Legal

Privacy Policy

Last Updated: March 2026

Our Approach to Privacy

We build security tooling for AI agents. This policy covers both Declaw Secure Sandbox (our sandbox and guardrails platform) and Declaw Desktop Security (our desktop app). We collect as little data as possible and are transparent about what we do collect.

1. Declaw Secure Sandbox

When you use Declaw Secure Sandbox, your agent code runs inside isolated Firecracker microVMs. The guardrails pipeline (PII redaction, prompt injection defense, code security, toxicity detection, invisible text detection) runs inside each sandbox.

What we collect

Account information (email, API key)
Sandbox metadata (creation time, duration, resource usage)
Aggregate usage metrics (number of sandbox sessions, API calls)

What we do not collect

The code your agent executes inside the sandbox
The content of network requests made by your agent
PII or sensitive data processed by the guardrails pipeline
Audit logs generated inside your sandbox (these stay in your sandbox)

If you self-host Declaw, no data is sent to us at all. You control everything.

2. Declaw Desktop Security

Declaw Desktop Security runs entirely on your device. All PII redaction and injection scanning happens locally.

What we do not have access to

The contents of your screen or clipboard
The prompts you send to AI assistants
Your personal identifiers (SSN, credit cards, etc.)
Any files on your device

What we collect

Crash reports and usage statistics (opt-in only, via "Share Analytics")

3. Contact

For privacy-related questions, email us at shivam@declaw.ai.