Privacy Policy
Effective Date: February 17, 2026 · Last Updated: February 17, 2026
ContinuEye ("Company," "we," "us," or "our") operates the ContinuEye platform, website (https://continueye.com), tools, APIs, and related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, store, and share information when you use the Service.
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, do not use the Service.
1. Information We Collect
1.1 Information You Provide
- Account information: Name, email address, and password when you create an account.
- Billing information: Payment details processed through our payment provider (Stripe). We do not store full credit card numbers on our servers.
- Agent configurations: OpenClaw configuration files, policy definitions, SOUL.md files, and custom skill code you upload or create through the Service.
- API keys and credentials: Third-party API keys (such as LLM provider keys, messaging platform tokens, and integration credentials) that you provide to configure your agents. These are encrypted at rest and used solely to operate your agents.
- Support communications: Messages, emails, and other communications you send to us.
- Waitlist and form submissions: Email addresses and any other information you provide when joining our waitlist or submitting forms on our website.
1.2 Information Collected Automatically
- Agent telemetry data: If you use the ContinuEye monitoring connector or managed hosting, we collect data about your agents' actions, including tool calls, message events, token usage, error logs, and performance metrics. This data is used to power your dashboards, alerts, and audit trails.
- Usage data: Information about how you interact with the Service, including pages viewed, features used, and actions taken within the dashboard.
- Device and connection data: IP address, browser type, operating system, device identifiers, and referring URLs.
- Log data: Server logs that record requests to our systems, including timestamps, endpoints accessed, and response codes.
- Cookies and similar technologies: We use cookies and similar technologies as described in Section 6 below.
1.3 Information We Do NOT Collect
- Config scanner data: The web-based config scanner tool runs entirely in your browser. No configuration data is transmitted to our servers when you use this tool.
- Local-mode telemetry: If you use the @continueye/agent npm package in local-only mode, all telemetry data is stored on your own disk. Nothing is sent to our servers.
- LLM prompts and responses: We do not intercept, store, or have access to the content of prompts sent to or responses received from third-party LLM providers (such as Anthropic, OpenAI, or Google). Those communications occur directly between your agent and the LLM provider.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: Provision and manage agent instances, run security scans, enforce policies, deliver monitoring dashboards, process HITL approval workflows, and generate audit trails.
- Process payments: Charge subscription fees, generate invoices, and manage billing through Stripe.
- Communicate with you: Send account notifications, security alerts, billing receipts, product updates, and responses to support requests.
- Improve the Service: Analyze usage patterns, identify bugs, optimize performance, and develop new features.
- Improve security scanning: Analyze aggregate, anonymized patterns across configurations to improve our security scanning rules and recommendations. We do not use your individual configuration data for this purpose.
- Enforce our Terms: Detect and prevent fraud, abuse, and violations of our Terms of Service.
- Comply with law: Respond to legal requests and meet our legal obligations.
We do not use your data to train AI models. We do not sell your data to third parties.
3. How We Share Your Information
3.1 Service Providers
We share information with third-party service providers who assist us in operating the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Billing information |
| Hetzner / DigitalOcean / AWS | Infrastructure hosting | Agent instance data, server configurations |
| Cloudflare | DNS, CDN, and security | Domain and traffic data |
| Resend | Transactional email | Email addresses, notification content |
| Analytics provider | Usage analytics | Anonymized usage data |
These providers are contractually obligated to use your data only to provide services to us and in accordance with this Privacy Policy.
3.2 White-Label and Reseller Arrangements
If you use the Service through a white-label or reseller partner, both you and the reseller may have access to certain account and agent data as configured by the reseller. The reseller is responsible for their own privacy practices regarding your data.
If you are a reseller, you are responsible for providing appropriate privacy disclosures to your end clients regarding data processed through the Service.
3.3 Legal Requirements
We may disclose your information if required to do so by law, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
3.4 Business Transfers
If ContinuEye is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.
3.5 With Your Consent
We may share your information with third parties when you give us explicit consent to do so.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
4. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.
4.1 Agent Telemetry and Audit Logs
Activity logs, audit trails, and monitoring data are retained according to your subscription plan:
| Plan | Retention Period |
|---|---|
| Community (Free) | 7 days |
| Operator | 30 days |
| Agency | 90 days |
| Platform | 1 year |
| Enterprise | As defined in your Enterprise agreement |
After the retention period expires, telemetry and log data is automatically deleted.
4.2 Account Data
If you close your account, we will delete your personal information and agent data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our Terms).
4.3 Billing Records
We retain billing and transaction records for a minimum of 7 years as required by applicable tax and financial regulations.
4.4 Anonymized Data
We may retain anonymized, aggregated data that cannot be used to identify you for an indefinite period for analytics, benchmarking, and service improvement purposes.
5. Data Security
We implement commercially reasonable technical and organizational measures to protect your information, including:
- Encryption of data in transit (TLS 1.2+) and at rest
- Encryption of stored API keys and credentials
- Access controls limiting employee access to customer data on a need-to-know basis
- Regular security assessments and vulnerability scanning
- Isolated compute environments for managed agent instances
- Audit logging of administrative access to our systems
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and API keys.
If we become aware of a data breach that affects your personal information, we will notify you in accordance with applicable law.
6. Cookies and Tracking Technologies
6.1 What We Use
- Essential cookies: Required for the Service to function, including authentication, session management, and security. These cannot be disabled.
- Analytics cookies: Help us understand how visitors use our website and Service. We use privacy-focused analytics that do not track users across websites.
- Preference cookies: Remember your settings and preferences (such as dark mode, dashboard layout).
6.2 What We Do NOT Use
- We do not use third-party advertising cookies.
- We do not use cross-site tracking pixels.
- We do not participate in ad networks or retargeting programs.
6.3 Managing Cookies
You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.
7. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
7.1 Access and Portability
You may request a copy of the personal information we hold about you. Agent configurations, policy files, and audit logs can be exported through the Service dashboard at any time.
7.2 Correction
You may update your account information through the Service dashboard or by contacting us.
7.3 Deletion
You may request deletion of your personal information by contacting us at privacy@continueye.com. We will process your request within 30 days, subject to any legal retention obligations.
7.4 Opt-Out of Communications
You may unsubscribe from marketing emails by clicking the unsubscribe link in any email or by contacting us. You cannot opt out of transactional communications related to your account (such as billing receipts and security alerts).
7.5 Data Processing Objections
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you may object to certain processing of your personal data or request that we restrict processing under certain circumstances.
8. International Data Transfers
ContinuEye is based in the United States. If you use the Service from outside the United States, your information may be transferred to and processed in the United States or other countries where our service providers operate.
For users in the EEA or UK, we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection of your data when transferred internationally.
For managed hosting, you may select a server region (US, Europe, or Asia) for your agent instances. Agent telemetry data is processed in the United States regardless of instance location.
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@continueye.com.
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect, use, and disclose.
- Right to delete your personal information, subject to certain exceptions.
- Right to opt out of sale. We do not sell personal information.
- Right to non-discrimination. We will not discriminate against you for exercising your privacy rights.
To exercise these rights, contact us at privacy@continueye.com. We will verify your identity before processing your request.
11. European Privacy Rights (GDPR)
If you are located in the EEA or UK, the following applies:
11.1 Legal Basis for Processing
We process your personal data under the following legal bases:
- Contract performance: To provide the Service you have subscribed to.
- Legitimate interests: To improve the Service, ensure security, and prevent fraud.
- Consent: Where you have provided explicit consent (such as for marketing communications).
- Legal obligation: To comply with applicable laws and regulations.
11.2 Data Controller
ContinuEye is the data controller for personal data collected through the Service. For agent telemetry data that includes personal data of your end users or clients, you are the data controller and ContinuEye acts as a data processor on your behalf.
11.3 Data Protection Officer
For GDPR-related inquiries, contact us at privacy@continueye.com.
11.4 Supervisory Authority
You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your personal data violates the GDPR.
12. Third-Party Links and Services
The Service may contain links to third-party websites, tools, or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our website at least 15 days before the changes take effect. Your continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy.
14. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:
ContinuEye
Email: privacy@continueye.com
Website: continueye.com
For general support: support@continueye.com
For legal inquiries: legal@continueye.com