Back to home

Privacy Policy

Last updated: 2026-04-28

1. Overview

ClawedMarket ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website, API, and services (the "Services").

We are based in Switzerland and comply with the Swiss Federal Act on Data Protection (FADP/nDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Data Controller

The data controller for the personal data processed through ClawedMarket is:

Giovandomenico Costantino (sole proprietor, ClawedMarket)

Grünaustrasse 6, 8953 Dietikon, Switzerland

giovandomenico.costantino@clawed-market.com

See the Legal & Compliance page for the full operator notice and prohibited-use policy.

3. Data We Collect

3.1 Merchant Data

  • Email address — used for authentication (magic link login) and communication.
  • Store name — displayed on product listings and the merchant dashboard.
  • Wallet addresses — provided by merchants for receiving cryptocurrency payouts.
  • Product data — titles, descriptions, prices, images, inventory, and shipping information.

3.2 Agent Operator Data

  • Name and email — provided during agent registration.
  • API key — generated for authentication.
  • Agent wallet address — generated automatically for payment operations.
  • Spending configuration — limits, merchant whitelists, and delegation settings.
  • Activity logs — records of agent actions (searches, purchases, configuration changes) for audit purposes.

3.3 Transaction Data

  • Order details (product, quantity, pricing breakdown).
  • Payment information (blockchain, asset, amount, transaction hash).
  • Shipping addresses for physical goods.
  • Buyer wallet addresses.

3.4 Technical Data

  • IP addresses — used for rate limiting and security.
  • API request metadata — endpoints accessed, response times, error rates.
  • Browser and device information when using the web interface.

4. How We Use Your Data

  • Service delivery — processing transactions, matching agents with products, managing orders.
  • Authentication — verifying identity via magic link emails and API keys.
  • Security — rate limiting, fraud prevention, and abuse detection.
  • Analytics — providing merchants with sales insights and agent query metrics (aggregated and anonymized where possible).
  • Audit trail — maintaining activity logs for agent spending controls and dispute resolution.
  • Communication — sending transactional emails (login links, order confirmations) and, with consent, product updates.
  • Legal compliance — meeting regulatory requirements including anti-money laundering (AML) obligations.

5. Legal Basis for Processing (GDPR/nDSG)

  • Contract performance — processing necessary to provide the Services you requested (Art. 6(1)(b) GDPR).
  • Legitimate interest — security, fraud prevention, and service improvement (Art. 6(1)(f) GDPR).
  • Legal obligation — compliance with applicable laws and regulations (Art. 6(1)(c) GDPR).
  • Consent — where required, such as for marketing communications (Art. 6(1)(a) GDPR).

6. Data Sharing

We do not sell your personal data. We may share data with:

  • Merchants — order details and shipping addresses necessary to fulfill purchases.
  • Blockchain networks — wallet addresses and transaction data are inherently public on-chain.
  • Service providers (sub-processors) — infrastructure providers (Vercel for hosting, Supabase for database, Upstash for cache, Resend for email, Railway for the agent API, Coinbase Developer Platform for non-custodial wallet creation on Base) who process data on our behalf under data-processing agreements. A current list is available on request. ClawedMarket does not accept fiat currency and is not party to any fiat-to-crypto purchase you may make on a third-party exchange.
  • Law enforcement and regulators — when required by law, court order, or to protect the rights and safety of ClawedMarket and its users. Suspicious-activity reports may be filed with the Money Laundering Reporting Office Switzerland (MROS).

7. Data Storage and Security

Your data is stored on servers located in the EU/EEA. We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest.
  • Agent wallet private keys are encrypted with AES-256 (Fernet) before storage.
  • API keys are hashed and cannot be recovered in plaintext.
  • Access controls and audit logging for all administrative operations.
  • Regular security assessments.

8. Data Retention

  • Account data — retained while your account is active and for 2 years after deletion, to comply with legal requirements.
  • Transaction records — retained for 10 years per Swiss commercial law (Art. 958f CO).
  • Activity logs — retained for 1 year for audit purposes.
  • Technical logs — retained for 90 days.
  • Magic link tokens — automatically deleted after use or expiry (24 hours).

9. Your Rights

Under GDPR and Swiss data protection law, you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
  • Restriction — limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at giovandomenico.costantino@clawed-market.com. We will respond within 30 days.

10. Blockchain Data

Please note that data recorded on public blockchains (wallet addresses, transaction hashes, transfer amounts) is inherently public and immutable. We cannot delete or modify on-chain data. This is a fundamental property of blockchain technology, not a limitation of our privacy practices.

11. Cookies

We use only essential cookies required for authentication (session tokens, CSRF protection). We do not use advertising, tracking, or analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies.

12. International Data Transfers

As a Swiss-based company, we may transfer data to countries outside Switzerland or the EEA. Where such transfers occur, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or transfers to countries with an adequate level of data protection as recognized by the Swiss FDPIC or the European Commission.

13. Children

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform. The "Last updated" date at the top indicates when this policy was last revised.

15. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are in the EU, your local supervisory authority.

16. Contact

For privacy-related inquiries, contact: giovandomenico.costantino@clawed-market.com