Privacy Policy

Overview

SecureOpenClaw.ai deploys instances of OpenClaw, an open-source AI agent framework. This policy explains what data we collect, where it lives, and what we do (and don't do) with it.

What We Collect

Account data (stored in our database):

• Email address and name (from Google sign-in)
• Stripe customer ID and subscription status
• Instance configuration (model choice, channel, port)
• API usage logs (token counts and cost per request, no content)

Instance data (stored in your container, not in our database):

• Conversation history and AI agent memory
• Connected service credentials (Google OAuth tokens for Gmail, Calendar, etc.)
• Workspace files, notes, and agent configuration
• Telegram bot token

Where Data Lives

Each user gets a dedicated Docker container on our infrastructure. Your instance data (conversations, connected service tokens, memory) lives exclusively inside your container's data volume. It is not stored in our central database and is not shared with or accessible to other users.

AI requests are proxied through our servers to the model provider (Anthropic, OpenAI, or Google). We log token counts and cost for billing purposes. We do not log, store, or inspect the content of your messages or AI responses.

Infrastructure Access

As the platform operator, we have administrative (root) access to the servers hosting your container. This means we technically could access your instance data. We commit to not doing so except when required to:

• Debug critical infrastructure issues at your request
• Comply with valid legal process
• Enforce our Terms of Service

Third-Party Services

The Service integrates with:

• Google OAuth — for sign-in. We receive your email and profile name.
• Stripe — for billing. Payment details are handled entirely by Stripe; we never see your card number.
• AI model providers (Anthropic, OpenAI, Google) — your messages are sent to these providers to generate responses. Their privacy policies apply to that data.
• Telegram — messages flow through Telegram's servers. Telegram's privacy policy applies.
• DigitalOcean — our infrastructure provider. Containers run on DigitalOcean droplets.

When you connect additional services (Gmail, Google Calendar, etc.) through your OpenClaw instance, those OAuth tokens are stored locally in your container. You can revoke access at any time from that service's settings.

Data Retention

Your instance data persists as long as your subscription is active. Upon cancellation or termination, your container and all associated data are permanently deleted. We do not create backups of individual instance data.

Account data (email, billing records, usage logs) is retained for accounting and legal compliance purposes.

Your Rights

You can:

• Access your data by interacting with your OpenClaw instance directly
• Delete your data by cancelling your subscription (container and all data are destroyed)
• Revoke connected service access from those services' settings at any time
• Export your data through your OpenClaw instance before cancellation

Security

We implement the following security measures:

• Each user runs in an isolated Docker container
• Containers have resource limits (CPU, memory) to prevent abuse
• API authentication via unique per-instance keys over HTTPS
• SSH key-only access to infrastructure (no password auth)

This service is experimental. While we take reasonable precautions, we cannot guarantee the security of your data. Do not store highly sensitive information that you cannot afford to lose.

Changes

We may update this policy at any time. Material changes will be communicated to active users. Continued use constitutes acceptance.

Contact

Privacy questions? Email us at support@secureopenclaw.ai.