Clawfleet ("we", "our", "us") is a service operated by Sevenhills Software LLP. Clawfleet provides managed hosting for OpenClaw AI assistant instances for individuals and agencies.
For the purposes of the EU General Data Protection Regulation (GDPR) and applicable Indian data protection laws, Sevenhills Software LLP is the data controller of your personal data.
Registered Address
Sevenhills Software LLP
TCE-TBI, Madurai - 625016
Tamil Nadu, India
Data Protection Contact: privacy@clawfleet.app
When you sign up, we collect your email address and, optionally, your name. This is necessary to create and manage your account.
When you deploy an OpenClaw instance, we store your configuration choices: the AI model selected, your channel type (e.g. Telegram/Discord), and your API keys. API keys are encrypted at rest using AES-256-GCM via Supabase Vault before storage.
We collect aggregated usage metrics for your instances: token counts, cost estimates, model routing decisions, and infrastructure health signals. This data is used to generate your dashboards and billing summaries. It does not include the content of conversations between your users and your AI assistant unless you explicitly enable conversation tracing (see below).
Conversation tracing is disabled by default. If you explicitly enable it in your instance settings, we collect execution traces including message metadata (timestamps, tool calls, token counts). When tracing is enabled at the default level, we store metadata only — not the full text of user messages. You can enable full-message tracing separately. You can disable tracing at any time in your instance settings, and existing traces are purged after 90 days.
Payment information is collected and processed by Stripe. We store only a Stripe customer ID and subscription status — we never store full card numbers.
We collect standard web server logs including IP addresses, browser type, and pages visited. This data is used for security monitoring and is retained for 30 days.
Under the GDPR, we process your personal data on the following grounds:
Legitimate Interests Assessment Summary
We rely on legitimate interests for: (a) security monitoring — detecting and preventing fraud, abuse, and unauthorised access to your instances; (b) service improvement — analysing aggregated, anonymised usage patterns to improve performance and reliability. We have assessed that these interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interests at any time (see Section 8).
We do not sell your personal data. Ever.
We share data only with the following sub-processors, each bound by a Data Processing Agreement (DPA):
| Sub-Processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, encrypted credential storage | EU (Frankfurt) |
| Stripe | Payment processing | US (with EU SCCs) |
| Hetzner Cloud | Kubernetes infrastructure for AI instances | EU (Finland, Germany) |
| Resend | Transactional email delivery | US (with EU SCCs) |
| PostHog | Product analytics (if you consent to analytics cookies) | EU (Frankfurt) |
We may also share data with law enforcement or regulators where required by law or a valid legal process.
Our primary infrastructure is located within the EU/EEA (Hetzner Finland/Germany, Supabase Frankfurt). Some sub-processors are based in the United States:
No personal data is transferred to countries without adequate protection unless appropriate safeguards (SCCs, adequacy decisions, or your explicit consent) are in place.
| Data Type | Retention Period |
|---|---|
| Account data | Retained while active; deleted promptly upon account deletion |
| Instance configurations & API keys | Deleted when the instance or account is deleted |
| Usage metrics & traces | 90 days, then automatically purged |
| Billing records | 8 years (required under Indian Companies Act, 2013 and GST regulations) |
| Web server logs | 30 days |
Under the GDPR and applicable Indian data protection laws, you have the following rights. To exercise any of them, email privacy@clawfleet.app. We will respond within 30 days.
If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant data protection authority:
Clawfleet uses automated processing for the following purposes:
We do not make any decisions based solely on automated processing that produce legal effects or similarly significantly affect you (Art. 22 GDPR). If you have concerns about any automated processing, contact privacy@clawfleet.app.
We use cookies and similar technologies. Below is a summary — see our full Cookie Policy for complete details.
| Type | Examples | Can You Disable? |
|---|---|---|
| Strictly necessary | Authentication session, cookie consent, Stripe fraud prevention | No (required for the site to function) |
| Analytics | PostHog product analytics | Yes — via cookie banner or browser settings |
We do not use advertising or tracking cookies. We do not share cookie data with advertisers.
We implement industry-standard security measures including:
No system is 100% secure. If you discover a vulnerability, please report it responsibly to security@clawfleet.app.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:
Clawfleet is not directed at children under 18. We do not knowingly collect data from children. If we become aware that a child under 18 has provided us with personal data, we will:
If you believe a child has created an account, please contact us immediately at privacy@clawfleet.app.
We may update this policy from time to time. When we make material changes, we will notify you by email or via an in-app notice at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.
For any privacy-related questions or to exercise your data rights:
Email: privacy@clawfleet.app
Post: Sevenhills Software LLP, TCE-TBI, Madurai - 625016, Tamil Nadu, India