Privacy Policy

CloudCraftr LLP (“we”, “us”, or “our”) operates OpenClaw.ag (the “ Service”), a managed hosting platform that deploys OpenClaw AI assistants on third-party messaging channels including Telegram, Discord, and WhatsApp.

This Privacy Policy explains what personal data we collect when you visit https://openclaw.ag or use our Service, why we collect it, how we use it, and what rights you have over it.

We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. CloudCraftr LLP is the data controller for the purposes of this Policy. Our registered address is 50 Princes Street, Ipswich, United Kingdom.

By using the Service, you confirm that you have read and understood this Policy. If you do not agree, please do not use the Service.

We collect the following categories of personal data:

2.1 Account and Identity Data

• Email address
• Name (if provided)
• Password (stored as a bcrypt hash — we never store plaintext passwords)
• Account creation date and last login timestamp

2.2 Payment and Billing Data

• Subscription status and billing cycle (stored on our servers)
• Stripe Customer ID and Subscription ID (references to your Stripe record)
• Card details, billing address, and full payment information are collected and stored exclusively by Stripe, Inc. We never see or store your raw card number.

2.3 Service Configuration Data

• Your chosen AI model (Claude, ChatGPT, or Gemini) and messaging channel (Telegram, Discord, or WhatsApp)
• Custom persona settings and instructions you configure for your assistant
• API keys or bot tokens you provide to connect third-party channels (encrypted at rest)

2.4 Usage and Technical Data

• IP address, browser type, operating system, and referring URL
• Pages visited, time spent, and clickstream data
• Service health metrics (uptime, error rates) — not linked to individual users

2.5 Communications Data

• Emails you send to our support address and our responses
• Any feedback or correspondence you initiate with us

2.6 Conversation Data (AI Interactions)

Messages exchanged between you (or your end-users) and the deployed AI assistant are processed by the relevant AI provider (Anthropic, OpenAI, or Google) under their own terms. We do not store the content of AI conversations on our servers beyond what is necessary for session continuity and the persistent memory feature you have enabled.

We use your personal data for the following purposes:

• Providing the Service: Creating and managing your account, provisioning and operating your AI assistant instance, and enabling connectivity with your chosen messaging channel.
• Billing and Payments: Processing your $29/month subscription through Stripe, issuing invoices, handling refunds, and managing cancellations.
• Customer Support: Responding to your support requests, troubleshooting issues, and communicating Service updates.
• Security and Fraud Prevention: Detecting and preventing unauthorized access, abuse, and fraudulent activity.
• Service Improvement: Analyzing aggregated usage patterns to improve reliability, performance, and features.
• Legal Compliance: Meeting our obligations under UK law, including responding to lawful requests from authorities.
• Marketing Communications: Sending you product updates, offers, and newsletters — only where you have given explicit consent or there is a legitimate interest basis, and always with an easy opt-out.

Under UK GDPR, we must have a lawful basis for each use of your personal data. Our bases are:

We do not sell, rent, or trade your personal data. We share data only with the following categories of trusted third parties who help us operate the Service, each bound by appropriate data processing agreements:

5.1 Stripe, Inc.

Payment processing. Stripe collects and processes your billing information under their own Privacy Policy. Stripe is certified under PCI DSS Level 1. We receive only a customer reference ID and subscription status in return.

5.2 Vercel, Inc.

Cloud hosting and deployment infrastructure for the OpenClaw.ag website. Vercel may process request logs including IP addresses in the course of serving the application. See Vercel's Privacy Policy.

5.3 AI Model Providers

Depending on the model you select, conversation content is forwarded to:

• Anthropic, PBC — for Claude-powered assistants (Privacy Policy)
• OpenAI, LLC — for ChatGPT-powered assistants (Privacy Policy)
• Google LLC — for Gemini-powered assistants (Privacy Policy)

You are responsible for ensuring that any personal data of third parties (such as your own end-users) processed by your AI assistant is handled in accordance with applicable data protection law.

5.4 Messaging Channel Providers

To operate your assistant, we integrate with the messaging platform you choose (Telegram, Discord, or WhatsApp). Each platform processes message metadata and content under their own privacy terms.

5.5 Analytics Providers

We may use privacy-respecting analytics tools to understand how the website is used. Any such tools are configured to anonymize IP addresses and minimize data collection.

5.6 Legal Disclosures

We may disclose personal data when required by law, court order, or lawful request from a public authority, or where necessary to protect the rights, property, or safety of CloudCraftr LLP, our users, or others.

We retain your personal data only for as long as necessary for the purposes set out in this Policy:

• Active account data is retained for the duration of your subscription.
• Billing and transaction records are retained for 7 years to comply with UK financial regulations.
• Support correspondence is retained for 2 years after the last interaction.
• Account data after cancellation is deleted or anonymized within 90 days of account closure, except where longer retention is legally required.
• Server and access logs are retained for up to 90 days and then deleted.

If you request deletion of your account, we will action that request within 30 days subject to any legal retention obligations.

As a data subject under UK GDPR, you have the following rights. To exercise any of them, contact us at support@openclaw.ag. We will respond within 30 days.

We use cookies and similar technologies to operate and improve the Service. A cookie is a small text file stored on your device.

Essential Cookies

Required for the Service to function — authentication sessions, security tokens, and payment flow state. These cannot be disabled without breaking the Service.

Analytics Cookies

Used to understand how visitors interact with our website (page views, session duration, referral sources). We configure these to minimize personal data collection and anonymize IP addresses where possible. You can opt out via browser settings or our cookie banner.

No Advertising Cookies

We do not use third-party advertising trackers or retargeting pixels on this website beyond what Google Ads requires for conversion measurement. Any Google Ads tracking is limited to measuring whether a click resulted in a signup — we do not build advertising profiles about you.

Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from using the Service. For more information about cookies, visit allaboutcookies.org.

As a UK-based company, your data is primarily processed within the UK and European Economic Area. However, some of our third-party providers (including Stripe, Vercel, and the AI model providers) are based in the United States and may process your data there.

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including:

• UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs) with processors
• Transfers to countries with UK adequacy regulations in place
• Reliance on processors' binding corporate rules where applicable

You can request details of the specific safeguards in place for any transfer by contacting us at support@openclaw.ag.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data without parental consent, please contact us at support@openclaw.ag and we will delete that information promptly.

We implement appropriate technical and organisational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit via TLS 1.2+
• Encryption of sensitive credentials (API keys, bot tokens) at rest
• Password hashing using bcrypt with appropriate cost factors
• Access controls ensuring only authorised personnel can access production systems
• Regular security reviews of our infrastructure

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by UK GDPR.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Send an email notification to registered users at least 14 days before the changes take effect
• For significant changes, obtain fresh consent where required by law

We encourage you to review this Policy periodically. Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

CloudCraftr LLP is the data controller responsible for your personal data.

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us at support@openclaw.ag. We aim to respond to all privacy-related enquiries within 5 business days.