ClawBack.capital · Privacy Policy
Effective date: 26 June 2026 Last updated: 26 June 2026
Notice. This Privacy Policy applies to all ClawBack.capital surfaces — the web portal at clawback.capital (and subdomains), the CBC KATANA macOS desktop application, the CBC iOS application, and any official API operated under the ClawBack.capital name. ClawBack.capital is developed and operated by Samurai Networks (https://samurainw.com) ("Samurai Networks", "we", "us", "the Operator") in the United Kingdom. ClawBack.capital is a private platform; public sign-up is not currently available.
This Privacy Policy is a draft and has not yet been reviewed by counsel.
This document explains what data the Service collects, why it collects it, how it stores and shares it, and the rights you have over it.
1. Who we are
| Data controller | Samurai Networks |
| Product | ClawBack.capital (operated by Samurai Networks) |
| Website | https://samurainw.com |
| Jurisdiction | United Kingdom |
| Contact | privacy@clawback.capital |
| DPO | Samurai Networks acts as data controller and informal DPO until a formal appointment is made |
For the purposes of UK GDPR and the Data Protection Act 2018, Samurai Networks is the data controller of personal data processed by the Service.
2. What we collect
2.1 Information you provide directly
When you connect a brokerage account or configure the Service, we collect:
- Account credentials: API keys, API secrets, or OAuth access/refresh tokens issued by your broker (Alpaca, Paradex, Binance, IG, or others as added). Stored encrypted at rest.
- Account identifiers: broker account IDs, sub-account names you choose, display names.
- Trading configuration: strategy parameters, risk limits, hotkey bindings, UI preferences.
- Authentication identifiers (web portal only): Email address used for single sign-on (currently Microsoft Entra ID / SAML federation on the @samurai.com tenant).
We do not ask for or store your broker login passwords. OAuth flows go directly to your broker; we receive only the access token the broker grants us.
2.2 Information collected automatically while you use the Service
- Operational telemetry: timestamps of signals received, decisions made, orders submitted, fills received. This is the audit log the Service was built to produce. It includes symbol, side, quantity, price, P&L, and your authenticated account identifier — but no other personal data.
- Server logs: HTTP request paths, status codes, response sizes, IP address of the request origin, user-agent. Retained for 90 days for debugging and abuse-detection.
- Application logs: Stack traces, error messages, and metric counters from the Service's microservices. May contain account identifiers but not credentials.
- Performance metrics: latency percentiles, throughput, error rates per service.
2.3 Information received from third parties
When you connect a brokerage account, your broker sends us:
- Account state: equity, cash, buying power, portfolio value, day-trade count.
- Position state: symbols, quantities, average entry prices, unrealised P&L.
- Order state: submitted/filled/cancelled orders you (or the Service on your authorised behalf) place through the connected account.
- Trade history: fills, fees, dividends, transfers — same data your broker shows you in their dashboard.
We may also receive market data (quotes, bars, news) from data providers such as Alpaca Market Data, Polygon.io, TradingView, yfinance, GlobeNewswire/PRNewswire RSS, and similar. Market data is not personal data — but if the data provider attaches an identifier to your request (e.g. an API key the Operator holds), the provider may log that request.
3. How we use your information
We use the information described above only to operate the Service for you. Specifically:
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Authenticate you and route requests to the correct connected account | Contract performance |
| Read your broker account state to display it in the UI | Contract performance |
| Submit orders that you (or strategies you have configured) authorise | Contract performance |
| Maintain an audit log of every signal, decision, order, and fill — the platform's core safety feature | Legitimate interest (operator must be able to reconstruct any trading day for diagnostic and dispute purposes) |
| Detect, prevent, and respond to security incidents | Legitimate interest |
| Comply with legal obligations including tax-record retention and any regulatory request | Legal obligation |
| Improve the Service (debugging, performance tuning) | Legitimate interest |
We do not use your data for advertising, marketing, profiling, or to train any third-party machine-learning model. We do not sell your data.
4. Where we store data
Data is stored in the following systems:
- AWS (Amazon Web Services), region
us-east-1: PostgreSQL audit database, Redis cache, S3 storage of operational artifacts. AWS account ID681536611582. Storage encrypted at rest. - AWS Secrets Manager, same region: broker API credentials. Encrypted with AWS KMS. Access restricted to the EC2 instance profile of the service that needs them; no human can read the secret values without authenticated AWS access.
- macOS Keychain (CBC KATANA only, on your device): your local copy of broker credentials if you choose to add them to the desktop app. Scoped to the application bundle ID; not synced to iCloud.
- iOS Keychain (CBC iOS only, on your device): bearer tokens for the mobile API.
- Cloudflare: DNS, TLS termination, edge caching, OAuth-callback dispatch worker, ingress tunnels (cloudflared) for the dashboard endpoints.
We currently do not store any data outside the United States, the United Kingdom, or the European Economic Area.
5. Sharing with third parties
We share your data only with the following categories of third parties, only to the extent necessary to operate the Service:
| Third party | What we send | Why |
|---|---|---|
| Your connected brokers (Alpaca, Paradex, Binance, etc.) | Order instructions you authorise; credentials/tokens you provided so we can read account state | To execute trades and read state on your behalf |
| Market-data providers (Alpaca Market Data, Polygon.io, TradingView, yfinance, GlobeNewswire/PRNewswire RSS) | Symbols you watch or trade | To retrieve quotes, news, and historical data |
| AWS (sub-processor) | All data described in § 4 | Hosting infrastructure |
| Cloudflare (sub-processor) | HTTP request metadata (IP, headers, body) for routing | DNS, TLS, CDN, OAuth dispatch |
| Anthropic (optional, AI Risk Advisor feature) | Recent audit-log summaries, strategy parameters | If you enable the AI advisor; processed under Anthropic's API terms and not used for model training per Anthropic's commercial-API policy |
| GitHub (developer-only) | The Operator's own commits and CI logs — never your trading data | Source control and CI |
| Sentry / observability stack | Application error reports (may include account identifier; never credentials) | Diagnose and fix bugs |
We do not share your data with advertisers, data brokers, marketing platforms, or analytics platforms that profile users (no Google Analytics, no Facebook Pixel, no Hotjar, etc.).
If we are ever required by law (subpoena, court order, valid regulatory request) to disclose data, we will — but we will, where lawful, notify you first and limit the disclosure to what is required.
6. Data retention
| Data category | Retention period |
|---|---|
| Audit log (signals → decisions → orders → fills → closes) | Indefinitely while your account is active; minimum 7 years after closure for tax and broker-record purposes |
| Broker credentials | Until you remove the account, revoke the OAuth grant, or close your account with us |
| Server access logs | 90 days, then deleted |
| Application error logs | 30 days, then deleted |
| Email / authentication records | 12 months after last successful login, then deleted |
| Backups | Encrypted nightly snapshots retained 30 days, then expunged |
When you close your account, we delete or anonymise personal data within 30 days, except where longer retention is required by law (e.g. UK tax record retention).
7. Your rights (UK GDPR / EU GDPR)
If you are in the UK or EEA, you have the right to:
- Access the personal data we hold about you (subject access request).
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten"), subject to legal retention obligations.
- Restrict processing in certain circumstances.
- Object to processing based on legitimate interest.
- Data portability: receive your data in a structured, commonly-used machine-readable format.
- Withdraw consent at any time where processing is based on consent.
- Complain to the UK Information Commissioner's Office (ICO) at
if you believe we have mishandled your data.
To exercise any of these rights, email privacy@clawback.capital. We will respond within one month (or notify you if a complex request requires up to two further months).
8. Security
We use industry-standard measures appropriate to the sensitivity of the data:
- Credentials: stored only in AWS Secrets Manager (server-side) or device-scoped macOS / iOS Keychain (client-side). Never written to logs, never present in source code, never transmitted unencrypted.
- Transport: TLS 1.2+ on every external endpoint; HTTP/2; HSTS enabled.
- Authentication: web portal sign-on uses Microsoft Entra ID SAML on a private tenant; mobile API uses scoped bearer tokens; macOS desktop uses Keychain-stored OAuth or API credentials.
- Sandbox: the macOS app runs in App Sandbox with
network.clientonly — no inbound network, no filesystem access outside its container, no other entitlements. - Audit chain: every order has a traceable signal → decision → order → fill → close lineage; tampering would be visible in the chain.
No security measure is perfect. If we become aware of a data breach affecting you, we will notify you and the ICO as required by UK GDPR — within 72 hours of becoming aware where the breach is likely to result in a risk to your rights and freedoms.
9. Cookies and similar technologies
The web portal uses:
- Strictly necessary cookies: session ID after SAML sign-on. Required for the portal to function. Set with
Secure,HttpOnly,SameSite=Lax. - Functional cookies: UI preferences (theme, account-picker last selection, density). Local to your browser.
We do not use third-party analytics cookies, advertising cookies, or social-media trackers. You can clear cookies through your browser at any time; doing so will sign you out of the portal.
The macOS and iOS apps store equivalent preferences in UserDefaults (not cookies). No telemetry is sent to third parties.
10. Children's privacy
The Service is not directed to children under 18 and we do not knowingly collect data from children. If you believe we have collected data from a child, please contact privacy@clawback.capital and we will delete it.
11. International data transfers
If you access the Service from outside the United Kingdom, you understand that your data is transferred to and processed in the United States (AWS us-east-1). The transfer is protected by the appropriate UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses with AWS and Cloudflare as data processors.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email at least 30 days before they take effect. The "Last updated" date at the top of this document reflects the most recent revision.
13. Contact
For questions about this Privacy Policy, to exercise any of the rights described in § 7, or to give notice of any matter requiring the Operator's attention:
Samurai Networks — developer + operator of ClawBack.capital Website: https://samurainw.com Email: privacy@clawback.capital Postal: [forthcoming]