← Back to home

Privacy Policy

Effective: April 15, 2026

ClaimHawk (“we,” “us,” “our”) operates claimhawk.ai and related services that help users discover and file claims in class action settlements. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using ClaimHawk, you agree to the practices described here.

1. Information we collect

Account information. Email address and authentication details (via Supabase Auth). If you sign in with Google, we receive your email and name from Google.

Profile information. Name, postal address, phone number, and ZIP code that you enter to auto-fill claim forms. These fields are encrypted at rest using AES-256-GCM before being stored.

Claim details. Information you submit while filing a claim, including claim-specific form data, uploaded documents (IDs, receipts), and eligibility answers. Documents are stored privately in Supabase Storage with per-user access controls.

Payment information. If you subscribe to a paid plan, Stripe processes your payment. We do not store your card number. We retain a Stripe customer identifier and your current subscription tier.

SMS information. If you opt in to SMS reminders, we store your mobile number and your explicit opt-in status. See Section 4 for details.

Usage information. Basic request logs (IP, path, timing) for security and debugging, and error traces via Sentry.

2. How we use your information

  • To authenticate you and operate your account
  • To match you to class action settlements based on the eligibility answers you provide
  • To auto-fill claim forms you choose to file
  • To send transactional emails (claim confirmations, deadline reminders, weekly digest) and, with your consent, transactional SMS
  • To process subscription payments and issue refunds
  • To monitor and improve the service (aggregated, non-identifying analytics)
  • To comply with legal obligations and enforce our Terms

We do not sell your personal information, and we do not use it for third-party advertising.

3. Third-party service providers

We rely on the following processors to run the service. Each has its own privacy practices.

  • Supabase — database, authentication, and storage hosting
  • Stripe — subscription billing and payment processing
  • Resend — transactional email delivery
  • Twilio — SMS delivery for opted-in users
  • Google Document AI — ephemeral OCR for ID and receipt scanning (images are processed then discarded; not stored by Google)
  • OpenAI — text embeddings for settlement matching and form extraction
  • Fly.io — application hosting
  • Sentry — error monitoring

4. SMS messaging terms (10DLC compliance)

Program name: ClaimHawk Deadline Reminders. See /sms for a visual of the opt-in flow and a sample message. If you opt in to ClaimHawk SMS reminders:

  • Consent is explicit. You must check the opt-in box in your Account Settings and enter your phone number before any SMS is sent.
  • Messages are transactional. We send deadline reminders for claims you have personally started filing. We do not send marketing or promotional SMS.
  • Frequency is low. Typically fewer than 4 messages per user per month, tied to your own claim activity.
  • Opt-out is instant. Reply STOP to any ClaimHawk message to unsubscribe immediately. You may also toggle off SMS notifications in Account Settings at any time.
  • Help. Reply HELP for support, or contact admin@claimhawk.ai.
  • Carrier charges. Message and data rates may apply. Your mobile carrier, not ClaimHawk, determines those charges.
  • We do not share your mobile number with third parties for their marketing purposes.

5. Data security

We use transport-layer encryption (HTTPS) for all data in transit. Sensitive profile fields and claim form data are encrypted at rest using AES-256-GCM with a server-side key. Authentication tokens are managed by Supabase Auth. We enforce the principle of least privilege on internal access and monitor for anomalies. No system is perfectly secure — please use a strong password and notify us promptly if you suspect your account has been compromised.

6. Data retention

We retain your account and claim information for as long as your account is active. If you delete your account, we delete or anonymize your personal information within 30 days, except where we must retain records for legal, tax, or fraud-prevention purposes. Deletion requests can be sent to admin@claimhawk.ai.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you, and to object to certain processing. To exercise any of these rights, email admin@claimhawk.ai. California residents: under the CCPA/CPRA, we do not sell personal information and do not offer a financial incentive in exchange for it.

8. Children

ClaimHawk is not directed to children under 13, and we do not knowingly collect information from them.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or by a prominent notice in the app before they take effect. Continued use after the effective date of an update constitutes acceptance.

10. Contact

Questions or requests: admin@claimhawk.ai.