policy from time to time. Changes will be posted at this URL with an updated effective date. For significant changes, we will post a notice in the GitHub repository. Continued use of ClawTools after changes constitutes acceptance of the updated policy.
11. Your rights
Since we hold no data about you, there is nothing for us to delete, export, or correct. To remove all data ClawTools has access to:
- Delete the token files:
rm -rf ~/.claw/tokens/ - Revoke Google access at myaccount.google.com/permissions
- Revoke Microsoft access at account.live.com/consent/Manage
If you are located in the EU/EEA, you have rights under GDPR. Since we process no personal data on our servers, those rights are exercised directly with Google and Microsoft, who act as data controllers for their respective services.
12. Contact
Questions about this policy? Open an issue on the GitHub repository or reach out via GitHub Discussions. We'll respond as quickly as we can.