Privacy Policy
Effective date: March 10, 2026
1. Introduction
Claak Inc. ("Claak", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we retain it, and your rights regarding your data.
This policy applies to all users of the Claak platform at claak.io, including company administrators, employees, and contractors.
2. Information We Collect
2.1 Information You Provide
| Category | Data Points | Purpose |
|---|---|---|
| Account | Name, email address, account type | Authentication and account management |
| Company | Legal name, EIN, address, funding wallet address | KYB verification, payroll processing |
| Employee / Contractor | Name, wallet address, pay rate, tax classification | Payment processing, tax document generation |
| Payment | Amounts, recipient addresses, chain, token, invoice details | Transaction execution and recordkeeping |
| Wallet | Public blockchain addresses (never private keys) | Payment delivery and compliance screening |
2.2 Information Collected Automatically
| Category | Data Points | Purpose |
|---|---|---|
| Technical | IP address, browser type, device info, OS | Security, debugging, abuse prevention |
| Usage | Pages visited, features used, click patterns | Product improvement |
| Error Data | Error stack traces, performance metrics | Bug fixing and reliability (via Sentry) |
2.3 Information from Third Parties
- Privy: authentication data (email, linked wallets)
- Alchemy: blockchain transaction data and address metadata for compliance screening
- US Treasury: OFAC SDN list data for sanctions screening
3. How We Use Your Information
Contract Performance
Process payroll, execute payments, manage accounts, generate tax documents
Legal Obligation
Sanctions screening, SAR filing, tax reporting, recordkeeping (BSA/AML)
Legitimate Interest
Fraud prevention, platform security, product improvement, customer support
Consent
Marketing communications (if opted in), analytics cookies
4. On-Chain Privacy
How On-Chain Privacy Works
Claak uses the Railgun protocol to generate zero-knowledge proofs that shield payment amounts and sender/recipient relationships on public blockchains. This means that an external observer scanning the blockchain cannot determine how much was paid or who received it.
However: Claak maintains complete internal records of all transactions, including amounts, senders, recipients, and timestamps. On-chain privacy protects your data from public blockchain observers and competitors — it does not prevent Claak from maintaining required compliance and audit records. These records may be shared with law enforcement or regulatory authorities when required by law.
5. Data Sharing
We do not sell your personal data. We share information only in the following circumstances:
5.1 Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Privy | Authentication | Email, wallet addresses |
| Alchemy | Blockchain data, compliance | Wallet addresses, transaction queries |
| Sentry | Error monitoring | Error traces, device/browser info |
| HashiCorp Vault | Secrets management | None (self-hosted, stores only system credentials) |
5.2 Your Employer or Company
If you are an employee or contractor on the Platform, your employer/client company may access your payment records, wallet address, and tax information as necessary for payroll and compliance purposes.
5.3 Legal and Regulatory
We may disclose your information when required by law, subpoena, court order, or regulatory request, including to FinCEN (SAR filings), the IRS (tax reporting), and law enforcement agencies.
6. Data Retention
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Account data | Active account + 5 years | BSA/AML requirements |
| Transaction records | 5 years | BSA recordkeeping (31 CFR 1010.410) |
| Compliance screening results | 5 years | BSA/AML audit trail |
| Tax documents (W-2, 1099) | 7 years | IRS requirements |
| SAR filings | 5 years | BSA requirements |
| Technical/usage data | 90 days | Legitimate interest |
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Access
Request a copy of the personal data we hold about you
Correction
Request correction of inaccurate or incomplete data
Deletion
Request deletion of your data (subject to legal retention requirements)
Portability
Request your data in a structured, machine-readable format
Restriction
Request that we limit processing of your data in certain circumstances
Objection
Object to processing based on legitimate interest
Note: We cannot delete data that we are legally required to retain (transaction records, compliance screening results, tax documents). Deletion requests will be processed for all data not subject to mandatory retention periods.
To exercise any of these rights, contact us at privacy@claak.io. We will respond within 30 days.
8. Security
We implement industry-standard security measures to protect your data:
- Encryption in transit (TLS 1.3) and at rest
- System credentials stored in HashiCorp Vault with AppRole authentication
- Role-based access controls and audit logging for all administrative actions
- Automated sanctions screening with fail-closed error handling
- We never store user wallet private keys — users maintain full custody
No system is 100% secure. If you discover a security vulnerability, please report it to security@claak.io.
9. International Transfers
Claak is based in the United States. Your data may be processed and stored in the US, which may have different data protection laws than your jurisdiction. By using the Platform, you consent to the transfer of your data to the US. Where required (e.g., for EEA users), we will implement appropriate safeguards such as Standard Contractual Clauses.
10. Children
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice to registered users via email. The "Effective date" at the top of this page indicates when the policy was last revised.
12. Contact
For privacy-related inquiries or to exercise your rights: