Privacy Policy

Effective date: June 2, 2026

This Privacy Policy describes how Crawdad Security ("we," "us," "our") handles information in connection with the Crawdad software and the getcrawdad.dev website (collectively, "the Service"). Contact: contact@getcrawdad.dev.

The short version

Your AI agent content stays on your machine.

All prompts, responses, tool-call arguments, and PII are inspected entirely on your device by a local proxy. Detection — all seven layers including ML inference — runs on-device. Content is stored only in local databases. It is never transmitted to Crawdad.

Usage and metering are measured locally and are never transmitted to Crawdad or any third party.

We collect your email address and plan selection when you sign up. Stripe handles payment data — we never see or store your card number. That is essentially the entire server-side collection.

There is one opt-in exception where content can leave your machine, described below.

The one exception: optional cloud LLM Judge

The L7 cloud LLM Judge is off by default. It is gated behind an explicit in-app warning and confirmation.

If — and only if — you explicitly enable a cloud backend for the L7 Judge, Crawdad sends up to ~2,000 characters of flagged content to your own configured LLM provider (e.g., Anthropic, OpenAI) for analysis. The content goes to that provider, not to Crawdad.

The recommended configuration is a local model (Ollama), which keeps everything on-device. When the Judge is disabled or uses a local backend, no content leaves your machine for analysis.

What the software does NOT transmit

The following never leaves your machine (subject only to the cloud-Judge exception above):

AI agent prompts, responses, or conversation content
Tool-call arguments or tool-call results
API keys, tokens, credentials, or authentication data
File contents accessed by your agents
MCP server request or response bodies
PII values detected by the pipeline (only category names appear in local logs, not the values)
Session recordings, session IDs, or session content
Usage or metering counts

What we collect when you sign up

When you sign up via the website or subscribe to a paid plan, we collect:

Email address — used to create your account and send install instructions.
Plan selection (Free, Pro, Team, Business, or Enterprise).

This data is stored in PostgreSQL on our gateway server (hosted on Railway). We also store a tenant ID (generated UUID), hashed API key (SHA-256 — the plaintext key is returned to you once at signup and is not stored), and timestamps.

Payment data

Payment processing is handled entirely by Stripe, Inc. We receive from Stripe via webhook: your email address, Stripe customer ID, and subscription plan. We do not receive or store your credit card number, CVV, or billing address. Stripe's privacy policy governs the handling of your payment information.

Outbound network calls the software makes

The sidecar makes the following outbound calls, and no others. You can verify against the running process using netstat, Little Snitch, or an equivalent tool.

Proxy pass-through. When your AI agent sends a request through the Crawdad proxy, the request is forwarded to the upstream LLM provider you configured (e.g., api.anthropic.com, api.openai.com). These requests are identical to what your agent would send without Crawdad — the request was going there anyway. Crawdad adds an x-crawdad-protected: true header; no content goes to Crawdad in this path.
Threat signature updates (approximately every 4 hours) from the Crawdad gateway. A GET request with no user data — only an ETag header for caching. Signatures are Ed25519-signed and verified before use.
Version checks against the Crawdad gateway (approximately every 24 hours). A GET request with no user data.
ML model & runtime download (once, on first run). Anonymous HTTPS GETs to the Cloudflare R2 CDN behind getcrawdad.dev. No account, device, or tenant identifier is attached. Files are SHA-256 verified. Suppress with CRAWDAD_ML_DISABLED=1.
License activation (when you activate a license). A GET request to the gateway with your email as a query parameter.
Remote control plane relay (opt-in — only active after you pair a phone via Settings → Connect Device). The sidecar maintains a WebSocket to the Crawdad relay and pushes AES-256-GCM encrypted state snapshots every 60 seconds. The relay sees only opaque ciphertext and random device IDs. It cannot decrypt the content, correlate devices to tenants, or identify fleet membership. Disconnect any paired device instantly from Settings → Paired Devices.
Fleet reporting (opt-in, OFF by default). If enabled, device-level posture metadata (security scores, detection counts, layer status, agent counts, policy hash) is sent to the fleet manager endpoint you configure. Never session content.
Crash reports (opt-in, OFF by default, double-gated — see below).
Cloud LLM Judge (opt-in, OFF by default — see above).

No other outbound calls are made by the sidecar.

Data stored locally

Crawdad stores data on your machine in a per-user directory (~/Library/Application Support/crawdad/ on macOS, ~/.local/share/crawdad/ on Linux). The directory is created with owner-only permissions (0700). Contents include:

sessions.db — session recordings, detection events, audit trail, agent identity data.
pending.db — blocked events awaiting user resolution.
audit.db — cryptographically chained audit log (SHA-256 Merkle chain).
Configuration files (config.json, protection_mode.json, ml_threshold.json, policy KDL files).
ML model and ONNX Runtime library (downloaded once, ~280 MB total).

This data is readable only by your user account. Crawdad does not encrypt the database files at rest; they rely on your operating system's disk encryption. You can delete all data by running the uninstaller with --purge or manually removing the directory.

Website

The getcrawdad.dev website is hosted on Cloudflare Workers. When you visit, Cloudflare collects standard access logs (IP address, user agent, request path, timestamp) per Cloudflare's retention defaults. We do not use analytics services, advertising, or retargeting pixels. The site loads fonts from Google Fonts (fonts.googleapis.com), which receives font-file requests with your IP address.

Third-party processors

Service	Purpose	Data received
Stripe	Payment processing	Email, subscription plan, payment method (card data handled by Stripe, never received by Crawdad)
Railway	Gateway hosting (PostgreSQL)	Signup email, plan, hashed API key, tenant ID, timestamps
Cloudflare	Website hosting, CDN	Standard web server logs (IP, user agent, path, timestamp)
Google Fonts	Font delivery	IP address, user agent (standard font-file request)
ntfy.sh	Founder signup notifications	Email, plan, tenant ID (sent to a non-guessable topic)
Sentry	Crash reports (gateway always, sidecar opt-in)	Stack traces, version, OS — aggressively scrubbed, no PII (see below)
User's LLM provider	Proxy pass-through + optional cloud Judge	User's own API requests (pass-through); up to ~2,000 chars if cloud Judge enabled

Crash reporting

Crawdad includes optional crash reporting via Sentry. On the sidecar, it is OFF by default and requires two gates:

A compile-time Sentry DSN baked into the binary (present in signed release builds).
You explicitly enable crash reports in Settings (telemetry.crash_reports_enabled).

When enabled, crash events are aggressively scrubbed before transmission: breadcrumbs cleared, user info removed, request context removed, strings truncated to 200 characters and replaced with [scrubbed] if they contain non-safe characters. send_default_pii is set to false. The gateway's Sentry instance runs with the same send_default_pii: false configuration.

Data retention

Account and subscription records: retained while the account is active, plus the period required by tax and accounting obligations after account closure.
Payment records at Stripe: per Stripe's retention policy.
Website access logs at Cloudflare: per Cloudflare's retention defaults.
Local software data (on your machine): stored until you delete it. We have no ability to access or delete it remotely.

Your rights

Depending on your jurisdiction, you may have rights regarding your personal information under laws such as the GDPR, CCPA, or similar frameworks. Because Crawdad stores your AI agent data locally on your machine, you have direct control over all software-side data. For the account-level data we hold (email, tenant ID, subscription records), you may:

Access: email contact@getcrawdad.dev and we will provide the data we hold about you.
Correction: email us to correct any inaccurate account information.
Deletion: email us to close your account; we will delete account data per the retention schedule above.
Withdraw consent for optional features (crash reports, fleet reporting, cloud Judge) at any time in the sidecar Settings — the change takes effect immediately.

International data

Account-level data may be processed in the United States where our infrastructure is hosted.

Children's privacy

Crawdad is a professional security tool not intended for use by children under 13. We do not knowingly collect personal information from children under 13.

Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top indicates the most recent revision. For material changes, we will notify account holders by email at least 30 days before the change takes effect.

Contact

Crawdad Security
contact@getcrawdad.dev
Governing law: New York, USA.