Privacy Policy

1. Introduction

Welcome to OpenClaw Servers (“we,” “our,” or “us”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform to deploy and manage AI assistants.

We are based in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

A. Personal Data

• Account Information: We collect your email address, name, and profile picture via our authentication provider (Clerk).
• Payment Information: We do not store your financial data. All payment transactions are processed through our third-party payment processor (Stripe). We only retain transaction IDs and billing status.
• Communication: Records of your interactions with our support team.

B. Service Data

• Configuration Data: We store the settings, environment variables, and configurations for the AI agents you deploy.
• API Keys: Third-party API keys (e.g., OpenAI, Anthropic) provided by you are stored using AES-256 encryption. We do not use these keys for any purpose other than facilitating your agent's operations.
• Logs: We may collect server logs including IP addresses and timestamps for security and debugging purposes.

3. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

• Contract Performance: Processing necessary to provide the Service you have signed up for (e.g., managing your account, deploying instances, processing payments).
• Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security monitoring, and service improvement — provided these interests are not overridden by your rights.
• Legal Obligation: Processing required to comply with applicable laws and regulations.
• Consent: Where we rely on consent (e.g., optional marketing communications), you have the right to withdraw consent at any time.

4. How We Use Your Information

We use your information to:

• Facilitate the creation, deployment, and management of your AI instances.
• Process payments and manage your subscription.
• Send you administrative information, such as service updates and security alerts.
• Monitor and prevent fraudulent activity or abuse of our infrastructure.
• Improve and optimise the Service.

5. Data Sharing and Third Parties

We rely on trusted third-party service providers to deliver our services. We do not sell your personal data to any third party.

Where third-party providers process data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

6. Cookies and Tracking

Our Service uses the following types of cookies and similar technologies:

• Essential Cookies: Required for the Service to function (e.g., session authentication, security tokens). These cannot be disabled.
• Functional Cookies: Used to remember your preferences and settings (e.g., theme, layout choices).

We do not currently use third-party advertising or behavioural tracking cookies. If this changes, we will update this policy and provide appropriate controls.

7. Data Security

We implement industry-standard security measures, including encryption in transit (TLS) and at rest (AES-256 for sensitive keys). However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. We will notify you and any applicable regulator of a data breach where we are legally required to do so.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request that we correct any inaccurate or incomplete data.
• Right to Erasure: You may request the deletion of your personal data (“right to be forgotten”), subject to legal retention requirements.
• Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
• Right to Data Portability: You may request your data in a structured, commonly used, and machine-readable format.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at info@openclawservers.com. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

10. International Data Transfers

Some of our third-party service providers may be located outside the United Kingdom. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place in accordance with UK data protection law, including Standard Contractual Clauses approved by the ICO or transfers to countries with adequate data protection as determined by the UK Government.

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we may also notify you via email. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or comments about this policy, you may email us at info@openclawservers.com.