privacy policy

1. information we collect

2. how we use your information

we use the information we collect to:

• provide, maintain, and improve our services
• provision and manage your openclaw server instance
• process transactions and manage your account
• send transactional communications (account notifications, security alerts)
• respond to your inquiries and provide customer support
• analyze usage patterns to improve user experience
• detect, prevent, and address technical issues, fraud, and security incidents
• comply with legal obligations

3. how we share your information

we do not sell your personal information. we may share your information in the following circumstances:

• service providers: we share information with third-party vendors who assist us in providing the services, including cloud hosting (vercel, hetzner), payment processing (stripe), and database hosting (supabase). these providers are contractually obligated to use your information only to provide services to us.
• legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request.
• business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.
• protection of rights: we may disclose information to protect the rights, property, or safety of our company, users, or others.

4. data storage and security

your data is stored on secure servers provided by our infrastructure partners. we implement industry-standard security measures, including:

• encryption of data in transit (tls/ssl) and at rest
• secure authentication via google oauth
• regular security assessments and updates
• limited access to personal data on a need-to-know basis

however, no method of transmission over the internet or electronic storage is 100% secure. while we strive to protect your information, we cannot guarantee absolute security.

5. data retention

we retain your information for as long as your account is active or as needed to provide you with our services. when you cancel your subscription, your provisioned server and all data on it will be permanently deleted at the end of your billing period. account information is retained for up to 30 days after deletion request, except where required for legal or legitimate business purposes.

6. your rights and choices

depending on your location, you may have certain rights regarding your personal information:

• access: request a copy of the personal information we hold about you.
• correction: request that we correct inaccurate or incomplete information.
• deletion: request that we delete your personal information, subject to certain exceptions.
• portability: request a copy of your data in a structured, machine-readable format.

to exercise these rights, please contact us at support@myopenclaw.io.

7. international data transfers

we are based in romania, a member state of the european union. our primary data processing occurs within the european economic area (eea). some of our service providers may process data outside the eea. when we transfer personal data outside the eea, we ensure appropriate safeguards are in place, including standard contractual clauses (sccs) approved by the european commission or transfers to countries with an adequacy decision.

8. children's privacy

our services are not directed to children under the age of 16. we do not knowingly collect personal information from children under 16. if we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. if you believe we may have collected information from a child under 16, please contact us at support@myopenclaw.io.

9. your rights under gdpr

as we are based in romania and operate under eu law, the general data protection regulation (gdpr) applies to all users. you have the following rights:

• right of access: request a copy of your personal data.
• right to rectification: request correction of inaccurate data.
• right to erasure: request deletion of your personal data ("right to be forgotten").
• right to restrict processing: request limitation of how we process your data.
• right to data portability: receive your data in a structured, machine-readable format.
• right to object: object to processing based on legitimate interests.
• right to withdraw consent: where processing is based on consent, you can withdraw it at any time.
• right to lodge a complaint: file a complaint with the romanian data protection authority (anspdcp) or another supervisory authority.

to exercise these rights, contact us at support@myopenclaw.io. we will respond within 30 days as required by gdpr.

10. data protection authority

if you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the romanian supervisory authority:

11. changes to this privacy policy

we may update this privacy policy from time to time. we will notify you of material changes by posting the new privacy policy on this page and updating the "last updated" date. your continued use of the services after any changes constitutes your acceptance of the updated policy.

12. contact us

if you have any questions about this privacy policy or wish to exercise your rights, please contact us: