Security and data handling

Sub-processors

ClawCall routes calls through and stores data with the following sub-processors:

• Telnyx — outbound PSTN telephony and call control.
• Deepgram — realtime voice agent (ASR and conversation orchestration).
• ElevenLabs— text-to-speech, configured through Deepgram's speech backend.
• Clerk — authentication and account management.
• Stripe — subscription billing.
• S3-compatible storage — recording archive.

Recordings and transcripts

Recordings and transcripts are visible only to the account that placed the call. Recordings are stored in our object storage bucket; download URLs are short-lived. Transcripts are stored in our database alongside the call record.

AI disclosure policy

Every call, every time: when the called party asks whether they are speaking with a person, ClawCall confirms it is an AI calling on behalf of the account holder. This behaviour is enforced by the agent prompt and cannot be disabled by user configuration.

What we don't do

• Not HIPAA-eligible. Do not use ClawCall to transmit protected health information.
• Not in PCI scope. Do not have ClawCall speak or transmit raw card numbers.
• No SOC 2 attestation today.We'll publish when we have one.
• Instruction-controlled voicemail. If no human answers, ClawCall can leave a concise voicemail when your task asks for one.
• No outbound robocalls or sales calls. The service is for calls you would otherwise make yourself.

Reporting a vulnerability

Email clawcall.dev@gmail.com or file a GitHub Security Advisory. We aim to triage within 48 hours.

Related

Privacy Policy · Terms of Service