CleverCrow is operated by Clever Crow, LLC. This page is a plain-English description of what we collect, why, who else sees it, and how long we keep it. We try to collect as little as possible while still being able to charge cards correctly and maintain a trustworthy audit trail of where money went.
Last updated 11 June 2026.
Sign-in, attributing pledges, checking maintainer permissions against CODEOWNERS.
Charging your card for pledges and crediting your CleverCrow wallet. We never see or store your card number, Stripe holds it; we hold an opaque token.
The audit trail that lets us show you what you funded, what was spent, and what was refunded to your wallet.
Maintainers connect CleverCrow to their repos and configure which coding agent runs on their issues. CleverCrow supplies and pays for the provider API keys; we don't ask for or store a key of yours.
Operating the service, debugging stuck runs, and giving maintainers a permanent record of what was done on their behalf. A run is a transparent record: the backers who funded the issue can see it, including the instructions the maintainer sent the agent, so they can see what their money paid for.
Within the product, a run is transparent to the people involved in it. If you are a maintainer, the backers who funded an issue can see that run's record: the issue text, the agent's plans and answers, the resulting pull request, and the instructions you send the agent. Treat anything you type to the agent as visible to those backers, it is part of the audit trail that shows them what their pledge paid for. If you are a backer, your identity is shown to the maintainer and to other backers of the same issue as part of that funding record.
Beyond the platform, we do not sell or rent your data. We share it with a small set of providers we depend on to operate the service:
Run records are permanent. They are the audit trail that answers “what work was done with my pledge?” and we don't expire them. Ledger entries, pledges, and pool records are also permanent for the same reason.
Short-lived operational data, workspace artifacts, agent outputs awaiting pickup, and service logs, is retained for between 14 and 30 days depending on the path and then purged automatically.
We set a NextAuth session cookie when you sign in, and a CSRF cookie so that form submissions can't be forged. That is the full set. We do not use advertising cookies. For page-view analytics we use Plausible, which is cookieless and does not collect personal information or track you across sites.
Email privacy@clevercrow.io from the address on file (or with proof you control the GitHub account in question) and tell us what you'd like: a copy of what we hold about you, a correction, or a deletion. We respond within 2 business days.
One caveat on deletion: we cannot remove your share of the financial audit trail (ledger entries, the Stripe-side record of charges and refunds), that's a record-keeping obligation we have to both you and to tax authorities. We can and will detach your GitHub identity from those rows on request, so they read as anonymous.
If we materially change what we collect or who we share it with, we'll update the “last updated” date at the top of this page and, for accounts with email on file, send a heads-up before the change takes effect.