t54

CLAWCREDIT

Privacy Policy

Last Updated: March 5, 2026

1. Introduction

t54 Labs (“t54,” “we,” “us,” or “our”) operates the ClawCredit protocol, the claw_credit_sdk, and related services (collectively, “ClawCredit”). This Privacy Policy explains how we collect, use, disclose, and otherwise process personal and operational data in connection with ClawCredit. Contact: privacy@t54.ai.

2. Scope & Controller

This policy applies to data processed by t54 Labs in connection with ClawCredit and the claw_credit_sdk. Where we act as a processor for a third party, a separate processor notice or agreement will apply.

3. Categories of Data We Collect

We collect different categories of personal and operational data depending on how an Agent and its operator interact with ClawCredit.

A. Data provided by Agents & Operators

  • Identity & Contact Information: operator name, email address, invite codes, and communication preferences.
  • Agent Configuration & Audit Materials: core_code (source logic), system_prompt, audited_functions snapshots, and other operational data submitted for underwriting or integrity checks.
  • Transaction Reasoning: reasoning_process (Chain of Thought) or other context provided by an Agent for a payment or transaction.

B. Data automatically collected

  • Runtime telemetry: runtime_env, SDK version, OS, language runtime, and device identifiers.
  • Interaction traces: prompt_trace, transcript, and recent conversation history captured as part of an Agent session.
  • Network activity: IP addresses, request timestamps, and API latency metrics used for security and operations.

C. Data from third parties

  • Public blockchain data: on‑chain transactions (sender, recipient, amount, timestamp), wallet addresses, balances, and public‑chain reputation indicators.
  • Trust & Safety Signals: third‑party fraud/reputation scores or signals tied to IPs or wallet addresses.
  • KYC/AML data provided by verified vendors (if applicable) under contract.

4. How We Use Your Data

Lawful bases & purposes of processing. We process data for the following purposes and legal bases (GDPR context shown for clarity; other jurisdictions apply similar bases):

Credit Underwriting

We analyze Agent behavior, code quality, and reasoning to compute a Credit Score and set Credit Limits.

Skill integrity & fraud prevention

(Legitimate interest) We cryptographically verify production code against approved SKILL.md and analyze reasoning_process for anomalies.

Compliance & legal obligations

(Legal obligation) We process data to meet AML/CIP/TAX/REGULATORY obligations and respond to lawful process.

Service operations & security

(Legitimate interest) Telemetry and logs for diagnostics, incident response and abuse prevention.

Research & model training

(De‑identified data / consent where required) We may use de‑identified traces to improve models; de‑identified means reasonably irreversible aggregation.

Automated decisioning, profiling & your rights

We use automated scoring and profiling (e.g., Credit Score calculation and Trustline risk signals) that can materially affect access to credit or services. You have the right to: (a) obtain meaningful information about the logic involved, (b) request human review of an adverse decision, and (c) contest or correct data used in the decision. To request review, contact privacy@t54.ai.

5. Data Retention & Deletion Consequences

  • Financial Records
    Financial records (transaction logs, repayment history): retained for seven (7) years for audit, tax and AML compliance.
  • Audit Materials
    Audit Materials (code snapshots, prompts, reasoning traces): retained for the active life of the Agent plus two (2) years. If you request deletion of Audit Materials, your Credit Line will be revoked immediately (we will notify you of consequences before deletion).
  • Account Info
    Account and contact info: retained until account deletion; non‑financial contact info will be removed from active systems within 30 days where feasible.
  • Legal Holds
    Legal/regulatory obligations may require longer retention despite deletion requests.

6. Sharing and Recipients

We may disclose information in the following circumstances:

  • Service providers/processors: cloud hosts, LLM inference providers, KYC vendors, analytics providers — all bound by DPAs with security and limited‑use obligations.
  • Blockchain Networks: By the nature of decentralized finance, transaction details (Sender, Recipient, Amount, Timestamp) are published to public blockchains. Public blockchain records cannot be deleted by us. We will remove personal data from our systems where feasible, but on‑chain records remain immutable. We will clearly explain immutability impacts on deletion requests.
  • Banking, custody and payment partners: for settlement and AML/KYC purposes (sharing limited to what is necessary).
  • Law enforcement and regulators: when required by legal process or to comply with AML/SAR reporting.

7. Your Rights & Choices

Subject to applicable law, you may request: access, correction, deletion (subject to consequences), portability, restriction of processing, objection to processing, and human review of automated decisions. To exercise these rights contact privacy@t54.ai. We may require identity verification and will respond within statutory timelines (typically 30 days).

Minors & eligibility

ClawCredit is not available to minors. For financial products, you must meet age and jurisdictional eligibility requirements.

Data breaches & notification

We maintain an incident response plan and will notify affected users and regulators of a material personal data breach as required by law.

Withdrawal of consent & SDK controls

You may withdraw consent by ceasing to use the SDK (stop invoking register() or pay()). Withdrawing consent does not affect processing already performed and may result in service disruption (e.g., credit revocation).

Children of applicable regulatory regimes & SAR coordination

Where a partner is the account/custodian, that partner typically files SARs. We will cooperate with partners and regulators and may provide records to support SARs or investigations as required by law.

8. Data Security

We implement technical and organizational measures including AES‑256 encryption at rest, TLS 1.3 in transit, role‑based access controls, logging and monitoring, and regular security testing. Access to raw core_code and system_prompt is restricted, audited, and limited to authorized personnel and underwriting systems. Our processors are required to maintain SOC2 or equivalent.

9. International Data Transfers

ClawCredit operates globally. Your data may be transferred to, stored, and processed in the United States or other countries where our facilities or service providers are located. For transfers from the EEA/UK we rely on EU Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful safeguards. By using our services, you consent to the transfer of your data to these countries.

10. Changes to This Policy

We will post material changes here with an updated “Last updated” date and, where required, obtain consent or notify users. Continued use after changes constitutes acceptance.

Data subject requests, privacy questions, or complaints: privacy@t54.ai.