Privacy Policy

Last updated: February 8, 2026

1. Introduction

OpenClaw Cloud ("we", "our", "us") operates a multi-tenant AI assistant platform that lets you deploy agents across messaging channels. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

2. Information We Collect

Account information: When you sign up, we collect your email address, name, and password (stored as a bcrypt hash). If you use OAuth or SSO, we receive profile information from your identity provider.

Conversation data: Messages exchanged with your AI agents are stored in your tenant's isolated environment. This includes session transcripts, agent memory files, and configuration.

Usage data: We track token usage, API calls, model selections, and session activity for billing, analytics, and service improvement.

Payment information: Billing is processed by Stripe. We do not store your full credit card number — Stripe handles all payment data under their PCI-DSS compliance.

API keys: If you bring your own API keys (BYOK), they are encrypted at rest using AES-256-GCM with tenant-specific key derivation.

3. How We Use Your Information

  • To provide and maintain the OpenClaw Cloud platform
  • To process your conversations through AI model providers
  • To calculate billing, credit usage, and subscription management
  • To send transactional emails (account verification, password resets, billing receipts)
  • To monitor service health and prevent abuse
  • To improve our platform based on aggregated, anonymized usage patterns

4. Third-Party Services

To provide AI capabilities, your conversation data is sent to the model providers you select (e.g., Anthropic, OpenAI, Google, Moonshot, DeepSeek). Each provider has their own privacy policy governing how they handle data. When using BYOK, requests are made directly under your own API key and provider agreement.

We also use Stripe for payment processing and may use third-party services for email delivery, error tracking, and infrastructure hosting.

5. Data Isolation & Security

Each tenant's data is fully isolated — separate database rows, separate filesystem directories, and separate encryption keys. We use AES-256-GCM encryption for credentials, bcrypt for passwords, and JWT-based authentication with short-lived tokens.

All data is transmitted over HTTPS/TLS. Infrastructure is hosted on Fly.io and Vercel with managed PostgreSQL and Redis.

6. Data Retention

Your conversation transcripts, agent files, and configuration are retained for as long as your account is active. You can delete individual sessions or compact conversation history at any time through the dashboard. When you delete your account, all associated data is permanently removed.

7. Cookies

We use essential cookies for authentication (JWT tokens) and theme preferences. We do not use third-party advertising or tracking cookies.

8. Your Rights

You can access, export, or delete your data at any time through the dashboard. If you need assistance or want to exercise data protection rights under GDPR or similar regulations, contact us at the address below.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the platform. Continued use of the service after changes constitutes acceptance.

10. Contact

For privacy-related questions or requests, email us at privacy@openclawcloud.app.

Privacy Policy — OpenClaw Cloud | OpenClaw Cloud