This Privacy Policy explains how Cogaid Solutions Private Limited("MakersFuel", "we", "us") collects, uses, shares, and protects personal data when you use the MakersFuel platform, the MakersClaw AI employee service, and related websites and APIs (together, the "Service"). It applies to users worldwide, including users in the European Economic Area (EEA), the United Kingdom, and California.

1. Data Controller

The controller of your personal data is Cogaid Solutions Private Limited, 8/1/1 Hardutt Rai Chamaria Road, Howrah, West Bengal 711101, India. For all privacy requests: [email protected].

1.1 EU/EEA Representative

Pursuant to Article 27 of the EU General Data Protection Regulation, our representative in the European Union for data subjects and supervisory authorities is:

Shreyans Kumar Bhansali
Liselotte Herrmann Strasse 38, 10407 Berlin
Germany
Email: [email protected]

EU/EEA data subjects may contact our EU representative in any official EU language in connection with the processing of their personal data by MakersFuel.

1.2 United Kingdom

MakersFuel does not currently maintain a dedicated UK representative under Article 27 of the UK GDPR. Until a UK representative is appointed, UK data subjects may contact us directly at [email protected] for data-subject requests. We will update this section as our UK presence expands.

1.3 Processing on behalf of business users

When a business or individual user hires a MakersClaw AI employee to interact with their own customers or end users on messaging channels such as Telegram, Discord, Slack, or WhatsApp, that user is the data controller for those end users' personal data, and MakersFuel acts as the data processor, processing that data solely on the user's instructions and for the purpose of operating the AI employee. Our Data Processing Addendum governs that relationship. If you are an end user whose data is being processed by a MakersClaw AI employee, please contact the user who operates the employee in the first instance; we will cooperate with them to address your request.

2. What data we collect

2.1 Information you provide

• Account data: name, email address, username, password hash (via Supabase Auth), avatar, profile metadata, and OAuth identifiers if you sign in with Google.
• Profile and content: posts, showcases, tribe memberships, messages, startup ideas, AI employee configurations, files you upload, and anything else you choose to post.
• Payment data: billing address, tax identifiers, and subscription details. Card data is entered directly with our payment processor (Paddle) and is not stored on our servers.
• Communications: support requests, feedback, and correspondence with us.

2.2 Information collected automatically

• Usage and device data: IP address, browser type, operating system, device identifiers, referring and exit pages, and timestamps.
• Cookies and similar technologies: see our Cookie Policy.
• Analytics: pseudonymous events from PostHog and Google Analytics (only if you consent to analytics cookies).
• Logs and telemetry: error logs, performance metrics, and security events used to operate the Service.

2.3 Information from third parties

If you sign in with Google, we receive basic profile information from Google in accordance with the permissions you grant. If you connect an AI employee to a messaging channel (such as Telegram, Discord, Slack, or WhatsApp), we receive the minimum identifiers needed to operate that integration.

3. How we use your data

We process personal data to:

• create and manage your account;
• provide, operate, and maintain MakersFuel and MakersClaw AI employees;
• process payments, manage subscriptions, and invoice you via Paddle;
• provide customer support and respond to your requests;
• secure the Service, prevent abuse, enforce our Terms, and comply with legal obligations;
• send transactional emails (for example account, billing, and service notices);
• with your consent, send product updates and marketing emails (you can unsubscribe at any time);
• analyze usage to improve the Service, fix bugs, and develop new features.

We do not use your content, prompts, AI employee memory, or AI outputs to train, fine-tune, or evaluate any machine learning model, and we do not sell or rent your personal data.

4. Legal bases (EEA/UK users)

If you are in the EEA or the United Kingdom, we rely on the following legal bases under Article 6(1) GDPR:

• Contract (Art. 6(1)(b)): to provide the Service you signed up for, including account management, billing, and AI employees.
• Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent fraud and abuse, analyze aggregate usage, and improve the product. We balance these interests against your rights.
• Consent (Art. 6(1)(a)): for optional analytics cookies, marketing emails, and any other processing that requires consent. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and other legal requirements.

5. Subprocessors and sharing

We share personal data with the following subprocessors, each of which is bound by contract to protect it and process it only on our instructions:

• Supabase Inc. — database, authentication, object storage, and realtime. Primary region: United States.
• Google Cloud Platform / GKE — compute infrastructure for MakersClaw AI employees and backend services.
• DigitalOcean — frontend hosting.
• Paddle.com Market Limited — Merchant of Record, payment processing, invoicing, tax compliance.
• Assistiv AI — AI backend for MakersFuel. Provides LLM access (multi-provider, OpenAI-compatible API), hosted MCP tools, and per-user wallet management. We share an anonymous user identifier (derived from your MakersFuel user ID), prompts, AI responses, and wallet balance data with Assistiv AI. Assistiv AI does not use your data for training and does not share it with third parties. Primary region: United States.
• Resend — transactional email delivery.
• Sanity.io — content management system for blog and documentation.
• PostHog — product analytics (only if you consent).
• Google Analytics — web analytics (only if you consent).

We may also disclose personal data (a) to comply with law, court orders, or lawful requests from public authorities; (b) to enforce our Terms, protect our rights, or investigate suspected abuse; and (c) to a successor entity in connection with a merger, acquisition, or sale of assets, subject to this Privacy Policy.

6. International transfers

Personal data is primarily hosted in the United States. Some subprocessors may process data in other regions. Where data is transferred from the EEA, UK, or other regions with data-export restrictions, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and supplementary measures as appropriate.

7. Retention

We retain personal data only for as long as we need it to provide the Service. Specifically:

• Active accounts: we retain your account data and content for the lifetime of your account.
• User-initiated deletion: when you delete your account or terminate a MakersClaw AI employee instance, the associated personal data and instance data are deleted immediately. There is no soft-delete or grace period. Backup copies are overwritten on our normal backup rotation.
• Payment failures: if a renewal payment fails, we retain your account and instance data for a 15-day grace period so you can update your payment method and resume the Service. If the payment is not resolved within 15 days, the account and any associated instances are deleted.
• Legal, tax, and accounting records: invoices, billing history, and records required to comply with tax, accounting, anti-fraud, or other legal obligations are retained for the period required by applicable law (typically 6–8 years under Indian tax law), regardless of account deletion.
• Audit and security logs: retained for a reasonable period for fraud prevention, dispute resolution, and security investigations.

8. Your rights

Subject to applicable law, you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate or incomplete data;
• Erase your data (right to be forgotten);
• Restrict or object to certain processing, including direct marketing;
• Portability: receive your data in a structured, commonly used, machine-readable format;
• Withdraw consent at any time where processing is based on consent;
• Lodge a complaint with your local data-protection supervisory authority.

To exercise any of these rights, email [email protected]. We will respond within the time limits set by applicable law, typically within 30 days.

9. California residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of the "sale" or "sharing" of personal information as defined under the CCPA/CPRA. We do not sell or share personal information as defined under California law. You may exercise your rights by emailing [email protected]. We will not discriminate against you for exercising your rights.

10. Security and breach notification

We implement technical and organizational measures appropriate to the risk of processing, including encryption in transit (TLS), encryption at rest for databases and storage, role-based access controls, row-level security policies, isolated per-tenant infrastructure for MakersClaw AI employees, regular backups, and access logging. No system is perfectly secure. If you become aware of a security issue, please contact [email protected] immediately.

In the event of a personal data breach likely to result in a risk to the rights and freedoms of data subjects, we will notify affected users and the relevant supervisory authorities without undue delay and, where required by law, within 72 hours of becoming aware of the breach, in accordance with Articles 33 and 34 of the GDPR and equivalent obligations under other applicable laws.

10a. Support communications

When you contact us at [email protected] or any other published address, we retain your message, any attachments, and our replies so we can handle your request, follow up, and improve support quality. Support correspondence is retained for as long as needed to resolve the matter and for a reasonable period thereafter for audit and training, and is deleted or anonymized on request subject to legal and accounting retention obligations.

11. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided personal data to us, please contact us and we will delete the data promptly.

12. Automated decision-making

We do not make decisions that produce legal or similarly significant effects about you through solely automated means. We operate automated systems for abuse detection, rate limiting, and security (for example, to flag suspicious sign-ups or payment activity), but any permanent action against an account — such as suspension or termination for cause — is reviewed by a human before it takes effect, except where immediate action is required to prevent imminent harm to the Service or its users.

13. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top and, for material changes, notify you by email or an in-product notice before the changes take effect.

14. Contact

For privacy questions, data-subject requests, or complaints, please contact us at [email protected], or by post to Cogaid Solutions Private Limited, 8/1/1 Hardutt Rai Chamaria Road, Howrah, West Bengal 711101, India.