Privacy Policy

Last updated: March 4, 2026

Overview

ClawSploit is a locally-run security audit tool. It is designed from the ground up to protect your privacy. This policy explains what data ClawSploit handles and how.

Data Collection

ClawSploit does not collect, transmit, or store any personal data. Specifically:

• No analytics or tracking scripts are loaded
• No cookies are set
• No data is sent to external servers
• No telemetry or usage metrics are collected
• No user accounts or registration is required

Scan Data

When you run a security scan, the following data is generated and stored entirely on your local machine:

• Target information: The IP address and port you specify for scanning
• Scan results: Findings, vulnerabilities detected, and remediation recommendations
• Reports: JSON and HTML report files generated from scan results

This data is held in-memory during the server's runtime and in locally-generated report files. It is never transmitted off your machine.

Network Connections

ClawSploit makes network connections only to:

• The target you explicitly specify for scanning (over your local network or localhost)
• Google Fonts CDN for loading web fonts (DM Sans, JetBrains Mono) in the dashboard UI

No other outbound connections are made.

Third-Party Services

ClawSploit uses the following third-party resources:

• Google Fonts: For loading typefaces in the browser UI. This is subject to Google's Privacy Policy.

No other third-party services, APIs, or SDKs are used.

Data Retention

Scan data exists only for the duration of the server process. When you stop ClawSploit, in-memory scan data is discarded. Generated report files remain on your local filesystem until you choose to delete them.

Children's Privacy

ClawSploit is a professional security tool and is not directed at children under 13. No personal information is collected from any user, regardless of age.

Changes to This Policy

If this privacy policy is updated, changes will be reflected on this page with an updated "Last updated" date. Since ClawSploit runs locally, there is no mechanism for push notifications of policy changes.

Contact

For privacy-related questions, please open an issue on the ClawSploit project repository.