CloudSwarm · privacy

What we collect, why, and for how long.

Good Ventures Lab Inc. operates the CloudSwarm platform. This policy describes what data the managed plane collects, how it is used, how long it is kept, and the rights you have over it.

Who is the controller

Good Ventures Lab Inc. (Canada) is the data controller for the CloudSwarm managed platform. Subprocessors (cloud infrastructure, authentication, observability, support tooling) act as processors under data-processing agreements that mirror our obligations to you.

What we collect

Account data. Name, email address, billing address, payment method reference (tokenized; we do not store raw card numbers), and optional company name. We use this to operate your account and invoice you.

Agent and run metadata. For each agent run: workspace ID, agent ID, skill names invoked, start and end timestamps, status (success, failure, approval-pending), token counts, cost in credits, and the signed receipt hash. We do not store the content of prompts or responses.

Credential references. The names of credentials stored in your workspace vault. Credential values are encrypted and not readable by CloudSwarm staff outside of a formal key-escrow process you explicitly authorize.

Support interactions. When you contact us, we retain the content of those conversations for the duration of the support relationship plus three years.

Marketing site. Standard server-side request logs (IP address, user agent, requested URL) retained 30 days. We do not run third-party advertising trackers on cloudswarm.app.

What we do not collect

We do not store the contents of agent prompts, instructions, or completions. We do not collect biometric data. We do not run advertising trackers. We do not sell or rent any user data to third parties.

Retention

Run metadata and receipts. Retained for the contractual window in your order form, default seven years. Exportable and deletable on request except where retention is mandated by law.

Account data. Retained for the duration of the account plus seven years after closure for tax and audit purposes.

Server logs. 30 days. Aggregated telemetry. 13 months. Support tickets. 3 years from resolution.

Sharing

We share with cloud infrastructure providers (currently Google Cloud Platform), the authentication provider (Clerk), and government bodies where required by lawful process. We do not sell. We do not share with marketing third parties.

Skill execution. When an agent invokes a skill that calls a third-party API on your behalf, the request payload is sent to that API. CloudSwarm does not retain a copy of that payload. The third-party API operates under its own data-handling policies, which you are responsible for evaluating.

Cross-border transfer. Data is processed in Canada and the United States by default. CanadianClaw customers receive a contractual guarantee that no data crosses the US border.

Your rights

You may access, correct, export, or delete your personal data by writing to [email protected]. We respond within 30 days. EU residents have rights under GDPR. California residents have rights under CCPA/CPRA. Canadian residents have rights under PIPEDA. We honor all of them.

Updates

Material changes are announced on the changelog and emailed to billing contacts at least 30 days in advance.

Questions: [email protected].

Last updated 2026-04-26.