Privacy Policy
Clawback Labs
Last Updated: May 2026
1. Introduction
Clawback Labs ("Company," "we," "us," or "our") operates the website clawbacklabs.com and provides vendor invoice auditing services. This Privacy Policy explains how we collect, use, disclose, and otherwise handle your information when you use our service.
2. Information We Collect
Documents You Submit
When you request an audit, you provide:
- Vendor invoices (PDF, CSV, or Excel format)
- Signed vendor contracts
- Related billing documentation
Contact Information
- Email address
- Company name
- Contact person name (optional)
Website Information
- IP address
- Browser type
- Pages visited
- Time on site
- Referral source
3. How We Use Your Information
Primary Use
Your submitted documents are used solely to:
- Identify discrepancies between invoices and contracts
- Generate audit reports
- Provide evidence for vendor recovery discussions
Secondary Use
Contact information is used to:
- Deliver audit reports
- Respond to inquiries
- Send deletion confirmation
- Communicate about the engagement
What We Do NOT Do
- We do not use your documents to train or fine-tune AI models
- We do not share findings with third parties
- We do not retain documents after report delivery
- We do not use your data for marketing purposes
- We do not sell or trade your information
4. Data Processing Infrastructure
AWS Bedrock
- Documents are processed through isolated AWS Bedrock instances
- Processing occurs in secure, encrypted environments
- No data persists in logs or training datasets after processing
Encryption
- Data is encrypted in transit (HTTPS/TLS)
- Data is encrypted at rest on AWS infrastructure
- All file transfers use secure protocols
5. Data Retention & Deletion
Retention Timeline
- Documents are retained for processing only (maximum 48 hours)
- Report delivery completes the audit engagement
- All source documents are permanently deleted within 48 hours of report delivery
Deletion Confirmation
- You receive written confirmation of deletion via email
- Confirmation includes timestamp of deletion
- No copies are retained by the Company
Exception
- Audit reports are retained only if explicitly requested in writing by you
- Reports are treated as your property and deleted upon your request
6. Legal Basis for Processing
Contract
Your data is processed as necessary to fulfill the audit services you requested.
Consent
You explicitly consent to data processing by submitting documents for audit.
Legal Obligation
We may process data as required by law, regulation, or valid legal process.
7. GDPR Compliance
For EU residents and companies:
Your Rights
- Right to access your personal data
- Right to correction of inaccurate data
- Right to deletion ("right to be forgotten")
- Right to data portability
- Right to object to processing
Data Processing Agreement
A Data Processing Agreement (DPA) is available upon request.
International Data Transfers
If you are in the EU and we process data on US-based AWS infrastructure, appropriate safeguards are in place.
8. Subprocessors
AWS Bedrock
AWS acts as a data processor on our behalf. AWS maintains SOC 2 Type II compliance and is subject to standard AWS Terms of Service.
No Subcontracting
We do not subcontract document processing to any other parties.
9. Security Measures
Technical Safeguards
- End-to-end encryption for document transfers
- Secure AWS infrastructure with encryption at rest
- Isolated processing instances per engagement
- No persistent logs of document contents
Organizational Safeguards
- Single founder access to documents (no team members)
- NDA requirement before data access
- Manual review of all findings before delivery
- No automated data sharing or API access
Limitation
While we employ industry-standard security, no system is completely secure. We cannot guarantee absolute security.
10. Third-Party Services
Google Workspace
- Email is hosted on Google Workspace
- Your email communications are subject to Google's privacy policy
- We recommend reviewing Google's privacy controls
Porkbun
- Our domain DNS is managed through Porkbun
- IP and basic traffic information may be logged
- Subject to Porkbun's privacy policy
File Transfer (if applicable)
- If you use Google Drive or Dropbox for file transfer, those services' terms apply
- We recommend using password-protected links
11. Children's Privacy
Our service is not directed to individuals under 18. We do not knowingly collect information from minors.
12. Data Breach Notification
Commitment
If a breach of your personal data occurs, we will:
- Notify you within 30 days
- Describe the nature of the breach
- Explain steps we're taking to remediate
- Provide contact information
Legal Obligation
We comply with applicable breach notification laws.
13. Your Rights & Choices
Access
You can request access to documents we hold at nishanth@clawbacklabs.com
Correction
If information is inaccurate, request correction within 48 hours of submission
Deletion
You can request deletion of your data at any time (subject to legal retention requirements)
Opt-Out
You can decline the service at any time; we will delete all submitted documents
14. International Privacy Laws
GDPR (EU/EEA)
We comply with General Data Protection Regulation requirements.
CCPA (California)
For California residents, you have rights to access, delete, and opt-out of sale of personal information.
Other Jurisdictions
We comply with applicable privacy laws in your jurisdiction.
15. Contact & Complaints
Data Protection Officer
nishanth@clawbacklabs.com
Privacy Inquiries
Email any privacy questions or concerns to: nishanth@clawbacklabs.com
Supervisory Authority
If you believe we violate your privacy rights, you have the right to lodge a complaint with your local data protection authority.
16. Changes to This Policy
We may update this Privacy Policy periodically. Changes become effective when posted. Continued use of our service constitutes acceptance of changes.
17. Contact Information
Clawback Labs
Email: nishanth@clawbacklabs.com
Website: clawbacklabs.com
This Privacy Policy is provided for informational purposes. For legal advice, consult an attorney.