Back to Home

Privacy Policy

Last updated: February 28, 2026

1. Introduction

PrivateClawd ("we," "our," or "us") operates the PrivateClawd platform, a self-hosted web application for deploying and managing OpenClaw AI bots. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at privateclawd.com and any related services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, name, and a hashed password. If you sign in via Google OAuth, we receive your name, email, and profile picture from Google. We do not store your Google password.

2.2 Bot Configuration Data

We store the configuration you provide for your bots, including bot names, selected LLM provider and model, API keys (encrypted at rest), channel connection tokens (Telegram, WhatsApp), enabled skills, and custom skill definitions.

2.3 Usage Data

We automatically collect information about how you interact with the platform, including token usage per bot, deployment and runtime logs, page views and feature usage, and device type, browser, and operating system.

2.4 Bot Workspace Files

Files uploaded to or generated within a bot's workspace are stored in isolated directories on our servers. Each bot has its own filesystem accessible only to the authenticated owner.

3. How We Use Your Information

  • To create, maintain, and secure your user account
  • To provision and manage Docker containers for your bots
  • To connect your bots to messaging channels (Telegram, WhatsApp)
  • To display token usage analytics and billing information
  • To improve the platform's performance, reliability, and features
  • To send critical service notifications (e.g., security alerts, downtime)
  • To enforce our Terms of Use and prevent abuse

4. Data Isolation & Security

Every bot runs in a dedicated Docker container with its own isolated filesystem, network identity, and credentials. Bot data is never shared between users or between bots owned by the same user. We employ the following security measures:

  • TLS encryption for all data in transit
  • AES-256 encryption for API keys and secrets at rest
  • JWT-based session authentication with short-lived tokens
  • Per-bot device pairing with unique gateway tokens
  • Sandboxed code execution environments
  • Regular security audits and dependency updates

5. Third-Party Services

We integrate with the following third-party services that may process your data:

  • LLM Providers (OpenAI, Anthropic, Google, DeepSeek, Groq, OpenRouter, Together AI) — your bot conversations are sent to the LLM provider you choose, subject to their privacy policies
  • Telegram Bot API — messages sent and received through Telegram bots
  • WhatsApp / Meta — messages sent and received through WhatsApp
  • Google OAuth — if you choose to sign in with Google
  • Google Analytics 4 — website usage analytics with Consent Mode v2; data is only collected after you grant consent (see Section 8)

We do not sell or rent your personal data to any third party.

6. Data Retention

We retain your account data and bot configurations for as long as your account is active. If you delete a bot, its container, configuration files, workspace data, and logs are permanently removed within 24 hours. If you delete your account, all associated data is purged within 30 days.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Export your bot configurations and workspace files
  • Withdraw consent for optional data processing
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at [email protected].

8. Cookies & Analytics

8.1 Essential Cookies

We use a session cookie for authentication (JWT). This cookie is strictly necessary for the platform to function and does not require consent.

8.2 Google Analytics 4

We use Google Analytics 4 (GA4) with Consent Mode v2 to understand how visitors use PrivateClawd and to improve the platform. Analytics cookies (such as _ga) are only set after you give explicit consent via the cookie consent banner shown on your first visit.

If you decline cookies, GA4 operates in cookieless mode — no identifying cookies are stored on your device. Google may still receive anonymized, aggregated pings (page URL, timestamp, user agent) to support behavioral modeling, but no personal identifiers are transmitted.

8.3 Managing Your Consent

  • You can change your cookie preference at any time by clicking "Cookie Settings" in the website footer.
  • Declining consent does not affect your ability to use PrivateClawd — all features work identically.
  • For more information on how Google processes data, see Google's Privacy Policy.

9. Children's Privacy

PrivateClawd is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify you via email or an in-app notification.

11. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:

PrivateClawd Privacy Team

Email: [email protected]

General inquiries: [email protected]