1. Introduction
OpenClawUP (“we”, “our”, “us”) operates the openclawup.com platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
2. Information We Collect
Information You Provide
- Account information: Name, email address, and profile picture obtained via Google OAuth authentication.
- Payment information: Processed by PayPal. We do not store your credit card numbers or PayPal login credentials. We retain your PayPal subscription ID for billing management.
- Bot configuration: Telegram bot tokens, Discord bot tokens, and other channel credentials you provide. These are encrypted at rest using AES-256 encryption.
- Support communications: Emails or messages you send to our support team.
Information Collected Automatically
- Usage data: AI credit consumption, number of conversations, message counts, and model usage statistics.
- Device and access data: IP address, browser type, access times, and referring URLs.
- Cookies: Essential cookies for authentication and session management (locale preference, JWT session token).
3. How We Use Your Information
- Provision and operate your OpenClaw AI assistant instance
- Process payments and manage subscriptions
- Track AI credit usage and enforce billing limits
- Communicate service updates, billing notifications, and support responses
- Detect and prevent fraud, abuse, and Terms of Service violations
- Improve and optimize the Service
- Comply with legal obligations
4. Third-Party Services
We share information with the following third parties:
- PayPal: Payment processing and subscription management.
- Hetzner Cloud: Virtual machine provisioning and hosting. VMs are located in Germany, Finland, United States, or Singapore based on your geographic region.
- OpenRouter: AI model request routing to providers including Anthropic, OpenAI, Google, Zhipu AI, MiniMax, and Moonshot AI.
- Cloudflare: Website hosting, CDN, and DDoS protection.
- Messaging platforms: Telegram, Discord, and WhatsApp for bot delivery (using your provided tokens).
We do not sell your personal information to third parties.
5. Bot Conversations and AI Data
Messages sent to and from your AI assistant are processed by third-party AI providers via OpenRouter. Conversation content is processed in real-time and is not stored by OpenClawUP. Your OpenClaw instance may store conversation history locally on its VM.
We do not use your bot conversations for training, marketing, or any purpose other than providing the Service.
6. Data Location and Transfers
Your data is processed and stored in the following locations:
- Platform database: Supabase (cloud-hosted PostgreSQL).
- VM instances: Hetzner Cloud datacenters in Nuremberg/Falkenstein (Germany), Helsinki (Finland), Ashburn/ Hillsboro (United States), or Singapore.
- Web application: Cloudflare's global edge network.
Data may be transferred across jurisdictions as necessary to provide the Service, with appropriate safeguards in place.
7. Data Retention
We retain your account data while your subscription is active. Upon account deletion or subscription cancellation:
- Your VM instance is destroyed within 7 days.
- Account data is deleted or anonymized within 30 days, except where legally required to retain (e.g., billing records).
- AI usage logs are retained in anonymized form for service improvement.
8. Data Security
We implement industry-standard security measures including:
- TLS/SSL encryption for all data in transit
- AES-256 encryption for stored bot tokens and API keys
- SHA-256 hashing for instance authentication tokens
- One-time bootstrap tokens with 10-minute expiry for VM setup
- Secure Google OAuth authentication (no password storage)
No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
9. Cookies
We use the following cookies:
- Session cookie: JWT authentication token (essential, 7-day expiry).
- Locale cookie: Language preference (essential).
We do not use advertising or third-party tracking cookies.
10. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Object to or restrict processing of your data
- Data portability (export your data)
- Withdraw consent at any time
To exercise these rights, contact hi@openclawup.com.
11. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If we become aware that we have collected data from a child, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance.