Clawglasses Privacy Whitepaper

Clawglasses WG1 is designed with privacy as a foundational principle. This whitepaper outlines our comprehensive approach to data protection, user privacy, and security architecture.

• •Key Principles:
• •Privacy by Design: Privacy considerations are integrated into every stage of product development
• •Data Minimization: We collect only data necessary for functionality
• •User Control: Users have complete control over their data and how it's shared
• •Transparency: Clear communication about data practices
• •Security First: Industry-leading encryption and security measures

Our commitment: Your data belongs to you. We build tools that empower you, not exploit you.

Clawglasses WG1 processes several categories of data, each with specific handling protocols:

• •2.1 Audio Data
• •Voice commands and queries (processed locally when possible)
• •Ambient audio for translation features (real-time, not stored by default)
• •Meeting recordings (stored locally, cloud backup opt-in)

• •2.2 Visual Data
• •Photos and videos (stored locally on device)
• •Object recognition snapshots (processed and discarded)
• •Spatial mapping data (opt-in for DePIN contribution)

• •2.3 Device Data
• •Battery status, connectivity, usage patterns
• •Error logs and diagnostics (anonymized)
• •Firmware version and update status

• •2.4 Account Data
• •Email address (required for account)
• •Wallet address (optional, for token rewards)
• •Preferences and settings

• •What We DON'T Collect:
• ✗Continuous audio recording
• ✗Location data without explicit consent
• ✗Biometric data for identification
• ✗Contacts or personal information from your phone

Our hybrid processing model prioritizes on-device computation while enabling powerful cloud features when explicitly enabled by users.

• •3.1 On-Device Processing (Default)
• •All of the following happen entirely on the WG1 device:
• •Voice activity detection (VAD)
• •Wake word recognition ("Hey Clawglasses")
• •Basic transcription (English, offline model)
• •Photo/video capture and storage
• •Audio recording and playback

• •3.2 Edge Processing (Phone App)
• •When connected to the World App:
• •Advanced language processing
• •Media sync and backup (encrypted)
• •Settings synchronization
• •Firmware updates

• •3.3 Cloud Processing (Opt-In Only)
• •Users can enable cloud features for enhanced functionality:
• •Multi-language real-time translation (40+ languages)
• •Advanced AI queries (GPT-4 tier responses)
• •Digital Twin training (personalized AI assistant)
• •DePIN data contribution (earn $WORLD tokens)

Data Flow Diagram:
[WG1 Device] → (encrypted) → [World App] → (encrypted) → [Cloud Services]
        ↓                           ↓                            ↓
   Local Storage            Encrypted Backup              Processed & Deleted
   (User Control)           (User Control)               (No Long-term Storage)

Clawglasses employs multiple layers of encryption to protect user data at rest and in transit.

• •4.1 Data at Rest
• •Device Storage: AES-256 encryption with device-bound key
• •Cloud Backup: End-to-end encrypted (E2EE) with user-held keys
• •Database: TLS 1.3 for transport, AES-256 for storage

• •4.2 Data in Transit
• •All API communications: TLS 1.3 minimum
• •Real-time streaming: DTLS for low-latency secure communication
• •Bluetooth: LE Secure Connections (FIPS-validated)
• •WiFi transfer: WPA3 preferred, WPA2 minimum

• •4.3 Key Management
• •Device keys generated during initial setup
• •Keys stored in secure enclave (hardware-backed)
• •User backup keys for account recovery
• •No master keys held by Clawglasses

• •4.4 Authentication
• •Biometric authentication via connected phone
• •Hardware security module (HSM) for critical operations
• •OAuth 2.0 + PKCE for third-party integrations
• •Session tokens with automatic expiration

Users have comprehensive control over their data through the World App and web dashboard.

• •5.1 Access Rights
• •View all collected data categories
• •Export data in standard formats (JSON, CSV)
• •Request complete data package (within 30 days)

• •5.2 Modification Rights
• •Edit account information
• •Update privacy preferences
• •Correct inaccurate data

• •5.3 Deletion Rights
• •Delete individual recordings/photos
• •Bulk delete by date range
• •Complete account deletion (irreversible)
• •"Right to be forgotten" compliance (GDPR/CCPA)

• •5.4 Control Settings
• •Toggle cloud processing on/off
• •Enable/disable DePIN data sharing
• •Control recording indicator behavior
• •Set data retention periods
• •Manage third-party app permissions

• •5.5 Transparency Tools
• •Real-time data flow visualization
• •Monthly privacy reports
• •Notification when data is accessed
• •Audit log of all data operations

Our Decentralized Physical Infrastructure Network (DePIN) enables users to earn $WORLD tokens by contributing spatial data. Privacy is paramount in this system.

• •6.1 What Can Be Shared
• •Anonymized spatial mapping data
• •Point cloud information (no visual textures)
• •Location metadata (city-level, not precise)
• •Aggregated usage statistics

• •6.2 What Is NEVER Shared
• ✗Faces or identifiable persons
• ✗Personal conversations
• ✗Private property interiors
• ✗Precise GPS coordinates
• ✗Any personally identifiable information

• •6.4 User Control
• •Opt-in only (never automatic)
• •Per-session approval option
• •Earnings transparency dashboard
• •Pause/resume at any time
• •Complete withdrawal with data deletion

Clawglasses integrates with select third-party services for enhanced functionality. All integrations follow strict privacy requirements.

• •7.1 AI Service Providers
• •OpenAI: Advanced language processing
• • - Data retention: Processed and deleted immediately
• • - No training on user data
• • - API-only integration (no data storage)

• •Microsoft Azure: Translation services
• • - Real-time processing only
• • - No conversation logging
• • - GDPR compliant

• •Qwen (Alibaba): Chinese language support
• • - Regional processing for Asian users
• • - Data residency compliance

• •7.2 Infrastructure Partners
• •Cloud hosting: AWS (US), Alibaba Cloud (Asia)
• •CDN: Cloudflare (content delivery)
• •Analytics: Self-hosted Plausible (privacy-focused)

• •7.3 Blockchain Integration
• •Solana: Token transactions and NFT minting
• • - Public wallet addresses only
• • - No personal data on-chain

• •7.4 Third-Party Audit
• •All partners undergo annual security audits and must maintain:
• •SOC 2 Type II certification
• •ISO 27001 compliance
• •GDPR adequacy (for EU data processing)

The WG1 features a hardware-enforced recording LED indicator that protects the privacy of people around the wearer.

• •8.1 Hardware Design
• •LED is hardwired to camera power circuit
• •Cannot be disabled by software
• •Cannot be modified by firmware updates
• •Tamper-evident design (damage visible if modified)

• •8.2 Indicator Behavior
• •Solid green: Photo capture
• •Blinking green: Video recording in progress
• •Solid amber: Audio-only recording
• •Off: No recording active

• •8.3 Regulatory Compliance
• •Meets EU Regulation requirements
• •FCC Part 15 compliant
• •Complies with California recording laws
• •Japan MIC requirements satisfied

• •8.4 Social Commitment
• •We believe smart glasses should respect everyone's privacy, not just the wearer's. The visible indicator:
• •Informs bystanders of recording activity
• •Enables informed consent in social situations
• •Prevents covert surveillance use
• •Builds trust in wearable technology

Clawglasses is committed to meeting or exceeding privacy regulations worldwide.

• •9.1 GDPR (European Union)
• •Legal basis: Consent and legitimate interest
• •Data Protection Officer appointed
• •Cross-border transfer safeguards (SCCs)
• •Breach notification within 72 hours

• •9.2 CCPA/CPRA (California)
• •"Do Not Sell" option honored
• •Annual privacy notice updates
• •Consumer request response within 45 days
• •Verified consumer request process

• •9.3 Other Jurisdictions
• •PIPL (China): Local data processing option
• •POPIA (South Africa): Compliant
• •LGPD (Brazil): Compliant
• •APPI (Japan): Compliant

• •9.4 Children's Privacy
• •Product not marketed to children under 13
• •Age verification during account creation
• •COPPA compliant (no data collection from minors)
• •Parental consent required for 13-16 (per GDPR)

• •9.5 Accessibility
• •Privacy controls accessible to users with disabilities
• •Screen reader compatible settings
• •Alternative text for all privacy indicators

In the event of a security incident, Clawglasses follows a comprehensive response protocol.

• •10.1 Incident Classification
• •P1 (Critical): Active breach with data exposure
• •P2 (High): Vulnerability discovered, no exploitation
• •P3 (Medium): Minor security issue
• •P4 (Low): Security enhancement opportunity

• •10.2 Response Timeline
• •P1: Response within 1 hour, user notification within 24 hours
• •P2: Response within 4 hours, patch within 7 days
• •P3: Response within 24 hours, patch within 30 days
• •P4: Addressed in next scheduled release

• •10.3 User Notification
• •Email notification for affected users
• •In-app alert for active users
• •Public disclosure on security blog
• •Regulatory notification as required

• •10.4 Post-Incident
• •Root cause analysis within 7 days
• •Remediation plan published
• •Third-party audit if warranted
• •Lessons learned integration

We welcome questions about our privacy practices.

Privacy Team Email: privacy@moltglasses.io Response time: Within 5 business days

Data Protection Officer Email: dpo@moltglasses.io For GDPR-specific inquiries

Security Reports Email: security@moltglasses.io PGP key available on our website Bug bounty program: Coming Q2 2026

Mailing Address Clawglasses Privacy Department [Address to be published upon company registration]

Whistleblower Protection Anonymous reporting channel available Protected under applicable whistleblower laws