गोपनीयता नीति

अंतिम अपडेट: March 14, 2026

यह दस्तावेज़ केवल अंग्रेज़ी में प्रदान किया गया है। अंग्रेज़ी संस्करण कानूनी रूप से बाध्यकारी संस्करण है।

1. परिचय

PrivateClawd ("we," "our," or "us") operates the PrivateClawd platform available at privateclawd.com, including all related services, APIs, mobile applications, and bot interfaces such as ClawdBot and MoltBot (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you access or use the Service.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, you must discontinue use of the Service immediately.

2. डेटा नियंत्रक

For the purposes of the EU General Data Protection Regulation ("GDPR"), the UK GDPR, and other applicable data protection legislation, the data controller responsible for your personal data is:

PrivateClawd

Email: [email protected]

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your data subject rights, please contact us at the address above.

3. हम कौन सी जानकारी एकत्र करते हैं

3.1 खाता जानकारी

When you create an account, we collect your email address, name, and a cryptographically hashed password (bcrypt with salt). If you sign in via Google OAuth, we receive your name, email address, and profile picture URL from Google. We never store your Google password or OAuth refresh token beyond the session.

3.2 एजेंट कॉन्फ़िगरेशन डेटा

We store the configuration you provide for your AI agents, including: agent names and descriptions, selected LLM provider and model identifiers, API keys (encrypted at rest using AES-256-GCM), messaging channel connection tokens (Telegram, WhatsApp, Discord, Slack), enabled skills and custom skill definitions, system prompts and behavioral instructions, and MCP server configurations.

3.3 उपयोग और टेलीमेट्री डेटा

We automatically collect information about how you interact with the Service, including: token consumption per agent and per LLM provider, agent deployment events (start, stop, restart, errors), page views and feature usage within the dashboard, IP address (truncated and anonymized for analytics), device type, browser, operating system, and screen resolution, and referral source and UTM parameters.

3.4 एजेंट कार्यक्षेत्र फ़ाइलें

Files uploaded to or generated within an agent's workspace are stored in isolated directories on our servers. Each agent has its own sandboxed filesystem accessible only to the authenticated owner.

3.5 संचार डेटा

If you contact us via email or submit a support request, we retain the content of those communications, your email address, and any attachments for the purpose of responding to your inquiry and improving our support processes.

3.6 भुगतान जानकारी

If you subscribe to a paid plan or purchase tokens, payment processing is handled by Stripe, our third-party payment processor. We do not store full credit card numbers, CVV codes, or banking details on our servers. We may receive and store a truncated card number (last 4 digits), card brand, expiration date, billing address, and Stripe customer and subscription identifiers for record-keeping and billing reconciliation purposes. We also store records of all transactions, including subscription payments, one-time token purchases, metered deposit credits, browser automation fee charges, referral rewards, affiliate commissions, and refunds.

3.7 Telegram Hub Data

When you use the Telegram Hub (our shared platform bot), we collect and process: your Telegram user ID, username, display name, and language preference (language_code); message content (text, captions) sent to and received from your agents; file attachments including photos, documents, audio files, video files, voice messages, and video notes; and metadata such as message timestamps and conversation identifiers. Conversation history is maintained on a rolling basis (currently the last 50 messages per user-agent pair).

3.8 Public & Shareable Chat Data

When visitors interact with your agents through public or shareable chat links, we collect: message content entered by the visitor, IP address (for rate limiting and abuse prevention), browser user agent and session identifiers, and optionally a hashed access password if you configure one. Visitors are not required to create an account. Conversation data from public links is stored as part of the agent's conversation history.

3.9 Browser Automation Data

If your agent uses browser automation capabilities, the following data may be generated and stored within the agent's isolated workspace: screenshots and page snapshots, browsing navigation history, page content and extracted data, cookies and session data within the browser profile, and downloaded files. This data is contained within the agent's sandboxed environment and is accessible only to you. We do not access, analyze, or share browser automation data except as required by law or to investigate violations of our Terms of Use.

3.10 Referral, Affiliate & Creator Data

If you participate in our referral, affiliate, or creator programs, we collect: your referral code and referral link usage data, identifiers of referred users (for commission attribution), commission accrual and payment records, and for affiliates and creators, payout details you provide (such as cryptocurrency wallet address, PayPal email, or preference for AI credits). Creator program applicants provide additional data including: name, email, country, language, biographical information, social media and content platform links, phone number, and preferred messenger.

4. प्रसंस्करण का कानूनी आधार (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases under Article 6(1) of the GDPR:

Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service, manage your account, deploy your agents, and fulfill your subscription.
Legitimate interests (Art. 6(1)(f)): Processing necessary for fraud prevention, platform security, service improvement, analytics (where consent is not required), and enforcement of our Terms of Use. We balance our legitimate interests against your rights and freedoms.
Consent (Art. 6(1)(a)): Processing based on your explicit consent, such as setting analytics cookies (Google Analytics 4) or receiving marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legal obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws, regulations, legal proceedings, or governmental requests.

5. हम आपकी जानकारी का उपयोग कैसे करते हैं

We use the information we collect for the following purposes:

To create, maintain, authenticate, and secure your user account
To provision and manage Docker containers and dedicated VMs for your agents
To connect your agents to messaging channels (Telegram, WhatsApp, Discord, Slack)
To operate the Telegram Hub, route messages between users and agents, and maintain conversation context
To process and display public and shareable chat link interactions
To calculate, track, and display token consumption, billing information, metered usage, browser automation fees, and invoices
To manage the three-tier wallet system (account balance, agent reserves, LLM provider key balances)
To enforce spend limits, per-agent budgets, and auto-pause protections
To process payments, refunds, chargebacks, and metered billing through Stripe
To administer the referral, affiliate, and creator programs, including commission calculation, fraud detection, and payout processing
To improve the Service's performance, reliability, security, and feature set
To send transactional notifications (e.g., security alerts, downtime, billing events, budget warnings, browser fee alerts)
To detect, prevent, and address technical issues, fraud, abuse, and abnormal usage patterns (including loop detection)
To enforce our Terms of Use and investigate potential violations
To respond to support requests and communicate with you about the Service
To comply with legal obligations and respond to lawful requests from authorities

We do not use your data for automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

6. डेटा पृथक्करण और सुरक्षा

Every agent runs in a dedicated, isolated environment (Docker container or VM) with its own filesystem, network identity, and credentials. Agent data is never shared between users or between agents owned by the same user. We implement the following technical and organizational security measures:

TLS 1.2+ encryption for all data in transit
AES-256-GCM encryption for API keys and secrets at rest
Bcrypt password hashing with per-user salts
JWT-based session authentication with short-lived, rotating tokens
Per-agent device pairing with unique gateway tokens
Sandboxed code execution environments with resource limits
Role-based access controls and principle of least privilege
Regular penetration testing, security audits, and dependency vulnerability scanning
Infrastructure-level DDoS mitigation and Web Application Firewall (WAF)

While we take commercially reasonable measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

7. तृतीय-पक्ष सेवाएँ और उप-प्रसंस्करक

We integrate with the following categories of third-party services (subprocessors) that may process your data on our behalf or as independent controllers:

7.1 LLM प्रदाता

OpenAI, Anthropic, Google (Gemini), DeepSeek, Groq, OpenRouter, and Together AI. Your agent conversations are sent to the LLM provider you choose. Each provider processes data under its own privacy policy and data processing terms. We do not control how LLM providers handle data once it leaves our servers. You are responsible for reviewing and accepting the privacy practices of your chosen provider.

7.2 मैसेजिंग प्लेटफ़ॉर्म

Telegram Bot API, WhatsApp (Meta), Discord, and Slack. Messages sent and received through these channels are transmitted via the respective platform's infrastructure. These platforms operate as independent data controllers for messages passing through their systems.

7.3 प्रमाणीकरण प्रदाता

Google OAuth 2.0 — used when you choose to sign in with Google. Only your name, email, and profile picture are shared with us.

7.4 विश्लेषण और मार्केटिंग

Google Analytics 4 (with Consent Mode v2), Mixpanel, and Snitcher. Analytics data is only collected after you grant explicit consent (see Section 10).

7.5 इन्फ्रास्ट्रक्चर और होस्टिंग

Our Service is hosted on cloud infrastructure providers (DigitalOcean, and related CDN/DNS services). These providers process data solely as data processors under our instruction and pursuant to data processing agreements.

7.6 Payment Processing (Stripe)

Stripe processes all payments, subscriptions, metered billing, refunds, and payment disputes on our behalf. When you add a payment method or make a purchase, your payment card details are sent directly to Stripe and are subject to Stripe's Privacy Policy. We receive only truncated card details and transaction metadata from Stripe.

7.7 LLM Proxy (OpenRouter)

When you use the system-token (managed key) billing mode, funds from your account are transferred to per-agent API keys managed through OpenRouter. OpenRouter processes LLM requests on behalf of your agents and routes them to the selected model provider. Data sent to OpenRouter (prompts, completions, usage metrics) is subject to OpenRouter's Privacy Policy. We do not control how OpenRouter or downstream model providers retain or process your data once it leaves our servers.

7.8 Browser Automation (AdsPower)

If you configure an agent with AdsPower browser automation, PrivateClawd integrates with AdsPower's local API to manage browser profiles. Browser session data (cookies, local storage, browsing history) is stored within AdsPower's browser profile system on our infrastructure. AdsPower's software operates under its own terms and privacy policy.

We do not sell, rent, lease, or trade your personal data to any third party for their marketing purposes.

8. अंतर्राष्ट्रीय डेटा स्थानांतरण

Your personal data may be transferred to and processed in countries outside of your country of residence, including the United States and other countries where our service providers maintain facilities. These countries may have data protection laws that differ from those in your jurisdiction.

Where we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on the following safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements (DPAs) with all subprocessors that include appropriate technical and organizational safeguards
Additional supplementary measures (encryption in transit and at rest, access controls, pseudonymization) as recommended by the European Data Protection Board

You may request a copy of the applicable transfer safeguards by contacting us at [email protected].

9. डेटा प्रतिधारण

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy:

Data Category	Retention Period
Account data	Duration of account + 30 days after deletion
Agent configurations & workspace files	Until agent deletion (removed within 24 hours)
Agent runtime logs	90 days rolling, then permanently deleted
Token usage records	Duration of account (for billing accuracy)
Billing & transaction records	As required by applicable tax and commercial law (typically 5–7 years)
Telegram Hub messages	Last 50 messages per user-agent pair (rolling); older messages permanently deleted
Public chat messages	Duration of agent's existence; deleted with agent
Browser automation sessions	Duration of agent runtime + 24 hours after agent stop
Referral & affiliate records	Duration of program membership + 2 years after termination
Creator application data	2 years after last interaction
Support communications	24 months after last interaction
Analytics data (aggregated)	26 months (GA4 default retention)

When you delete your account, all associated personal data is purged within 30 days, except where retention is required by law (e.g., billing records, fraud prevention, or regulatory compliance).

10. कुकीज़ और विश्लेषण

10.1 कुकी श्रेणियाँ

Cookie	Type	Purpose	Consent Required
`session`	Essential	JWT authentication session	No
`cookie_consent`	Essential	Stores your cookie preferences	No
`_ga`, `_ga_*`	Analytics	Google Analytics 4 visitor identification	Yes
`mp_*`	Analytics	Mixpanel product analytics	Yes

10.2 Google Analytics 4 और Consent Mode v2

We use Google Analytics 4 (GA4) with Consent Mode v2 to understand how visitors use PrivateClawd. Analytics cookies are only set after you give explicit consent via the cookie consent banner shown on your first visit.

If you decline cookies, GA4 operates in cookieless mode — no identifying cookies are stored on your device. Google may still receive anonymized, aggregated pings (page URL, timestamp, user agent) to support behavioral modeling, but no personal identifiers are transmitted.

10.3 अपनी सहमति प्रबंधित करें

You can change your cookie preference at any time by clicking "Cookie Settings" in the website footer.
Declining consent does not affect your ability to use PrivateClawd — all features work identically.
You may also manage cookies through your browser settings or use a browser extension to block tracking scripts.

10.4 ट्रैक न करें

Some browsers transmit a "Do Not Track" (DNT) signal. We honor DNT signals by not loading optional analytics scripts when a DNT header is detected and consent has not been explicitly granted.

11. आपके अधिकार

11.1 GDPR के तहत अधिकार (EEA/यूके/स्विट्ज़रलैंड)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

Right of access — obtain confirmation of whether we process your data and request a copy
Right to rectification — request correction of inaccurate or incomplete data
Right to erasure ("right to be forgotten") — request deletion of your data, subject to legal retention requirements
Right to restriction of processing — request limitation of how we use your data
Right to data portability — receive your data in a structured, commonly used, machine-readable format (JSON)
Right to object — object to processing based on legitimate interests or direct marketing
Right to withdraw consent — withdraw consent at any time without affecting the lawfulness of prior processing
Right to lodge a complaint — file a complaint with your local data protection supervisory authority

11.2 CCPA/CPRA के तहत अधिकार (कैलिफ़ोर्निया निवासी)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to know — what personal information we collect, use, disclose, and sell/share
Right to delete — request deletion of your personal information
Right to correct — request correction of inaccurate personal information
Right to opt out — of the sale or sharing of personal information (we do not sell or share personal information)
Right to non-discrimination — you will not receive discriminatory treatment for exercising your rights
Right to limit use of sensitive information — restrict the use of sensitive personal information to specified purposes

California "Shine the Light": We do not disclose personal information to third parties for their direct marketing purposes.

11.3 अपने अधिकारों का प्रयोग

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days (or within the timeframe required by applicable law). We may request identity verification before processing your request to protect your account security.

12. बच्चों की गोपनीयता

The Service is not directed to and not intended for use by individuals under 16 years of age (or the minimum age required by applicable law in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information within 72 hours. If you believe a child has provided us with personal data, please contact us immediately at [email protected].

13. स्वचालित निर्णय-प्रक्रिया

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significantly affects you. Usage limits and throttling are applied based on your subscription plan and aggregate token consumption, not on individual profiling.

14. डेटा उल्लंघन अधिसूचना

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay via email and/or in-app notification, as required by GDPR Article 34.

15. इस नीति में परिवर्तन

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Revise the "Last updated" date at the top of this page
Notify you via email or an in-app notification at least 14 days before the changes take effect
Provide a summary of the material changes

Your continued use of the Service after the effective date of an updated Privacy Policy constitutes acceptance of the revised terms. If you disagree with the changes, you must stop using the Service and may request account deletion.

16. संपर्क करें

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, contact us at:

PrivateClawd Privacy Team

Email: [email protected]

General inquiries: [email protected]

We aim to resolve all privacy-related complaints within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.